Ama-ACL (Uhlu Lokulawula Ukufinyelela) kumadivayisi enethiwekhi angasetshenziswa kukho kokubili ihadiwe nesofthiwe, noma ukukhuluma kakhulu, ihadiwe kanye nama-ACL asekelwe kwisofthiwe. Futhi uma yonke into kufanele icace ngama-ACL asekelwe kwisofthiwe - lena imithetho egcinwa futhi icutshungulwe ku-RAM (okungukuthi ku-Control Plane), nayo yonke imikhawulo elandelayo, sizobe siqonda ukuthi ama-ACL asekelwe ku-hardware asetshenziswa kanjani futhi sisebenze isihloko. Njengesibonelo, sizosebenzisa amaswishi asuka ochungechungeni lwe-ExtremeSwitching olusuka ku-Extreme Networks.
Njengoba sinentshisekelo kuma-ACL asuselwa kuhadiwe, ukuqaliswa kwangaphakathi kwe-Data Plane, noma ama-chipsets (ASIC) wangempela asetshenzisiwe, kubaluleke kakhulu kithi. Yonke imigqa yokushintsha ye-Extreme Networks yakhiwe kuma-Broadcom ASIC, ngakho-ke ulwazi oluningi olungezansi luzoba yiqiniso nakwamanye amaswishi emakethe asetshenziswa kuma-ASIC afanayo.
Njengoba kungabonwa esithombeni esingenhla, "Injini Ye-ContentAware" inesibopho esiqondile sokusebenza kwama-ACL ku-chipset, ngokwehlukana "kokungena" kanye "nokuphuma". Ngokwezakhiwo, ziyafana, "i-egress" kuphela i-scalable encane futhi isebenza kancane. Ngokomzimba, zombili “Izinjini Zokuqukethwe” ziyinkumbulo ye-TCAM kanye nengqondo ehambisanayo, futhi isimiso somsebenzisi ngamunye noma isimiso se-ACL siyimaski elula ebhalwe kule nkumbulo. Kungakho i-chipset icubungula iphakethe lethrafikhi ngephakethe futhi ngaphandle kokuwohloka kokusebenza.
Ngokomzimba, i-Ingress / Egress TCAM efanayo, nayo, ihlukaniswe ngokunengqondo ibe izingxenye eziningana (kuye ngokuthi inani lememori ngokwayo kanye nesiteji), okuthiwa "izingcezu ze-ACL". Isibonelo, into efanayo yenzeka nge-HDD efanayo ekhompyutheni yakho ephathekayo lapho udala amadrayivu amaningana anengqondo kuyo - C:>, D:>. Ucezu ngalunye lwe-ACL, nalo, luqukethe amaseli enkumbulo ngendlela "yezintambo" lapho "imithetho" (imithetho/i-bit masks) ibhalwe khona.
Ukuhlukaniswa kwe-TCAM ibe izingcezu ze-ACL kunomqondo othile ngemuva kwakho. Kuzo zonke izingcezu ze-ACL, "imithetho" kuphela ehambisanayo ingabhalwa. Uma noma yimiphi “imithetho” ingahambelani neyangaphambili, izobe ibhalwa kucezu lwe-ACL olulandelayo, kungakhathaliseki ukuthi mingaki imigqa yamahhala “yemithetho” esele kwedlule.
Ngabe lokhu kuhambisana noma ukungahambisani kwemithetho ye-ACL kuvela kuphi? Iqiniso liwukuthi "umugqa" owodwa we-TCAM, lapho "imithetho" ibhalwe khona, inobude bamabhithi angu-232 futhi ihlukaniswe izinkambu eziningana - Fixed, Field1, Field2, Field3. Inkumbulo engu-232 bit noma engu-29 byte ye-TCAM yanele ukuqopha imaski ye-MAC ethize noma ikheli le-IP, kodwa ingaphansi kakhulu kwekhanda lephakethe le-Ethernet eligcwele. Kucezu ngalunye lwe-ACL, i-ASIC yenza ukubheka okuzimele ngokuya nge-bit-mask esethwe ku-F1-F3. Ngokuvamile, lokhu kubheka kungenziwa kusetshenziswa amabhayithi okuqala angu-128 wesihloko se-Ethernet. Empeleni, ngoba ukusesha kungenziwa ngaphezu kwamabhayithi angu-128, kodwa kungabhalwa amabhayithi angu-29 kuphela, ukuze kubhekwe okulungile i-offset kufanele isethwe ngokuqhathaniswa nesiqalo sephakethe. I-offset ngayinye ye-ACL-slice isethwe lapho umthetho wokuqala ubhalwa kuwo, futhi uma, lapho ubhala umthetho olandelayo, isidingo sesinye i-offset sitholakala, khona-ke umthetho onjalo ubhekwa njengokungahambelani neyokuqala futhi ubhalelwe ucezu lwe-ACL olulandelayo.
Ithebula elingezansi libonisa ukuhleleka kokuhambisana kwemibandela eshiwo ku-ACL. Umugqa ngamunye ngamunye uqukethe ama-bit-masks akhiqiziwe ahambisanayo futhi angahambisani neminye imigqa.
Iphakethe ngalinye ngalinye elicutshungulwe yi-ASIC lisebenzisa ukubheka okufanayo kucezu ngalunye lwe-ACL. Ukuhlola kwenziwa kuze kufike kumeshi wokuqala kucezu lwe-ACL, kodwa okufanayo okuningi kuvunyelwe iphakethe elifanayo kuzingcezu ze-ACL ezihlukile. "Umthetho" ngamunye unesenzo esihambisanayo okufanele senziwe uma isimo (i-bit-mask) sifaniswa. Uma okufanayo kwenzeka eziningana ACL-izingcezu ngesikhathi esisodwa, khona-ke in the "Isenzo Conflict Resolution" block, okusekelwe kuqala of the ACL-slice, isinqumo senziwa ukuthi yisiphi isenzo. Uma i-ACL iqukethe kokubili “isenzo” (imvume/ukwenqaba) kanye “nesilungisi-senzo” (isibalo/i-QoS/ilogi/…), lapho-ke kunokufana okuningi kuzokwenziwa kuphela “isenzo” esibaluleke kakhulu, kuyilapho “isenzo -modifier” kuzoqedwa konke. Isibonelo esingezansi sibonisa ukuthi zombili izibali zizokwengezwa futhi okubaluleke kakhulu "ukuphika" kuzokwenziwa.
ngolwazi oluthe xaxa mayelana nokusebenza kwe-ACL esizindeni somphakathi kuwebhusayithi . Noma yimiphi imibuzo ephakamayo noma esele ingabuzwa kubasebenzi bethu basehhovisi - .
Source: www.habr.com