OmniSwitch OS6860/OS6900/OS10K Troubleshooting Guide Part No.032996-00 Rev.A
AOS Release 7.X and 8.X January 2015
Alcatel-Lucent Page 66 of 148
Reflexive rules and NAT are not supported.
Understanding the QoS/ACL implementation on the OmniSwitch 6900
On the OmniSwitch 6900, QoS and ACL classification and actions are performed in hardware. QoS/ACL rules
are a combination of conditions and actions. The OS6900 can classify, stamp and prioritize on Layer 2 through
Layer 4 traffic simultaneously, whether bridging or routing.
Summary of guidelines to understand the QoS and TCAM usage and successfully configure policy rules on OS6900
The switching ASIC on each switching ASIC processes QoS and ACLs internally uses TCAM (Ternary
Content Addressable Memory).
The TCAM is divided into 14 slices, including 10 IFP slices and 4 EFP slices.
IFP slices 0, 1, 2, and 3 can accommodate 128 rules, all other slices can accommodate 256 rules.
IFP slices 0, 1, 2, 3, 8, and 9 are reserved for the system use. User policy rules aren’t configured in
these slices.
4 IFP slices are available in User Policy Rules Space allowing 4 • 256 = 1024 rules.
User policy rules are always in lower slices than the slice(s) allocated for Anti-spoofing, Ethernet-
Service, DHCP IP Source Filtering.
User policy cannot overwrite the sap-profile priority assignment and rate limiting.
TCAM rules are programmed on every NI if the policy rule does not specify a source port. If policy is
applied on a stack, rules without specified source port are configured across all units and their NIs.
Once the slices are set with their parsing modes, a packet will be looked-up in parallel in all slices.
When a match occurs in one slice, the parsing stop in that slice.
The result of all matches among all slices in ANDed with the highest slice number actions having the
higher precedence in case of similar actions with the following exceptions (for equal precedence and
different slice number):
A drop has always precedence over accept
The smallest rate limiter is always enforced
Policy Network / MAC / Map / Destination Slot-Port / Service Group used in a policy rule consume
one TCAM rule for every entry in the group.
Combining different policy groups in the policy rules consumes one TCAM rule for every possible
combination of match between the groups.
8 TCP/UDP hardware ranges are available on the Packet Processor.
TCP/UDP hardware ranges are being used when the range consumes more than 5 TCAM regular
rules, using a TCP/UDP hardware range consumes 1 TCAM rule.
If the same rule type requires more than 256 entries, a second slice (set with the same classification
type is allocated).
All rules with the same type (all Field Processing Selectors are set to the same mode) fall in the same
slice (up to 256 entries).
The rule precedence is based on the order in which the rule entry is entered or by defining the
precedence in the rule. If precedence is not specified, rule entered first will have higher precedence.
Change in precedence will automatically revisit all the slices and TCAM rule allocation.
Efficient usage of the policy rule precedence allows the user to configure more rules and can avoid
reaching the system limitation.
Policy Types can be summarized.
TCAM allocation rules and practical examples
To Next Page
Loading...
