C
HAPTER
13
| Security Measures
Access Control Lists
– 318 –
Auto ACE Compression is a software feature used to compress all the
ACEs of an ACL to utilize hardware resources more efficiency. Without
compression, one ACE would occupy a fixed number of entries in TCAM.
So if one ACL includes 25 ACEs, the ACL would need (25 * n) entries in
TCAM, where “n” is the fixed number of TCAM entries needed for one
ACE. When compression is employed, before writing the ACE into
TCAM, the software compresses the ACEs to reduce the number of
required TCAM entries. For example, one ACL may include 128 ACEs
which classify a continuous IP address range like 192.168.1.0~255. If
compression is disabled, the ACL would occupy (128*n) entries of
TCAM, using up nearly all of the hardware resources. When using
compression, the 128 ACEs are compressed into one ACE classifying
the IP address as 192.168.1.0/24, which requires only “n” entries in
TCAM. The above example is an ideal case for compression. The worst
case would be if no any ACE can be compressed, in which case the used
number of TCAM entries would be the same as without compression. It
would also require more time to process the ACEs.
SHOWING TCAM
UTILIZATION
Use the Security > ACL (Configure ACL - Show TCAM) page to show
utilization parameters for TCAM (Ternary Content Addressable Memory),
including the number policy control entries in use, the number of free
entries, and the overall percentage of TCAM in use.
CLI REFERENCES
◆ "show access-list tcam-utilization" on page 527
COMMAND USAGE
Policy control entries (PCEs) are used by various system functions which
rely on rule-based searches, including Access Control Lists (ACLs), IP
Source Guard filter rules, Quality of Service (QoS) processes, QinQ, MAC-
based VLANs, VLAN translation, or traps.
For example, when binding an ACL to a port, each rule in an ACL will use
two PCEs; and when setting an IP Source Guard filter rule for a port, the
system will also use two PCEs.
PARAMETERS
These parameters are displayed:
◆ Total Policy Control Entries – The number policy control entries in
use.
◆ Free Policy Control Entries – The number of policy control entries
available for use.
◆ Entries Used by System – The number of policy control entries used
by the operating system.
◆ Entries Used by User – The number of policy control entries used by
configuration settings, such as access control lists.
◆ TCAM Utilization – The overall percentage of TCAM in use.
To Next Page
Loading...
Need help?
General