Manualshelf

Addendum

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000
21222324252627282930
3
ACL VLAN Groups and Content
Addressable Memory (CAM)
This chapter describes the ACL VLAN group and CAM enhancements, and contains the following
sections:
Optimizing CAM Utilization During the Attachment of ACLs to VLANs
Allocating FP Blocks for VLAN Processes
Optimizing CAM Utilization During the Attachment of
ACLs to VLANs
This functionality is supported on the S4810, S4820T, Z9000, I/O Aggregator and MXL platforms.
You can enable and configure the access control list (ACL) content addressable memory (CAM)
optimization functionality to minimize the number of entries in CAM while ACLs are applied on a VLAN or
a set of VLANs and also while ACLS are applied on a set of ports. This capability enables effective usage of
CAM space when Layer 3 ACLs are applied to a set of VLANs and when Layer 2 or Layer 3 ACLs are
applied on a set of ports.
In releases of Dell Networking OS that does not support the CAM optimization functionality to reduce the
usage of CAM area for application of ACLs, when an ACL is applied on a VLAN, the rules of the ACL are
configured in the ACL region with the rule-specific parameters along with the Vlan as additional
attributes. Therefore, when the ACL is applied on multiple VLAN interfaces, the consumption of CAM area
increases proportionally. For example, when an ACL with ‘n’ number of rules is applied on ‘m’ number of
VLAN interfaces, totally (n*m) entries are configured in the CAM region that is allocated for ACLs.
Similarly, when an L2 or L3 ACL is applied on a set of ports, the same problem with large usage of CAM
area occurs because a port is used as a parameter to be saved in CAM.
To avoid this problem of excessive consumption of CAM area, you can configure ACL VLAN groups that
combines all the VLANs that are applied with the same ACL in a single group. A class identifier (Class ID)
for each of ACL attached to the VLAN is assigned and this Class ID is used as an identifier or locator in the
CAM area instead of the VLAN id. This method of processing signficiantly reduces the number of entries
in the CAM area and saves memory space by using the class ID as filtering criterion in CAM instead of the
VLAN ID.
You can create an ACL VLAN group and attach the ACL with the VLAN members. The optimization is
applicable only when you create an ACL VLAN group. If you apply an ACL separately on the VLAN
interface, each ACL has a mapping with the VLAN and increased CAM space utilization occurs. Attaching
an ACL individually to VLAN interfaces is similar to the behavior of ACL-VLAN mapping storage in CAM
prior to the implementation of the ACL VLAN group functionality.
The ACL manager application on router processor (RP1) contains all the state information about all the
Acl Vlan groups that are present. The ACL handler on control processor (CP) and the ACL agent on line
cards do not contain any stateful information about the group. The ACL manager application performs all
the validation after you enter an acl-vlan-group command. If the command is valid, it is processed
and sent to the agent if required. If a configuration error is found or if the maximum limit is exceeded for
ACL VLAN Groups and Content Addressable Memory (CAM)
27