Administrator Guide
650 Access Control Lists
ACL Resource Usage
When a route-map defines a “match” rule associated with an ACL, except for
the implicit routing behavior mentioned above, the resource consumption is
the same as if a normal ACL is applied on an interface. Rules consumed by an
ACL corresponding to route-map “match” clause share hardware resources
with the ACL component. Some resources cannot be shared. For example, it
is not permitted to utilize the rate-limit clause in a PBR ACL, as the hardware
cannot support both a counter (allocated by every PBR route-map) and a rate
limit.
ACLs associated with a route-map and general ACLs share the same hardware
resources. If PBR consumes the maximum number of hardware resources on
an interface/system wide, general purpose ACLs can't be configured later and
vice versa. Hardware allocation is performed on a first-come first-serve basis
when the interface becomes active.
ACL Resource Sharing
An ACL rule contains match and action attributes. For example, an ACL rule
may have a match clause on source IP address and action attributes
independent of PBR such as queue assignment as shown below:
console#config
console(config)#ip access-list example-1
console(config-ip-acl)#permit ip 1.1.1.1 0.0.0.255 any assign-queue
2
console(config-ip-acl)#permit every
console(config-ip-acl)#exit
Actions specified in the “set” clauses of a route-map utilize the hardware
entries of the corresponding ACL. This sharing does not consume additional
hardware resources as Dell Networking supports multiple actions in an ACL
rule. However, if conflicting actions are specified, an error is thrown when the
switch attempts to configure the conflicting actions in the hardware.
No IPv6 support
PBR does not support IPv6 match ACLs.
Locally Generated Packets
Policy-Based Routing does not affect locally generated packets, i.e. packets
generated by protocols running on the switch.