Owners Manual

Security

OpenSwitch OPX secures your network using access control lists (ACLs) and quality of service (QoS).

ACLs

Access control lists are exible, hardware-accelerated sets of rules that match packets using packet header criteria, and perform actions on

selected packets. Congure an ACL on a physical port (NPU) only by using the CPS API.

• Ingress and egress ACL rules

• Match packet header elds, including MAC address, Ethertype, IP address, IP protocol, TCP/ UDP port numbers, and In Port

• Packet actions including drop, trap/forward to the CPU, redirect to port, change packet elds, and meter

• Group ACL rules to enable multiple rule match for a single packet

See Application examples in the OpenSwitch OPX Developers Guide for more information on how to congure ACLs using the CPS API.

QoS

Use the dell-base-qos.yang model to congure the software to provision quality of service parameters. QoS provisioning includes:

• Assign packet to trac classes using packet 802.1p, DSCP, or more advanced ACL rules

• Mark packets

• Ingress rate policing using ACLs

• Map trac classes to queues

• Egress queue rate shaping

• Weighted random early detection (WRED)

• Hierarchical scheduling

• Egress port-level shaping

• CoPP support for conguring CPU rate limits

See Programmability in the OpenSwitch OPX Developers Guide for more information on how to congure QoS using the CPS API.

24 Security