RST-3508
9805_05_2004_c2
RST-3508
9805_05_2004_c2
© 2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
ACL Hardware Programming
TCAM: Ternary Content Addressable Memory
•
Value, Mask and Result values are used
Value and Mask used to identify L2/L3/L4 flows of interest
Result can be...permit or deny for security ACL
Result can be...classification or policing for QoS ACL
Security and QoS ACLs get programmed into
•
dedicated TCAMs
TCAM is a
finite
HW resource
•
Advantage: ACLs are implemented in HW,
•
no performance penalty
© 2004 Cisco Systems, Inc. All rights reserved.
Cisco IOS Supervisor ACL TCAM Details
Security
32000 Patterns
4000 Masks
Supervisor
QoS
Engine
IV/V*
32000 Patterns
4000 Masks
Security ACLs TCAM is used for RACLs, VACLs, PACLs,
•
MAC-based ACLs, time of the day ACLs and security
features like DHCP Snooping; Dynamic ARP Inspection and IP
Source Guard
QoS TCAM is used for QoS functions: Classification,
•
Service Policies
*Supervisor Engine II-Plus as of IOS 12.2.18EW has 1/8 the TCAM entries
© 2004 Cisco Systems, Inc. All rights reserved.
therefore
2 x 1 Banks of TCAM
1 x Used for QoS
1 x Used for Security ACLs
81
81
81
82
82
82