HP GbE2c HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Application Gu - Page 74
Using ACL Groups, ACL Metering and Re-marking, Metering
UPC - 808736802215
View all HP GbE2c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 74 highlights
Using ACL Groups Access Control Lists (ACLs) allow you to classify packets according to a particular content in the packet header, such as the source address, destination address, source port number, destination port number, and others. Packet classifiers identify flows for more processing. You can define a traffic profile by compiling a number of ACLs into an ACL Group, and assigning the ACL Group to a port. ACL Groups are assigned and enabled on a per-port basis. Each ACL can be used by itself or in combination with other ACLs or ACL Groups on a given switch port. ACLs can be grouped in the following manner: • Access Control Lists The GbE2c supports up to 762 ACLs. Each ACL defines one filter rule. Each filter rule is a collection of matching criteria, and can include an action (permit or deny the packet). For example: ACL 400: VLAN = 1 SIP = 10.10.10.1 (255.255.255.0) Action = permit Access Control Groups An Access Control Group (ACL Group) is a collection of ACLs. For example: ACL Group 1 ACL 382: VLAN = 1 SIP = 10.10.10.1 (255.255.255.0) Action = permit ACL 383: VLAN = 2 SIP = 10.10.10.2 (255.255.255.0) Action = deny ACL 509: PRI = 7 DIP = 10.10.10.3 (255.255.0.0) Action = permit In the example above, each ACL defines a filter rule. ACL 383 has a higher precedence than ACL 382, based on its number. Use ACL Groups to create a traffic profile by gathering ACLs into an ACL Group, and assigning the ACL Group to a port. The GbE2c supports up to 762 ACL Groups. ACL Metering and Re-marking You can define a profile for the aggregate traffic flowing through the GbE2c, by configuring a QoS meter (if desired), and assigning ACL Groups to ports. When you add ACL Groups to a port, make sure they are ordered correctly in terms of precedence. Actions taken by an ACL are called In-Profile actions. You can configure additional In-Profile and Out-of-Profile actions on a port. Data traffic can be metered, and re-marked to ensure that the traffic flow provides certain levels of service in terms of bandwidth for different types of network traffic. Metering QoS metering provides different levels of service to data streams through user-configurable parameters. A meter is used to measure the traffic stream against a traffic profile, which you create. Thus, creating meters yields In-Profile and Out-of-Profile traffic for each ACL, as follows: In-Profile-If there is no meter configured or if the packet conforms to the meter, the packet is classified as In-Profile. Out-of-Profile-If a meter is configured and the packet does not conform to the meter (exceeds the committed rate or maximum burst rate of the meter), the packet is classified as Out-of-Profile. Quality of Service 74