Table of Contents
Advertisement
Variable-Sized CAM Classification for IPv6 Policies Examples
Variable-sized CAM entries are supported for IPv6 policies to avoid wasting memory
space. For example, if the classifier entries in a policy consume a 576-bit CAM entry
when a 144-bit CAM entry is sufficient to store the classifier, over 400 bits of CAM
memory are wasted. CAM memory is divided into blocks at the hardware level. Each
CAM block can support 8000 144-bit, 4000 288-bit, or 2000 576-bit CAM entries.
Based on the IPv6 header CAM entry size calculation, the minimum entry size required
for IPv6 classification is 8 bits and the maximum entry size required is 336 bits.
Policy Manager calculates the CAM bit size and configures the CAM entries on the
line modules. The size of the CAM entry is determined using the limits defined for
each of the IP classifier entry combination. In earlier releases, any policy configuration
with CAM entries that exceeded the 128-bit limitation failed to be attached to the
interface because it was not allowed by Policy Manager.
Beginning with JUNOSe Release 10.2.x, the IPv6 classification functionality is modified
to classify traffic on more than 128 bits. To improve scalability for IPv6 policies,
Policy Manager uses the optimum CAM entry size, depending on the IPv6 policy
definition. The policy definition of IPv6 is used to determine which classification
fields in the combined IPv6 classifier are present and the CAM entry length is
computed dynamically. The following three different kinds of results are possible for
an IPv6 policy:
CAM hardware classifiers support four types of CAM entries 72-bit, 144-bit, 288-bit,
and 576-bits (16-bits are reserved for rule set id). Each of the policies fit into one of
these four CAM entry types. The 72-bit CAM entry is not chosen as CAM devices on
some line modules do not support this size limit. Therefore, the 144-bit, 288-bit, and
576-bit CAM entries are used as the variable-length CAM entries for IPv6 policies.
The following sections describe examples for each type of variable length IPv6
classification and the number of CAM entries for each case:
144-bit IPv6 Classification Example
In this example, a policy with a combination of IPv6 classifiers is created and attached.
The configuration conforms to the 144 bit limit.
1.
2.
Sum of all classifier fields is less than or equal to 128 bits
Sum of all classifier fields is between 128 bits and 272 bits
Sum of all classifier fields is between 272 bits and 336 bits
Match all TCP SYN packets from 1:1:: to any DA with port 2000.
host1(config)#ipv6 classifier-list tcpCLACL source-address 1:1::/32 tcp
destination-port eq 2000 tcp-flags "SYN"
Match all IPv6 packets to net 2:2::.
host1(config)#ipv6 classifier-list ipv6CLACL destination-address 2:2::/32
Variable-Sized CAM Classification for IPv6 Policies Examples
Chapter 8: Policy Resources
171
Advertisement
Table of Contents
