HP 3500yl, 5200zl manual Policy Enforcement Engine

Page 8

Policy Enforcement Engine

The ProVision ASICs on each line interface module contain the Policy Enforcement Engine. This engine provides fast packet classification to be applied to ACLs, QoS, Rate Limiting, and some other features through an onboard TCAM. Some of the variables that can be used include source and destination IP addresses (can follow specific users), TCP/UDP port numbers, and ranges (apply ACLs to an application that uses fixed port numbers or ranges). Over 14 different variables can be used to specify the packets to which ACL and QoS rules, rate limiting counters, and others are to be applied.

Partially implemented in the initial software release, the Policy Enforcement Engine will provide a common front end for the user interface to ACLs, QoS, rate limiting, and some other services. In subsequent software releases for the switches, more features can take advantage of the Policy Enforcement Engine to provide a powerful, flexible method for controlling the network environment. For example, traffic from a specific application can be raised in priority for some users, blocked for some other users, and limited in bandwidth for yet other users. After the Policy Enforcement Engine, the header is then forwarded to the programmable section of the network switch engine.

Network switch engine programmability

Each ProVision ASIC switch engine contains multiple programmable units, making them truly Network Processor Units (NPUs). One of the functions of the NPU is to analyze the header of each packet as it comes into the switch. The packet’s addresses can be read with the switch making forwarding decisions based on this analysis. For example, if a packet’s 802.1Q tag needs to be changed to re-map the packet priority, the ProVision ASIC needs to look at each packet to see if any particular one needs to be changed. This packet-by-packet processing has to occur very quickly to maintain overall wire-speed performance – a capability of the ProVision ASICs.

To broaden the flexibility of the ProVision ASICs, a programmable function is included for its packet processing. This NPU function allows the HP ProCurve designers the opportunity to make some future changes or additions in the packet processing features of the ASIC by downloading new software to it. Thus, new features needing high-performance ASIC processing can be accommodated, extending the useful life of the switch without the need to upgrade or replace the hardware. In the first release of the HP ProCurve Switch 5400zl, 3500yl, and 6200yl series, the NPU function within the ProVision ASICs is totally unused, awaiting future upgrades.

The concept of adding the programmable functionality of the NPU within a switching ASIC was originally designed and implemented in the popular HP ProCurve Switch 4000M family introduced in 1998. The programmable capability of the HP ProCurve Switch 5300xl was a second-generation design based on the original HP ProCurve Switch 4000M implementation. The programmable capability was used to give both the HP ProCurve Switch 4000M and Switch 5300xl new ASIC-related features well after initial release of those products. The customers’ investments in the HP ProCurve Switch 4000M and 5300xl are preserved by new functionality not otherwise possible without the ASIC NPU programmability.

Being based on the HP ProCurve Switch 4000M and 5300xl implementations, the NPU capabilities of the ProVision ASICs used in the HP ProCurve Switch 5400zl, 3500yl, and 6200yl series are a third- generation design.

Fabric Interface

After the packet header leaves the programmable section, the header is forwarded to the Fabric Interface. The Fabric Interface makes final adjustments to the header, based on priority information, multicast grouping, etc., and then uses this header to modify the actual packet header as necessary.

The Fabric Interface then negotiates with the destination ProVision ASICs for outbound packet buffer space. If congestion is present on the outbound port, WRED (weighted random early detection) can be applied at this point as a congestion-avoidance mechanism. Finally, the ProVision ASICs Fabric Interface forwards the entire packet through the Fabric-ASIC to an awaiting output buffer on the ProVision ASICs that controls the outbound port for the packet. Packet transfer from the ProVision ASICs to the Fabric-ASIC is accomplished using the 28.8 Gbps full-duplex backplane connection, also managed by the Fabric Interface.

8

Page 7 Page 9
Image 8
Page 7 Page 9
Contents HP ProCurve Switch 5400zl, 3500yl, and 6200yl Series Ospf Page Executive summary IntroductionProduct positioning OverviewProVision Asic architecture HP ProCurve Switch 5400zl and 3500yl SeriesHP ProCurve Switch 6200yl-24G-mGBIC Inside the ProVision Asic Architecture Classification and lookupPolicy Enforcement Engine Management subsystem Advanced capabilities of the product familyHP ProCurve Switch 5400zl Series ProCurve Switch 5400zl Chassis 5400zl chassis layoutHP ProCurve Switch 5406zl chassis layout Power supplies Power supply types System PoE powerFan tray Zl modules Management modulePower supply configurations HP ProCurve Switch 5400zl series line interface modules5406zl 5412zl Specifications Processor MemoryConsole port Auxiliary portMini-GBICs supported ordered separately DescriptionPorts Open mini-GBIC slots Transceivers supported ordered separately Maximum distanceHP ProCurve ONE Services zl Module J9289A Description HP ProCurve Radio Ports supported ordered separatelyHP ProCurve Switch 3500yl Series Page LED status indicators Additional line interface moduleHP ProCurve Switch 6200yl HP ProCurve Switch 6200yl-24G-mGBIC J8992A Performance Overview of features and benefitsSecurity features Bandwidth shaping using QoS functionsConvergence Advanced classifier-based QoSLayer 2 switching Bridging protocolsRouting protocols IPv6Diagnostics ManagementFuture-proofing Low cost of ownershipStandards and protocols Device managementGeneral protocols IP MulticastMIBs Network managementCapacity and performance features comparison Performance and capacityQoS/Cos SecurityPer-port buffer sizes Optimizing the 10-GbE port configuration Page Throughput and latency performance data Gbps Gigabit performance traffic patterns HP ProCurve warranty and support Industry-leading warrantyAppendix a Premium License Intelligent Edge and Premium LicenseTask Manual Using Appendix B Policy Enforcement Engine Wire-speed performance for ACLs Policy Enforcement Engine benefitsGranular policy enforcement Hardware-based performanceAppendix C Power over Ethernet PoE device typesPoE negotiation Power delivery optionsAdditional PoE power-external supplies Appendix D PIM Sparse Mode Support for pre-802.3af standard powered devicesAppendix E LLDP-MED Appendix F Virus Throttle security Page Appendix G Vrrp Response optionsSensitivity Connection-rate ACLXrrp support on 5300xl switch Appendix H Ospf Equal Cost Multipath Appendix I Advanced Classifier-Based QoS Vlan IDAppendix J Server-to-Switch Distributed Trunking Limitations/RestrictionsAn example of upstream traffic forwarding is as follows Appendix K TroubleshootingLED status indicators for 5400zl series EPS LED LED status indicators for 3500yl and 6200yl series Temp On green Blinking orange Fan Status PoE Status Off Part numbers and Field Replaceable Units Part number ComponentPart number Component For more information
Top Page Image Contents