How many filters can you create?

Extra rules used when combining QoS and hardware filters

In fact, QoS can cause the limit on the number of hardware filters to be reduced rather more radically than might be initially evident. To see why this is, we have to understand a bit more about how the rule table is used. When a packet is to be compared against rules in the rule table, the comparison does not have to start at the top of the table—it can start at other points in the table. The decision as to the starting point for any particular packet is made on the basis of the packet's ingress port. When no QoS policies have been configured on the switch, and only hardware filters have been configured, it is convenient and simple to have the rule comparison process for all packets start at the top of the rule table and run to the last non-null entry in the table, regardless of the packet's ingress port. This is because hardware filters on the AT-9900 and x900 series switches are not ingress-port specific.

Therefore, when only hardware filters have been configured on the switch, all rule comparisons start at the first rule in the rule table, irrespective of the packet’s ingress port.

Port

Start

 

 

1

1

 

 

2

1

 

 

3

1

 

 

4

1

 

 

5

1

 

 

...

...

 

 

...

...

 

 

52

1

 

 

Table that maps ingress port to the starting point of the rule comparison process

1Rule 1

2Rule 2

3Rule 3

4Rule 4

Empty

Rule table

However, QoS policies are ingress-port specific. Different policies can be configured on different ports. So, the rules for allocating packet to flow groups can differ from port to port. Hence, QoS can result in the rule table containing different sets of rules for different ports.

This means that for the purposes of QoS, the decision that dictates the starting point of the rule comparison process, depending on ingress port, must result in different start values for different ingress ports. But, the problem is that the hardware filtering must use the exact same decision process. So we end up with a conflict of interests—the hardware filter process wants to run every packet through the same set of rules, but QoS wants to use different sets of rules for different packets, depending on the packet’s ingress port. But it is not possible to make a single ingress-port-to-rule-table-starting-point decision process fulfil these two desires both at the same time.

The solution to this problem is as follows. As soon as a QoS policy is configured, which requires the creation of a set of rules specific just to the ports in that policy, then a full copy of the hardware filter rules is also added to this set of QoS rules. So, for packets entering the switch via one of the ports in the QoS policy, the hardware filter rule lookup process is actually carried out on this new copy of the hardware filter rules.

Page 8 AlliedWare™ OS How To Note: Hardware Filters

Page 8
Image 8
Allied Telesis x900-24 series manual Extra rules used when combining QoS and hardware filters, Rule Empty Rule table