Page 18 | AlliedWare Plus™ OS How To Note
How many filters can you create?
How many filters can you create?The total number of filters that can be created is not an exact number, but depends on which
fields the various filters are matching on. So, to understand how to work out whether the set
of filters you are creating might run out of space, it is necessary to understand the way in
which the filters operate in the switch hardware.
There are two items within the switch hardware which set limits on the number of filters that
can be created: the filter rules table and the profile (mask).
Filters share the same filter rules table and mask whether they are made by applying ACLs
directly to ports or are made through QoS class-maps.
1. The filter rules table
One item that sets a limit on the number of filters is the table that contains the list of filter
rules. This has a strict limit of 1024 entries. An entry gets made when:
zYou apply an ACL to a port (with the ip access-group or mac access-group command)
zYou apply a QoS class-map to a port by applying its policy-map to a port (with the service-
policy input command). For each class-map, its ACL and any match commands are
ANDed together to make a single filter entry.
Therefore, every ACL or class-map uses up one table entry for every port that it is applied
to. Interface ACL rules come before QoS class-map rules. Conceptually, the table looks like:
If you specify a TCP or UDP port range, this may use multiple filter entries. The switch
converts the range to a series of single TCP/UDP port numbers plus masks. It uses as few
entries as possible to cover the range.
Also, the protocols that use filters (CPU protection and EPSR—see page 21) create one
entry per port.
port1.0.1 Interface ACL rule
Interface ACL rule
...
QoS class-map rule
QoS class-map rule
...
port1.0.2 Interface ACL rule
Interface ACL rule
...
QoS class-map rule
QoS class-map rule
...
... ...