Page 19 | AlliedWare Plus™ OS How To Note
How many filters can you create?
2. The profile (mask)The other item is called the profile. Conceptually, this is a 16-byte mask that decides which
set of bytes should be extracted from a packet as it enters the filtering process, to be
compared against all the interface ACLs and the QoS class-maps. All filters share a single
mask.
In effect, the mask is the sum of all the individual bytes required for each individual ACL or
QoS match command. The number of bytes required by each ACL or match command
depends on what fields it maps on. For example:
source MAC address—6 bytes
destination MAC address—6 bytes
Protocol type—2 bytes
Ethernet format—2 bytes
VLAN ID—2 bytes
IP protocol type (TCP, UDP, etc)—1 byte
source IP address—4 bytes
destination IP address—4 bytes
TCP port number—2 bytes
UDP port number—2 bytes
DSCP—1 byte
For example, if you make an ACL that matches on destination IP address and source TCP
port, this adds 7 bytes to the mask:
1 byte for the IP protocol field (to indicate TCP)
4 bytes for the destination IP address
2 bytes for the source TCP port number.
If you next make an ACL that matches on source MAC address, this adds 6 more bytes to the
mask.
If you next make a QoS class-map that matches on destination IP address (4 bytes) and DSCP
(1 byte), this adds 1 more byte to the mask, for the DSCP. It does not add 4 more bytes for
the destination IP address because the switch already matches on that field.
If you next make an ACL that matches on source IP address and source TCP port, then that
does not change the mask, because the switch already matches on those fields.
If you next make an ACL that matches on source UDP port, this also does not add any length
to the mask, because it shares the same 2 bytes as the source TCP port. However, if you next
make an ACL that matches on destination TCP or UDP port, that uses another 2 bytes.