ACL Slices and Rules
The Summit and ExtremeSwitching series switches use a mechanism different from
the earlier Summit series to implement ACL (Access Control List)s. The same architecture and
guidelines apply to both platforms.
Instead of the per port masks used in earlier switches, these
platforms use slices that can apply to any of the supported ports.
An ACL applied to a port may be supported by any of the slices.
The slice support is as follows:
- Summit X450-G2 switches—
- Each group of 48 ports has 4 slices with each slice
having enough memory for 256 egress rules, which adds up to 1024 rules.
- Each group of 48 ports has 16 slices with each slice having enough
memory for 256 ingress rules, which adds up to 4,096 ingress rules.
- Summit X460-G2 switches—
- Each group of 48 ports has 4 slices with each slice
having enough memory for 256 egress rules, which adds up to 1,024
rules.
- Each group of 48 ports has 16 slices with each slice having enough
memory for 256 ingress rules , which adds up to 4,096 ingress rules.
- Summit X670-G2 switches—
- Each group of 48 ports has 4 slices with each slice having enough
memory for 256 egress rules, which adds up to 1,024 rules.
- Each group of 48 ports has 12 slices; the first 4 (0–3) slices hold
512 ingress rules each, and the last 8 (4–11) slices hold 256 ingress
rules each, which adds up to 4,096 ingress rules.
- Summit X770 switches—
- Each group of 104 ports has 4 slices with each slice having enough
memory for 256 egress rules.
- Each group of 104 ports has 12 slices; the first 4 (0–3) slices hold
512 ingress rules each, and the last 8 (4–11) slices hold 256 ingress
rules each, which adds up to 4,096 ingress rules.
- ExtremeSwitching X440-G2 switches
- Each group of 24 ports has 4 slices with each slice
having enough memory for 128 egress rules, which adds up to 512
rules.
- Each group of 24 ports has 8 slices with each slice having enough
memory for 256 ingress rules, which adds up to 2,048 ingress rules.
- ExtremeSwitching X620 switches
- Each group of 10/16 ports has 4 slices with each
slice having enough memory for 128 egress rules, which adds up to 512
rules.
- Each group of 10/16 ports has 8 slices with each slice having enough
memory for 256 ingress rules, which adds up to 2,048 ingress rules.
- ExtremeSwitching X870 switches
- Four slices with each slice having enough memory for 256 egress rules,
which adds up to 1,024 rules.
- There are four eight-port groups (known as pipes) that each have 6K
(12 slices) of memory for a total of 24K of ingress rules ACL capacity.
Installing rules with greater match criteria reduces the effective scale
capacity.
- ExtremeSwitching X690 switches
- Four slices of 256 egress rules, for a total of 1,000 rules.
- Each group of 48 ports has up to 12 slices with a total capacity of 8K
single-wide rules ingress rules.