ACL Slices and Rules
The ExtremeSwitching series switches use a mechanism different from the earlier ExtremeSwitching series to implement ACLs. The same
architecture and guidelines apply to both
platforms.
Instead of the per port masks used in earlier switches, these
platforms use slices that can apply to any of the supported ports.
An ACL applied to a port may be supported by any of the slices.
The slice support is as follows:
- ExtremeSwitching X450-G2 switches—
- Each group
of 48 ports has 4 slices with each slice having enough memory for 256
egress rules, which adds up to 1024 rules.
- Each group of 48 ports
has 16 slices with each slice having enough memory for 256 ingress
rules, which adds up to 4,096 ingress rules.
- ExtremeSwitching X460-G2 switches—
- Each group
of 48 ports has 4 slices with each slice having enough memory for 256
egress rules, which adds up to 1,024 rules.
- Each group of 48 ports
has 16 slices with each slice having enough memory for 256 ingress rules
, which adds up to 4,096 ingress rules.
- ExtremeSwitching X670-G2 switches—
- Each group of 48 ports
has 4 slices with each slice having enough memory for 256 egress rules,
which adds up to 1,024 rules.
- Each group of 48 ports
has 12 slices; the first 4 (0–3) slices hold 512 ingress rules each, and
the last 8 (4–11) slices hold 256 ingress rules each, which adds up to
4,096 ingress rules.
- ExtremeSwitching X440-G2
switches—
- Each group of 24 ports
has 4 slices with each slice having enough memory for 128 egress rules,
which adds up to 512 rules.
- Each group of 24 ports
has 8 slices with each slice having enough memory for 256 ingress rules,
which adds up to 2,048 ingress rules.
- ExtremeSwitching X620
switches—
- Each group of 10/16 ports
has 4 slices with each slice having enough memory for 128 egress rules,
which adds up to 512 rules.
- Each group of 10/16 ports
has 8 slices with each slice having enough memory for 256 ingress rules,
which adds up to 2,048 ingress rules.
- ExtremeSwitching X870 switches—
- Four slices with each
slice having enough memory for 256 egress rules, which adds up to 1,024
rules.
- There are four eight-port
groups (known as pipes) that each have 6K (12 slices) of memory for a
total of 24K of ingress rules ACL capacity. Installing rules with
greater match criteria reduces the effective scale capacity.
- ExtremeSwitching X690
switches—
- Four slices of 256 egress
rules, for a total of 1,024 rules.
- Each group of 48 ports
has up to 12 slices with a total capacity of 8K single-wide rules
ingress rules.
- ExtremeSwitching X590 switches—
- Four slices of 256 egress
rules, for a total of 1,024 rules.
- Each group of 48 ports
has up to 12 slices with a total capacity of 8K single-wide rules
ingress rules.
- ExtremeSwitching X465 switches—
- Four slices of 256 egress
rules, for a total of 1,024 rules.
- Each group of 48 ports
has up to 12 slices with a total capacity of 8K single-wide rules
ingress rules.
- ExtremeSwitching
X435 switches—
- 1,024 single-wide rules,
for 128 per slice.
- ExtremeSwitching X695 switches—
- Four VLAN look-up stage slices with 1,024 rules.
- Twelve ingress stage slices with 18,000 rules.
- Four egress stage slices with 2,000 rules.
