Precedence for ACL and Rate Limiting
Features
ACL features have the following precedence:
- OpenFlow has precedence over rACL.
- rACL has precedence over policy-based
routing.
- Policy-based routing has precedence over
ACL.
- ACL has precedence over VLAN rate limiting.
Rate limiting features have the following
precedence:
- ACL rate limiting has precedence over BMU storm control.
- BMU storm control has precedence over VLAN rate limiting and bridge domain rate
limiting.
- VLAN rate limiting and bridge domain rate limiting have precedence over port
rate limiting.
Rate limiting on an interface or port-channel has precedence over system rate
limiting.
All ACL and ACL rate limiting features reside in
one of two TCAM databases.
Table 1. TCAM databases and features
Database
|
Feature
|
TCAM User
|
Layer 3 ACL
|
Layer 2 ACL
|
Layer 3 ACL rate limiting
|
Layer 2 ACL rate limiting
|
TCAM Control (Ctrl)
|
Layer 3 Ctrl
|
Layer 2 Ctrl
|
VLAN rate limiting
|
Port rate limiting
|
For intra-database features, priority is based
on the entry strength or ordering, such as first come, first served. For inter-database
features, when there is a hit in both databases, the device first looks at the following
actions:
- For non-conflicting actions, the
actions are merged.
- For actions with the same strength, the
action from the User database takes precedence.