Wide Key ACLs

Wide key capability provides greater capacity for rules than single-wide key ACLs.

For example, a double-wide match key provides a 362-bit capacity, instead of a standard 181-bit single-wide key to be used with match conditions. A double-wide key allows you to add more match conditions to an ACL. It also allows matching on a full destination-source IPv6 address.

All ExtremeSwitching Series Switches

On all platforms, key width is configured manually (see Configuring Wide Key ACL Modes) and applies to all ACLs on the switch. An individual switch cannot be configured to operate in a mixed double- and single-wide mode. However, a SummitStack can have a mixture of modules and switches with some of them operating in a single-wide mode and some in a double-wide mode.

Double wide key ACLs allow additional condition combinations than single-wide ACLs. The existing supported condition combinations are described in Field Selectors for ExtremeSwitching Series Switches. The double-wide condition combinations that can be appended under the set union operation to the single-wide condition combinations are as follows:

For example, your single-wide mode supports condition combination A, B, and C, and the double-wide mode adds condition combinations D1 and D2. Then in a single-wide mode, the conditions of your rule should be a subset of either {A}, or {B}, or {C} and in a double-wide mode, the conditions of your rule should be a subset of either {A U D1}, or {A U D2}, or {B U D1}, or {B U D2}, or {C U D1}, or {C U D2}.

Limitations

The following are limitations associated with wide keys:
  • Wide keys provides richer condition combinations. However, there is a tradeoff in ACL capacity; wide key ACLs consume more space.
  • Only ingress ACLs support this feature. Egress and external ACLs do not support it.

Supported Platforms

Wide key ACLs are available on all ExtremeSwitching Universal platforms.