Policy Resources
The maximum number of policies that you can attach to interfaces on the E-series router depends on the classifier entries that make up the policy.
The E-series router supports software and hardware classifiers. A policy can be made up of any combination of software and hardware classifiers. You use the classifier-list command to configure all classifiers.
There are two categories of hardware classifiers, depending on the type of line module being used. OC48/STM16 and GE-2 line modules support content-addressable memory (CAM) hardware classifiers—all other line modules support FPGA hardware classifiers. Table 13 lists the classifiers supported on OC48/STM16 and GE-2 line modules; Table 14 lists the classifiers supported on all other line modules.
FPGA Hardware Classifiers
FPGA hardware classifiers are supported on all line modules except the OC48/STM16 and GE-2 line modules. Table 14 lists the FPGA classifiers and software classifiers supported for each interface type.
The E-series router supports two versions of policies that are based on FPGA hardware classifiers. One version has a maximum of 16 classifier entries per policy, and the second version has 16 to 32 classifier entries per policy. The line module supports 16,255 policies when all policies have 16 hardware classifier entries or fewer, and supports 8127 policies if all policies have 16 to 32 hardware classifier entries.
The router allows you to configure a combination of the two versions of FPGA hardware classifier-based policies—you can have some that contain 16 or fewer classifier entries and others with more than 16 entries. In this case, the number of policies that is supported will be between 8127 and 16,255, depending on the actual configuration.
You can also configure hardware classifier-based policies that have more than 32 classifier entries. The router groups the classifiers into blocks of 32. For example, if you configure a policy with 100 classifier entries, the router views this as three policies that have 32 classifier entries and one policy with 4 classifier entries. Note that the group with 4 classifier entries actually consumes 16 classifier resources, which is the minimum number consumed for a group in a mixed-mode hardware classifier configuration.
Unlike policies that are based on software classifiers, policies that are based on FPGA hardware classifiers consume resources at a rate of one resource per policy, regardless of the number of different hardware classifier categories in the policy. For example, if a classifier list has three hardware classifiers, such as destination address, source address, and protocol, the policy referencing that classifier list would consume only a single hardware classifier resource.
The same is true if multiple policy rules reference the classifier list. For example, if four policy rules reference the same classifier list (which contains three hardware classifiers), then still only one classifier entry would be consumed.
CAM Hardware Classifiers
CAM hardware classifiers are supported on the OC48/STM16 and GE-2 line modules. Table 13 lists CAM hardware classifiers and the software classifiers supported for each interface type.
The OC48/STM16 line module supports 128,000 CAM entries, and the GE-2 line module supports 64,000 CAM entries. For most configurations, each classifier entry in a policy consumes one CAM entry. However, a policy that has only the default classifier consumes no CAM resources.
Example
In this example, the policy consumes a total of four CAM entries: two entries for clacl1, one for clacl2, and one for the default classifier.
host1(config)#ip classifier-list clacl1 ip host 192.168.1.1 host 192.168.2.2 tos 1
host1(config)#ip classifier-list clacl1 ip host 192.168.1.1 host 192.168.2.2 tos 2
host1(config)#ip classifier-list clacl2 tcp any any tcp-flags "SYN"
host1(config)#ip policy-list policy1
host1(config-policy-list)#classifier-group clacl1
host1(config-policy-list-classifier-group)#forward
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group clacl2
host1(config-policy-list-classifier-group)#forward
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group *
host1(config-policy-list-classifier-group)#filter
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#exit
There are two exceptions in which a single classifier entry will consume more than one CAM entry. In these cases, the actual number of entries that are consumed depends on the configuration. The two exceptions are:
- When a classifier entry contains a port range. For example:
- When a classifier entry contains the not keyword. Although this keyword is supported for IP classifier lists, it is recommended that you not use it—you can usually achieve the desired behavior without this field.
host1(config)#ip classifier-list clacl3 tcp any any range 5 8
host1(config)#ip classifier-list clacl4 ip not host 1.1.1.1 any
Software Classifiers
The E-series router supports a variety of software classifiers, depending on the type of interface. Table 13 and Table 14 list the supported software classifiers for each interface type.
A line module supports 16,383 software classifiers. Software classifiers are consumed at a rate of one resource per classifier category per policy. For example, if you configure a policy that has three different destination route class rules, then because all three rules are for the same classifier category, that policy would consume only one software classifier resource. However, if you configure a policy that requires classification on three different classifier categories, such as ToS, color, and TCP flags, then that policy would consume three of the available 16,383 software classifier resources.
 |
NOTE: Policy consumption is per policy definition per line card. |
Example
In this example, the policy list named polWestford5 references four classifier lists with a combination of software and hardware classifiers:
host1(config)#classifier-list clacl100 color red ip any any
host1(config)#classifier-list clacl200 color yellow user-packet-class 6 ip host 10.1.1.1 host 10.1.1.2
host1(config)#classifier-list clacl300 color green user-packet-class 5 ip any any
host1(config)#classifier-list clacl400 color red ip host 10.1.1.10 any
host1(config)#policy-list polWestford5
host1(config-policy-list)#classifier-group clacl100
host1(config-policy-list-classifier-group)#forward
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group clacl200
host1(config-policy-list-classifier-group)#forward
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group clacl300
host1(config-policy-list-classifier-group)#forward
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group clacl400
host1(config-policy-list-classifier-group)#forward
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#classifier-group *
host1(config-policy-list-classifier-group)#filter
host1(config-policy-list-classifier-group)#exit
host1(config-policy-list)#exit
For a given line module, the policy list named polWestford5 consumes a total of one FPGA hardware classifier resource and two software classifier resources, as shown in Table 15.