Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Examples: Variable-Sized CAM Classification for IPv6 Policies
Variable-sized CAM entries are supported for IPv6 policies to avoid wasting memory space. For example, if the classifier entries in a policy consume a 576-bit CAM entry when a 144-bit CAM entry is sufficient to store the classifier, over 400 bits of CAM memory are wasted. CAM memory is divided into blocks at the hardware level. Each CAM block can support 8000 144-bit, 4000 288-bit, or 2000 576-bit CAM entries. Based on the IPv6 header CAM entry size calculation, the minimum entry size required for IPv6 classification is 8 bits and the maximum entry size required is 336 bits.
Policy Manager calculates the CAM bit size and configures the CAM entries on the line modules. The size of the CAM entry is determined using the limits defined for each of the IP classifier entry combination. In earlier releases, any policy configuration with CAM entries that exceeded the 128-bit limitation failed to be attached to the interface because it was not allowed by Policy Manager.
Beginning with JunosE Release 10.2.x, the IPv6 classification functionality is modified to classify traffic on more than 128 bits. To improve scalability for IPv6 policies, Policy Manager uses the optimum CAM entry size, depending on the IPv6 policy definition. The policy definition of IPv6 is used to determine which classification fields in the combined IPv6 classifier are present and the CAM entry length is computed dynamically. The following three different kinds of results are possible for an IPv6 policy:
- Sum of all classifier fields is less than or equal to 128 bits
- Sum of all classifier fields is between 128 bits and 272 bits
- Sum of all classifier fields is between 272 bits and 336 bits
CAM hardware classifiers support four types of CAM entries—72-bit, 144-bit, 288-bit, and 576-bits (16-bits are reserved for rule set id). Each of the policies fit into one of these four CAM entry types. The 72-bit CAM entry is not chosen as CAM devices on some line modules do not support this size limit. Therefore, the 144-bit, 288-bit, and 576-bit CAM entries are used as the variable-length CAM entries for IPv6 policies.
The following sections describe examples for each type of variable length IPv6 classification and the number of CAM entries for each case:
144-bit IPv6 Classification Example
In this example, a policy with a combination of IPv6 classifiers is created and attached. The configuration conforms to the 144 bit limit.
- Match all TCP SYN packets from 1:1:: to any DA with port
2000.host1(config)#ipv6 classifier-list tcpCLACL source-address 1:1::/32 tcp destination-port eq 2000 tcp-flags "SYN"
- Match all IPv6 packets to net 2:2::.host1(config)#ipv6 classifier-list ipv6CLACL destination-address 2:2::/32
- Match all ICMPv6 echo packets.host1(config)#ipv6 classifier-list icmpv6CLACL icmpv6 icmp-type 8 icmp-code 0
- Match all frames with the color red.host1(config)#ipv6 classifier-list colorCLACL color red
- Create an IPv6 policy list.host1(config)#ipv6 policy-list ipv6Pol host1(config-policy-list)#classifier-group colorCLACL host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#classifier-group tcpCLACL host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#classifier-group icmpv6CLACL host1(config-policy-list-classifier-group)#filter host1(config-policy-list-classifier-group)#classifier-group ipv6CLACL host1(config-policy-list-classifier-group)#filter
The policy ipv6Pol is requesting classification on Source Address (first word), Destination Address (first word), Destination Port, Protocol, TCP Flags, ICMPv6 Type, ICMPv6 Code, Color, and TC field. Table 26 lists the active classifiers in the policy named ipv6Pol and the size of each classifier.
Table 26: IPv6 Classification Fields for a 144-bit CAM Entry
Classifiers
Size (Bits)
Source address (first word)
32
Destination address (first word)
32
Destination port, ICMPv6 type, ICMPv6 code
16
Protocol
8
Color and TCP flags
8
TC field
8
The sum of all classification fields requested in ipv6Pol is 104. This size causes Policy Manager to use 144-bit CAM entry for every classifier in this policy. One CAM entry is needed for each classifier in the policy and therefore, four 144-bit CAM entries are needed in all.
288-bit IPv6 Classification Example
The following example creates and attaches a policy, which requests classification on a single host address and TCP. The configuration exceeds the 128 bit limit.
- Match all TCP packets from host 1:1:1:1:1:1:1:1 to any
DAhost1(config)#ipv6 classifier-list sourceCLACL source-address 1:1:1:1:1:1:1:1/128 tcp
- Create an IPv6 policy list.host1(config)#ipv6 policy-list ipv6Pol host1(config-policy-list)#classifier-group sourceCLACL host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#classifier-group * host1(config-policy-list-classifier-group)#filter
The policy ipv6Pol is requesting classification on Source Address (all 4 words) and Protocol. Table 27 lists the active classifiers in the policy named ipv6Pol and the size of each classifier.
Table 27: IPv6 Classification Fields for a 288-bit CAM Entry
Classifiers
Size (Bits)
Source address (first word)
32
Source address (second word)
32
Source Address (third word)
32
Source Address (fourth word)
32
Protocol
8
The sum of all classification fields requested in ipv6Pol is 136, which is greater than 128-bit CAM entry size limit. Although this configuration fails to attach to the interface in JunosE releases earlier than Release 10.2.0, it is successfully attached to the interface, beginning with JunosE Release 10.2.x, and the next higher 288-bit CAM entry is allocated for this policy (two 288-bit entries because of two classifiers being defined in the policy).
576-bit IPv6 Classification Example
In this example, a policy with a combination of IPv6 classifiers is created and attached.
- Match all TCP packets from host 1:1:1:1:1:1:1:1 to host
100::1 destined to port 80 from source port 10000host1(config)#ipv6 classifier-list tcpCLACL source-host 1:1:1:1:1:1:1:1 destination-host 100::1 tcp source-port eq 10000 destination-port eq 80
- Match all frames with the color redhost1(config)#ipv6 classifier-list colorCLACL color red
- Create an IPv6 policy list.host1(config)#ipv6 policy-list ipv6Pol host1(config-policy-list)#classifier-group tcpCLACL host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#classifier-group colorCLACL host1(config-policy-list-classifier-group)#forward host1(config-policy-list-classifier-group)#classifier-group * host1(config-policy-list-classifier-group)#filter
The policy ipv6Pol is requesting classification on Source Address (all 4 words), Destination address (all 4 words) and Protocol. Table 28 lists the active classifiers in the policy named ipv6Pol and the size of each classifier.
Table 28: IPv6 Classification Fields for a 576-bit CAM Entry
Classifiers
Size (Bits)
Source address (first word)
32
Source address (second word)
32
Source Address (third word)
32
Source address (fourth word)
32
Destination Address (first word)
32
Destination address (second word)
32
Destination Address (third word)
32
Destination Address (fourth word)
32
Protocol
8
Destination Port
16
Source Port
16
Color
8
The sum of all classification fields requested in ipv6Pol is 304, which is greater than 128-bit CAM entry size limit. Although this configuration fails to attach to the interface in earlier releases, it is successfully attached to the interface, beginning with this release, and the maximum 576-bit CAM entry is allocated for this policy (three 576-bit entries, one for each classifier in the policy).
Although each CAM block can contain 2000 576-bit CAM entries, the hardware considers the CAM block to contain 8000 144-bit entries that are clustered together as 4 sets each of 144-bit entries. In this example, although three 576-bit entries are used, one for each classifier in the policy, these entries are essentially three sets of 144-bit entries from the 576-bit CAM block. The sum of the unique classification fields in the policy determines the group from which the CAM resources are allocated for the entire policy (the 144-bit, the 288-bit, or the 576-bit group).
