Allied Telesis x900-24 series User Manual
Page 10 | AlliedWare™ OS How To Note: Hardware Filters
How many filters can you create?
Protocol type—2 bytes
Ethernet format—2 bytes
VLAN ID—2 bytes
IP protocol type (TCP, UDP, etc)—1 byte
source IP address—4 bytes
destination IP address—4 bytes
TCP port number—2 bytes
UDP port number—2 bytes
DSCP—1 byte
For example, if you make a hardware filter that matches on destination IP address and source
TCP port, this adds 7 bytes to the mask:
1 byte for the IP protocol field (to indicate TCP)
4 bytes for the destination IP address
2 bytes for the source TCP port number.
TCP port, this adds 7 bytes to the mask:
1 byte for the IP protocol field (to indicate TCP)
4 bytes for the destination IP address
2 bytes for the source TCP port number.
If you next make a hardware filter that matches on source MAC address, this adds 6 more
bytes to the mask.
bytes to the mask.
If you next make a QoS flow group with a classifier that matches on destination IP address
(4 bytes) and DSCP (1 byte), this adds 1 more byte to the mask, for the DSCP. It does not
add 4 more bytes for the destination IP address because the switch already matches on that
field.
(4 bytes) and DSCP (1 byte), this adds 1 more byte to the mask, for the DSCP. It does not
add 4 more bytes for the destination IP address because the switch already matches on that
field.
If you next make a hardware filter that matches on source IP address and source TCP port,
then that does not change the mask, because the switch already matches on those fields.
then that does not change the mask, because the switch already matches on those fields.
If you next make a hardware filter that matches on source UDP port, this also does not add
any length to the mask, because it shares the same 2 bytes as the source TCP port. However,
if you next make a hardware filter that matches on destination TCP or UDP port, that uses
another 2 bytes.
any length to the mask, because it shares the same 2 bytes as the source TCP port. However,
if you next make a hardware filter that matches on destination TCP or UDP port, that uses
another 2 bytes.
Are there enough bytes for your set of filters?
Of course, the mask cannot increase without limit—it has a maximum size of 16 bytes.
When it reaches the 16-byte limit, no more classifiers can be used that would cause the mask
to increase in size. The switch can still accept classifiers that use fields that have already been
included in the mask.
to increase in size. The switch can still accept classifiers that use fields that have already been
included in the mask.
There is no particular number of hardware filters or QoS flow groups that will cause the
mask to reach its 16-byte limit—it could happen after a few filters, or you might be able to
create hundreds of filters without the mask reaching its limit.
mask to reach its 16-byte limit—it could happen after a few filters, or you might be able to
create hundreds of filters without the mask reaching its limit.
So to determine whether you will have enough filter length, look at the fields you want to
filter, determine the number of bytes for each field, and sum up the total number of
bytes. If that number is less than 16, there is enough filter length. Don’t forget to count TCP
and UDP source port as a single field, and likewise to count TCP and UDP destination port
as a single field.
filter, determine the number of bytes for each field, and sum up the total number of
bytes. If that number is less than 16, there is enough filter length. Don’t forget to count TCP
and UDP source port as a single field, and likewise to count TCP and UDP destination port
as a single field.