L-ET4148-50C-DB LSI, L-ET4148-50C-DB Datasheet - Page 283

L-ET4148-50C-DB

Manufacturer Part Number

L-ET4148-50C-DB

Description

Manufacturer

LSI

Datasheet

1.L-ET4148-50C-DB.pdf (298 pages)

Specifications of L-ET4148-50C-DB

Lead Free Status / RoHS Status

Supplier Unconfirmed

Current page: 283 of 298
Download datasheet (2Mb)

Preliminary Data Sheet

April 2006

Agere Systems Inc.

Appendix B: Configuration

Access Control Lists

IP Address ACE Map Index Table. This table is used to define the relationship between the IP address index

(look-up result), ACL number, and ACE map. The IP address index identifies one of 512 address values. This

means that there can be, at most, 512 unique IP address look-up results. These results must be shared by all of

the ACLs. The 9-bit look-up result is concatenated with the output of Acl_Vlan_Index_Table to form a 15-bit

address that is then delivered to Acl_Ip_Addr_Ace_Map_Index_Table.

The output of Acl_Ip_Addr_Ace_Map_Index_Table is a 10-bit value that is used to select one of 1,024 IP address

ACE maps. These ACE maps define the patterns of appearance of particular IP address prefixes or host

addresses within ACEs. If multiple ACLs happen to share the same pattern of appearance for a particular IP

address value, then this table can be used to point the multiple IP address look-up results to a common ACE map.

TCP Port ACE Map Index Table. T he 8-bit results of the TCP/UDP port look-up are concatenated with the 6-bit ACL

index to form a 14-bit address used by

map index values.

This index table enables the reuse of ACE maps by the TCP/UDP look-up results. Say, for example, that the TCP

destination port range of 100 through 150 appears in ACE number 35 for five different ACLs. It is then a simple

matter of having that particular ACE map be pointed to by the five locations in the index table addressed by the

appropriate combinations of look-up results and ACL index.

Protocol ACE Map Index Table. Up to eight Ethertypes and eight Layer 4 protocols may be grouped into a maxi-

mum of eight combinations. This combined Ethertype/protocol index is used to identify the protocol value for this

field of the ACE 5-tuple. The Acl_Protocol_Ace_Map_Index_Table is used to map the 512 protocol/ACL number

combinations to 128 ACE maps.

ACE Maps

ACE maps are used to identify those ACEs that have criteria that match the corresponding 5-tuple field from the

receive packet. For example, if the receive packet’s IP destination address matches the criteria for ACEs 10, 29,

and 47 for ACL 18, then that IP address look-up/ACL number combination is mapped (via

Acl_Ip_Addr_Ace_Map_Index_Table) to an ACE map wherein bits 10, 29, and 47 are all asserted and the remain-

ing 61 bits are deasserted. This process of selecting ACE maps is repeated for all fields of the 5-tuple. The result is

a series of five 64-bit ACE maps, each indicating the ACEs whose criteria are satisfied by the fields of the packet.

It is then a simple matter of finding the first (lowest numbered) ACE for which all five ACE maps have the corre-

sponding bit asserted. Figure 296 illustrates this process.

The ACE maps are defined via Acl_Ip_Addr_Ace_Map_Table, Acl_Port_Ace_Map_Table and

Acl_Protocol_Ace_Map_Table.

ACL Actions

Associated with each of the access control entries is a set of actions to be carried out when a receive packet

matches a particular ACE. These actions are as follows:

1. Permit or deny access.

2. Copy packet to logging queue.

3. Replace packet’s priority.

These actions are specified by the acl_permit, acl_log, and acl_priority_code[4:0] fields of

Acl_Result_Table.

(continued)

Single-Chip 48 x 1 Gbit/s + 2 x 10 Gbits/s Layer 2+ Ethernet Switch

Acl_Protocol_Ace_Map_Index_Table to retrieve one of 16,384 8-bit ACE

(continued)

Agere Systems - Proprietary

ET4148-50

283

L-ET4148-50C-DB LSI, L-ET4148-50C-DB Datasheet - Page 283

L-ET4148-50C-DB

Specifications of L-ET4148-50C-DB

Related parts for L-ET4148-50C-DB