Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Aruba 3810M and Hardware based ACLs

This thread has been viewed 3 times

  • 1.  Aruba 3810M and Hardware based ACLs

    Posted Dec 18, 2018 07:21 PM

    Hi community,

    I was looking for some information about how ACLs are implemented in Aruba 3810M switch. I want to know if they are hardware-based and wirespeed ACLs but no documentation about it.

    The only document I have found on Internet is the next one that talks about "How Hardware-Based ACLs Work" for old Procurve routing switches 9300:

     

    ftp://ftp.hp.com/pub/networking/software/59906030-e1.pdf

     

    Can anybody give me a hand?

    Regards

     



  • 2.  RE: Aruba 3810M and Hardware based ACLs

    EMPLOYEE
    Posted Dec 20, 2018 01:12 AM

    Hi, check for the Security Guide at http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-a00038700en_us-1.pdf

     

    The hardware (TCAM) resources used by the ACLs configured on the switch are 4 of 8 Policy Engine management resources.

    Resource usage includes resources actually in use, or reserved for future use by the listed feature. Internal dedicated-purpose resources, such as port bandwidth limits or VLAN QoS priority, are not included.

     

    I think ACL wirespeed can be matched with switching capacity non-blocking.



  • 3.  RE: Aruba 3810M and Hardware based ACLs

    EMPLOYEE
    Posted Dec 20, 2018 01:28 AM

    Hi, The 2540, 2930, 3810 and 5400v3 series switches use hardware based ACL's. The ACE's are typically stored in a TCAM which is part of the ASIC.

    Hope this helps.



  • 4.  RE: Aruba 3810M and Hardware based ACLs

    Posted Jan 09, 2019 07:11 PM

    Hi Dik,

    Thanks for your answer.

    I read a document somewhere that told 3810M uses CAM to store ACEs instead of TCAM.

    As far as I know, CAM and TCAM are different types of memory, but basically, they are hadware based. In fact, some of the models that you mentioned use TCAM and other models use CAM to implement ACLs and QoS.

    Can you confirm that 3810M uses CAM to implement ACLs and QoS in hardware?

    Kind regards



  • 5.  RE: Aruba 3810M and Hardware based ACLs
    Best Answer

    EMPLOYEE
    Posted Jan 10, 2019 02:32 AM

    Hi N3tw0rk3r,

     

    The 2910/2920/3500/5400/8200/5400R platforms use a TCAM (Ternary Content Addressable Memory) to implement ACLs.
    This area in hardware allows many fields in a packet to be compared at once.

     

    The 3810/5400R v3 modules contain an egress CAM. This is a separate CAM from the ingress CAM on the module and will perform egress filtering separate from the ingress CAM. The capabilities of the egress are the same as the ingress CAM with the following exceptions:
    • Egress CAM supports a smaller number of entries.
    • Actions of mirroring and remarking are not supported.
    • Packets cannot be copied

     

    Hope this helps