beautypg.com

Considerations for implementing ip broadcast acl – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 163

background image

Multi-Service IronWare Security Configuration Guide

145

53-1003035-02

IP broadcast ACL CAM

3

NOTE

Hitless upgrade support for the IP broadcast ACL CAM entries is supported only on the Brocade
NetIron XMR and Brocade MLX series devices.

Considerations for implementing IP broadcast ACL

The considerations that must be observed while implementing IP broadcast ACL are listed as
follows:

If filtering of IP directed broadcast traffic using an ACL is enabled at the IP interface level, then
the IP broadcast ACL CAM entry matching is based on ACL group ID and VLAN ID for the
physical IP interface and virtual IP interface, respectively.

If filtering of IP directed broadcast traffic using an ACL is enabled globally, then the IP
broadcast ACL CAM entry matching is completed for the default VRF.

Physical ports must undergo the VRF membership check only if the ports have implemented IP
broadcast ACL.

Specifying the maximum CAM size for IP broadcast ACL

To configure the maximum allowable number of ACL CAM entries assigned to the IP broadcast ACL
CAM sub-partition, enter the following command.

Brocade(config)# system-max subnet-broadcast-acl-cam 2000

Syntax: [no] system-max subnet-broadcast-acl-cam max-cam-entries

The max-cam-entries parameter specifies the maximum CAM size that you want for an IP broadcast
ACL. On the Brocade NetIron XMR and Brocade MLX series devices, the minimum value supported
is 0 and the maximum value supported is 4096. The default value is 0.

The no option is used to reset the maximum allowable CAM value to the default value.

NOTE

The system maximum value for the IP broadcast ACL CAM entries is configurable only on the
Brocade NetIron XMR and Brocade MLX series devices.

Upon configuration, the system verifies the input value with the amount of CAM resources
available. If the system is unable to allocate the requested space, the following error message is
displayed.

Error - IPV4 subnet-broadcast-acl-cam roundup value (4096 - power of 2) exceeding

available CAM resources

Total IPv4 ACL CAM:

49152(Raw Size)

IPv4 Multicast CAM:

32768(Raw Size)

IPv4 Receive ACL CAM: 8192(Raw Size)

IPv4 Source Guard CAM:

4096

Reserved IPv4 Rule ACL CAM: 1024(Raw Size)

Available Subnet Broadcast ACL CAM: 3072(Raw Size) 1536(User Size)

If there are not enough CAM resources available, you can change the CAM profile and configure the
sub-partition size before doing a reload. The change is permitted only if the new CAM profile can
support the currently defined system maximum values for the various CAM partitions.

See also other documents in the category Brocade Computer Accessories: