S6850-56HF acl资源计算举例
- 0关注
- 0收藏 18浏览
组网及说明
不涉及
告警信息
不涉及
问题描述
vlan接口下调用包过滤,提示资源不足,精简acl后正常
分析下acl是如何占用资源的
<h3c>display qos-acl resource
Interfaces: WGE1/0/1 to WGE1/0/40 (slot 1)
---------------------------------------------------------------------
Type Total Reserved Configured Remaining Usage
-------------------总共-------预留-------配置----------剩余--------------------------
VFP ACL 1024 17 3 1004 1%
IFP ACL 18432 7680 1902 8850 51%
IFP Meter 3072 768 0 2304 25%
IFP Counter 18432 7680 0 10752 41%
EFP ACL 2048 0 86 1962 4%
EFP Meter 1024 0 0 1024 0%
EFP Counter 1024 0 0 1024 0%
Interfaces: WGE1/0/41 to WGE1/0/48, HGE1/0/49 to HGE1/0/56 (slot 1)
---------------------------------------------------------------------
Type Total Reserved Configured Remaining Usage
---------------------------------------------------------------------
VFP ACL 1024 17 3 1004 1%
IFP ACL 18432 7680 1902 8850 51%
IFP Meter 3072 768 0 2304 25%
IFP Counter 18432 7680 0 10752 41%
EFP ACL 2048 0 86 1962 4%
EFP Meter 1024 0 0 1024 0%
EFP Counter 1024 0 0 1024 0%
slot1的 IFP ACL 的总资源是18432个entry
slot1的 IFP ACL的预留的资源是7680 个entry
slot1的 IFP ACL的配置的资源是1902 个entry
slot1的 IFP ACL的剩余的资源是 8855个entry
资源的单位是entry
<h3c>display qos-acl resource里的entry资源都是按照singe模式计算的
1-40口占用一个pipe,41到56占用另一个pipe
每个pipe有一个acl资源,以下以pipe0为例
知识点:
IntraDb是每条rule占一个slice,一个rule在每个slice占用2条entry,即每个rule占用2个entry资源, 每个slice的资源减半 (每个slice能容纳的rule减半了)
Triple模式下(3个slice合并,一个rule占用3个slice,一个rule在每个slice占用2条entry,即1个rule占用6条entry资源;
每个Slice 的资源减半
single模式是每个rule占用1个slice,一个rule在每个slice1占1条entry,即每个rule占用1个entry资源 ,每个slice的资源不减半
double模式是 2个slice合并,一个rule占用2给slice,一个rule在每个slice占用2条entry, 即每个rule占用4个entry资源,每个slice的资源减半
[3c--probe]dis qos-acl resource advanced-mode
[25_11:16:38]
[25_11:16:38]Interfaces: WGE1/0/1 to WGE1/0/40 (slot 1)
[25_11:16:38]---------------------------------------------------------------------
[25_11:16:38] Stage Slice Total Configured Remaining Usage
[25_11:16:38]---------------------------------------------------------------------
[25_11:16:38] IFP 0 1536 0 1536 0% 可以放1536个rule
[25_11:16:38] IFP 1 1536 0 1536 0% 可以放1536个rule
[25_11:16:38] IFP 2 1536 0 1536 0% 可以放1536个rule
[25_11:16:38] IFP 3 1536 0 1536 0% 可以放1536个rule
[25_11:16:38] IFP 4 1536 0 1536 0% 可以放1536个rule
[25_11:16:38] IFP 5 768 183 585 23% (只能放768个rule)
[25_11:16:38] IFP 6 768 64 704 8% (只能放768个rule)
[25_11:16:38] IFP 7 768 64 704 8% (只能放768个rule)
[25_11:16:38] IFP 8 768 768 0 100% (只能放768个rule)
[25_11:16:38] IFP 9 768 158 610 20% (只能放768个rule)
[25_11:16:38] IFP 10 768 158 610 20% (只能放768个rule)
[25_11:16:38] IFP 11 768 158 610 20% (只能放768个rule)
Ifp 12 个slice,每个slice是1536个entry,
6-11 号slice之所以规格减半(768), 是因为涉及了IntraDb,double,Triple
dis qos-acl resource advanced-mode 的每个slice的total回显会随着模式的变化而变化,
IntraDb,double,Triple 模式会导致资源减半,所以这些slice的total资源由 1536变为 768,因为这3个模式一个rule在每个slice占用2条entry (每个slice能容纳的rule就少了一半)
dis qos-acl resource advanced-mode 的每个slice的total的意义是在当前类型下能容纳多少条rule
总共的资源18432怎么来的
Ifp 12 个slice,每个slice是1536个entry,18432 = 12*1536,所以是Total = 18432
过程分析
[SH-MH-501-B10-H3CS6850-YL0-12001-probe]debug qacl show acl-resc slot 1 chip 0
]Acl Hw Resource: IFP, Pipe:0
[25_11:09:24]-------------------------------------------------------------------------
[25_11:09:24] Pri 121, Group 3,usedEntries 64 ,mode Double, physlice 6/7/ 系统占用,这2个slice的所有资源都变成了预留资源
[25_11:09:24] =========================================
[25_11:09:24] acl type usedEntries[64]
[25_11:09:24] =========================================
[25_11:09:24] [24 ]RX Low 9
[25_11:09:24] [26 ]Super_RX Low 2
[25_11:09:24] [86 ]RX PRIO LLOW 1
[25_11:09:24] [115]IFP LOW 2
[25_11:09:24] [130]MPLS Vpn High 1
[25_11:09:24] [132]MPLS Vpn Low 3
[25_11:09:24] [154]PDT LOW INITIAL 1
[25_11:09:24] [315]UntrustPriority 41
[25_11:09:24] [422]IFP LOW ICMP 2
[25_11:09:24] [423]IFP LOW GRE 2
[25_11:09:24] ======================================
[25_11:09:24]-------------------------------------------------------------------------
[25_11:09:24] Pri 123, Group 8,usedEntries 951,mode IntraDb, physlice 5/8/ 包过滤占用, 属于Configured里的资源
[25_11:09:24] =========================================
[25_11:09:24] acl type usedEntries[951] (951个rule)
[25_11:09:24] =========================================
[25_11:09:24] [97 ]PktFilter IP on VRF 951
[25_11:09:24] ======================================
[25_11:09:24]-------------------------------------------------------------------------
[25_11:09:24] Pri 125, Group 1,usedEntries 158,mode Triple, physlice 9/10/11/ 系统占用 ,这3个slice的所有资源都变成了预留资源
[25_11:09:24] =========================================
[25_11:09:24] acl type usedEntries[158]
[25_11:09:24] =========================================
[25_11:09:24] [8 ]RX IPv4 Super High 1
[25_11:09:24] [9 ]RX IPv4 High 85
[25_11:09:24] [10 ]RX IPv4 Middle High 1
[25_11:09:24] [11 ]RX IPv4 Middle 32
[25_11:09:24] [14 ]RX IPv6 High 15
[25_11:09:24] [15 ]RX IPv6 Middle_High 3
[25_11:09:24] [16 ]RX IPv6 Middle 3
[25_11:09:24] [48 ]OAM-High 4
[25_11:09:24] [71 ]RX Middle Low 7
[25_11:09:24] [88 ]STMVLAN_PERMIT 1
[25_11:09:24] [153]PDT HIGH INITIAL 2
[25_11:09:24] [432]LLDP-PERMIT 4
[25_11:09:24] ======================================
[25_11:09:25]-------------------------------------------------------------------------
[25_11:09:25]Acl Hw Resource: IFP, Pipe:1
[25_11:09:25]-------------------------------------------------------------------------
[25_11:09:25] Pri 121, Group 4,usedEntries 40 ,mode Double, physlice 6/7/
[25_11:09:25] =========================================
[25_11:09:25] acl type usedEntries[40]
[25_11:09:25] =========================================
[25_11:09:25] [24 ]RX Low 9
[25_11:09:25] [26 ]Super_RX Low 2
[25_11:09:25] [86 ]RX PRIO LLOW 1
[25_11:09:25] [115]IFP LOW 2
[25_11:09:25] [130]MPLS Vpn High 1
[25_11:09:25] [132]MPLS Vpn Low 3
[25_11:09:25] [154]PDT LOW INITIAL 1
[25_11:09:25] [315]UntrustPriority 17
[25_11:09:25] [422]IFP LOW ICMP 2
[25_11:09:25] [423]IFP LOW GRE 2
[25_11:09:25] ======================================
[25_11:09:25]-------------------------------------------------------------------------
[25_11:09:25] Pri 123, Group 9,usedEntries 951,mode IntraDb, physlice 5/8/
[25_11:09:25] =========================================
[25_11:09:25] acl type usedEntries[951]
[25_11:09:25] =========================================
[25_11:09:25] [97 ]PktFilter IP on VRF 951
[25_11:09:25] ======================================
[25_11:09:25]-------------------------------------------------------------------------
[25_11:09:25] Pri 125, Group 2,usedEntries 124,mode Triple, physlice 9/10/11/
[25_11:09:25] =========================================
[25_11:09:25] acl type usedEntries[124]
[25_11:09:25] =========================================
[25_11:09:25] [8 ]RX IPv4 Super High 1
[25_11:09:25] [9 ]RX IPv4 High 28
[25_11:09:25] [10 ]RX IPv4 Middle High 1
[25_11:09:25] [11 ]RX IPv4 Middle 32
[25_11:09:25] [14 ]RX IPv6 High 15
[25_11:09:25] [15 ]RX IPv6 Middle_High 3
[25_11:09:25] [16 ]RX IPv6 Middle 3
[25_11:09:25] [48 ]OAM-High 28
[25_11:09:25] [71 ]RX Middle Low 7
[25_11:09:25] [153]PDT HIGH INITIAL 2
[25_11:09:25] [432]LLDP-PERMIT 4
[25_11:09:25] ======================================
配置的1902个entry资源是怎么来的
包过滤功能 用interdb模式 , 每个pipe上包过滤占用951x2的entry资源 (rule条数x 2 ),即1902个entry资源
为什么x2 ,因为IntraDb是每条rule占一个slice,一个rule在每个slice占用2条entry资源,即每个rule占用2个entry资源
调用包过滤时占用了每个pipe的ifp资源,类型是interdb
总共的资源18432怎么来的
Ifp 12 个slice,每个slice是1536个entry,18432 = 12*1536,所以是Total = 18432
Ifp的预留资源7680怎么来的
Slice 6 ,7,9,10,11 被系统占用,这些slice的所有资源都作为预留资源
这些slice 的都是1536个entry,5*1536 = 7680
解决方法
提供说明
- 2025-08-25回答
- 评论(0)
- 举报
-
(0)
dis qos-acl resource advanced-mode 的每个slice的total的意义是在当前类型下(singele或intradb或doube或triple)能容纳多少条rule
- 2025-08-28回答
- 评论(0)
- 举报
-
(0)
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作