Terminology

Terminology

The following terms are used extensively in this section:

5-tuple: The five elements that fully describe the criteria of the ACL rule: Source IP/ Mask, Destination IP/Mask, Protocol, Source Port, Destination Port. The masks allow the user to specify a narrow or wide range of matches. All elements are optional, but the Ports are only valid if TCP or UDP is the selected protocol and can be expressed as a single port or range of ports. The protocol ID for TCP and UDP is 6 and 17 respectively.
Access List/Access Control List (ACL): an ordered list of ACL Rules.
ACL Rule: An element of an ACL that identifies traffic based upon a 5-tuple (condition), and specifies a queue (0-7), permit, or deny action for packets matching the condition.
CPU: The general processor for the P580 and P882 that resides on the Supervisor module. The CPU determines whether to forward or filter packets. It identifies Flows by resolving IP-to-MAC addressing and matching ACL Rules. It updates the F-chip's forwarding cache for future Fast Pathing of packets that match this Flow. The process of examining Flows and updating all of the F-chips' forwarding caches is called Slow Path.
DA: Destination IP Address.
F-chip: Forwarding-chip (F-chip) is an application specific integrated circuit (ASIC) that forwards recognized packets via Fast Path or unrecognized packets via Slow Path. It learns or flushes L3 forwarding entries (L3FE) as directed by the CPU. In earlier versions of the hardware, the F-Chip was referred to as the Packet Routing Engine (PRE).
Fast Path: When an F-chip is able to recognize and forward a packet to the destination port without CPU intervention. Both FIRE (media modules) and FORE (supervisor module) are Fast Path forwarding mechanisms.
FIRE (Fast In-Band Routing Engine): When an 80-series Ethernet media module has been licensed for routing, the F-Chips on that module provide fast, direct forwarding of L3 packets to their destination ports. The destination ports can be on the same module or a different module.
Flow: A set of routed packets that get the same Layer 3 Forwarding Entry (L3FE) due to equivalent address characteristics. The complexity of this equivalence will affect the frequency that packets match a single Flow. In the simplest case, such as no ACL present, a Flow is identified only by the destination address of the packet, for a high rate of L3FE re-use. In the most complex case, such as an ACL that specifies the entire 5-tuple, the granularity of identification will cause a very low rate of re-use.
FORE (Fast Out-of-Band Routing Engine): When an 80-series Ethernet media module is not licensed for routing, the media modules forward all routed packets to the supervisor. The F-Chip on the supervisor module provides fast, direct forwarding of L3 packets to their destination ports.
Hash Mode: The F-chip uses a 12-bit key to initially locate available memory for Flows. In DA-only mode (default) it builds the key from a sample of the Flow's destination address (DA). In SA-DA mode, it uses both the source and destination addresses. The F-chip automatically selects which 12 bits to use, and when to re-hash with a different key.
Ingress F-chip: The F-chip that receives a packet from an external source.
Layer 3 Forwarding Entry (L3FE): When a packet arrives on a media module, the F-Chip needs to know where to forward that packet. The L3 forwarding cache is a list that identifies the path taken by a data packet through the switch. Each entry in this list is a L3FE. Each entry is identified by a combination of the Flow's 5-tuple and the corresponding ACL rule. If the F-chip does not find a match in the L3 forwarding cache, the packet is sent Slow Path to the CPU for processing and forwarding. Once the CPU has determined the destination, it updates the L3 forwarding cache on the F-chips with the L3FE. Once updated, the F-chip can forward future packets via Fast Path.
SA: Source IP Address.
Slow Path: When an ingress F-chip does not recognize a packet compared to its cache of known Flows, the packet is forwarded to the CPU to determine proper destination and ACL Rule assignment.