Preface

Access control list ACL Understand or simply understand the working mechanism of , Summarize the recent snail progress .

1 ACE

Access control ACL It is a feature supported by layer 3 switch for network security , It's made up of a series of rules , Each rule is called ACE（Access Control Entry）.ACE The basic format is as follows ：

On the second floor ACE Format

• DMAC： Purpose MAC Address
• SMAC： Source MAC Address
• VLANID： Belongs to ID Number
• COS：802.1Q User priority
• TYPE： Three layer agreement No
• ACT-PTR： action , The license / discarded

Three layers ACE Format

• DIP： Purpose IP Address
• SIP： Source IP Address
• PROTOCOL： Layer 4 agreement No
• DPORT： Destination port
• SPORT： Source port
• ACT-PTR： action , The license / discarded

Huawei instance

3 Working mechanism

Access control ACL The main functions include ： flow control 、 Filter firewall 、NAT Network address translation 、QoS Data classification and routing strategy filtering .

working principle

When the network device receives a message , If flow control is not activated on the access port , The message is directly submitted to the network device forwarding process for processing ; If... Is started at the access port ACL flow control , Send the message to the inbound switch for speed restriction . The switch tries to match the message with the condition of the first rule in the access control list , If the message information meets the conditions of this rule , It is said that the message hit this rule , Execute the action set by the rule , If the action is permit, The switch allows the message to pass through the device , Submit it to the device forwarding process for speed limit processing ; If the action is deny, The switch discards the message . If the message does not meet the conditions of this rule , Continue to try to match the condition of the next rule , Until the match is successful , If the message information does not meet the conditions of any rule , The default operation is performed （permit/deny）.

flow chart

summary

I feel I'm still learning very shallow , Keep trying .

reference

Switch CPU Design and implementation of flow control —— Cao Lin
Aerospace business network TCP Research and application of flow control —— Sun Fangwei