Take you in-depth study of switch FFP technology
The switch FFP (Fast Filter Processor) technology provides advanced multi-layer switching, message classification and wire-speed processing functions. It can perform wire-speed analysis and classification of messages based on protocols or bytes, with a message analysis depth of 80 or 128 words. Section, widely used in various flow-based message classification, filtering and mirroring applications, such as: QOS (Quality of Service), ACL (AccessControl Lists), DSCP (DifferenTIatedServices Codepoint), etc.
Principle introduction
In general, FFP hardware engines are composed of the components shown in Figure 1: 
Its main function is to classify and filter the data flow when it passes through the network device, and check the data flow input or output from the specified interface, allowing it to pass (Permit), discard (Deny) or take other actions according to the matching conditions (CondiTIons) Strategies, to achieve the purpose of restricting certain types of communication data in the network, restricting users or using devices on the network. We realize various ACL technologies through this characteristic of FFP to meet the needs of various applications.
The functions and working principles of each component are introduced below:
Field parser
It is used to obtain various specified fields from the data streams of various sources, that is, matching fields, such as the source MAC address, destination MAC address, source IP and other fields of the packet. Before the packet analysis, the field needs to be set in advance. It is used to identify and classify the message, and then start to parse the message, encapsulate the parsed matching field into KEY and send it to the search and matching engine.
Among them, data streams from various sources include message streams and various hardware detection information (such as: message type, input physical port, HIT in the address table, etc.).
Find matching engines
The search matching engine is composed of a certain number of TCAM entries. We refer to TCAM entries as matching rules. Before matching, it is necessary to declare the matching conditions in advance and set the content in the matching rules. The matching rules target the source address of the data stream, Target address, upper layer protocol and other fields. The matching rule generally consists of two parts: the matching content and the mask. The matching process is to compare the input KEY and the mask, and then compare the matching result with the matching content. If the comparison result is the same, the match is successful, for example : Configure an ACE as follows:
permit 192.168.1.0 0.0.0.255,
Then the match content of this entry is 192.168.1.0, and the mask is 255.255.255.0. At this time, the source IP of the input message (analyzed by the field parser) and the mask are compared. If the result is equal to 192.168.1.0, the message can pass, that is, the message of the 192.168.1.0/24 network segment can pass .
After setting the matching rule, compare the received KEY with the matching rule one by one, check whether the packet matches a certain matching rule, and return the offset of the matching rule (HIT entry).
Action Strategy Engine
The action strategy engine is composed of a certain number of strategy entries. The strategy entries correspond to the matching rules one by one. When a matching rule in the search matching engine is matched, the offset of the matching rule is returned. According to this offset value, You can find the policy entry corresponding to the matching rule and execute the pre-set actions in the policy entry. Similarly, we need to declare the corresponding behavior after satisfying a certain rule match.
The actions supported by the action policy engine include: forwarding, discarding, redirecting, mirroring, sending CPU, changing packet priority, etc. There are large differences in actions supported by different products.
Measurement and statistics engine
After the action strategy entry is put on the HIT, it will trigger the measurement and statistics engine. The action strategy entry specifies the index of the meter entry and counter entry to be used. Various attributes of the meter entry and counter entry are also reported. The pre-setting is completed before the text analysis and filtering.
In general, the search matching engine, action strategy engine, and metric statistics engine are called a slice. Some products support multiple slices, and some products share a slice globally.
In general, the entries in the search matching engine, action strategy engine, and metric statistics engine are one-to-one correspondence. A matching rule, strategy entry, and their corresponding statistical metric entries are called an entry.
Action Arbitration Engine
The action arbitration engine collects the action strategy information generated by all matching entries, including the action strategy and meter result. All non-conflicting actions are executed. For conflicting actions, arbitration is performed according to priority, and high-priority actions are executed.
Stylus Pen Tip,Stylus Pencil Tip,Carbon Fiber Pen Tip,Carbon Fiber Stylus Pen Tip
Shenzhen Ruidian Technology CO., Ltd , https://www.wisonens.com