Filter
Top Products
40
OOBM limitations
•sFlow: It is not possible to send sFlow samples to a collector over the OOBM port; sFlow must be captured
and sent in-band.
•OOBM futures: Features to be implemented in the future, though no time frame has been committed, include
IPv6 host capabilities, LLDP discovery, and ACLs.
•DNS resolution: Because the OOBM supports a separate IP stack, DNS resolution is separated from the in-
band plane.
Appendix B: Policy Enforcement Engine
The ProVision ASIC architecture used in the ProCurve 6600 Switch Series and the Switch 8200zl, 5400zl,
3500yl, and 6200yl Series brings a number of advanced capabilities to the network that offer a highly
reliable, robust environment that leads to increased network uptime, keeping overall network costs down. One
major feature is the ProVision Policy Enforcement Engine, which is implemented in the ProVision ASIC of each
interface module.
Policy Enforcement Engine benefits
The Policy Enforcement Engine has several benefits.
Granular policy enforcement
The initial software release on these products takes advantage of a subset of the full Policy Enforcement Engine
capabilities, which will provide a common front end for the user interface to ACLs, QoS, Rate Limiting, and
Guaranteed Minimum Bandwidth controls. Fully implemented in later software releases, the Policy Enforcement
Engine provides a powerful, flexible method for controlling the network environment. For example, traffic from
a specific application (TCP/UDP port) can be raised in priority (QoS) for some users (IP address), blocked (ACL)
for some other users, and limited in bandwidth (Rate Limiting) for still other users.
The Policy Enforcement Engine provides fast packet classification to be applied to ACLs and QoS rules and to
Rate Limiting and Guaranteed Minimum Bandwidth counters. Parameters that can be used include source and
destination IP addresses, which can follow specific users, and TCP/UDP port numbers and ranges, which are
useful for applications that use fixed-port numbers. More than 14 different variables can be used to specify the
packets to which ACL, QoS, Rate Limiting, and Guaranteed Minimum Bandwidth controls are to be applied.
Hardware-based performance
As mentioned earlier, the Policy Enforcement Engine is a part of the ProVision ASIC. The packet selection is
done by hardware at wire speed except in some very involved rules situations. Therefore, very sophisticated
control can be implemented without adversely affecting performance of the network.
Works with HP ProCurve Data Center Connection Manager ONE
HP Data Center Connection Manager ONE provides the centralized automation based on predetermined
server connection profiles that define network requirements for each physical and virtual server. The Data
Center Connection Manager ONE subscription request is sent down to the individual switch port and is used
to set up a server profile in the Policy Enforcement Engine so that the per-VM ACL, QoS, and Rate-Limiting
parameters can be used from the actual policy defined in Data Center Connection Manager ONE.
Wire-speed performance for ACLs
At the heart of the Policy Enforcement Engine is a memory area called the Ternary Content Addressable
Memory (TCAM) that is contained within the ProVision ASIC, along with the surrounding code for the Policy
Enforcement Engine.
It is this specialized memory area that helps the ProVision ASIC to achieve wire-speed performance when
processing ACLs for packets. In fact, multiple passes through the TCAM can be performed for packet sizes that
are found typically in customers’ production networks. For the typical network, the average packet size will tend
to be about 500 bytes. When maximum lookups are enabled, the ProVision ASIC performance is optimal for
an average packet length of 200 bytes or more, which includes the range of packet sizes in typical networks.