HP ProCurve Switch 5300xl Series Reviewer’s Guide
2.4.5 End-to-End QoS
QoS capabilities in the switch allow it to deal with two different concerns that arise in Ethernet
networks: congestion control and latency. In the past, controlling traffic congestion was viewed as the
primary reason for QoS. But with Ethernet prices dropping substantially year after year it has been
easier and lower cost to deal with congestion, at least in the local LAN, by increasing the bandwidth
available to traffic through higher speed connections.
While QoS for congestion control in the local LAN has had marginal value, the ability of QoS to deal
with applications that are sensitive to varying latencies through a network is of value. Delay sensitive
applications depend on isochronous, or time-dependent, data. Applications of this type include VoIP,
streaming voice or video, data storage backups, or network control in the form of SNMP packets,
Spanning Tree BDPU packets, etc.
When trying to make overall packet latency as low as possible or minimize latency jitter, end-to-end
control becomes important. The 802.1p priority specification that is contained in each tagged packet,
as well as the DSCP, can provide this end-to-end continuity. As the packet travels from source to
destination, it is given the proper priority in each switch it travels through based on its 802.1p value.
The HP ProCurve Switch 5300xl Series maintain the 802.1p tags across routed interfaces, allowing end-
to-end QoS in routed environments.
The DSCP can also be used for QoS categorization of the packet. The HP ProCurve Switch 5300xl
Series can assign priorities based on the DSCP. Packets that are not 802.1p tagged can nonetheless
have a priority assigned to them through the DSCP alone.
The ability of the HP ProCurve Switch 5300xl Series to control not only the 802.1p priority, but also
read and/or re-write the DSCP bits to set QoS policy provides the network manager with an even finer
degree of control. Priority can be tailored to specific areas of the network, and the DSCPs can be used
eventually for parts of QoS policy other than priority. There is also room in the DSCP definition for
new QoS services that have not yet been defined.
2.5 Security
2.5.1 Filtering
2.5.1.1 ACLs – Access Control Lists
When routing is turned on across Layer 3 interfaces, all routable packets are allowed across these
interfaces. Selectively filtering the packets that can flow across these interfaces is useful for security or
bandwidth control purposes. Filtering at Layer 3 is done through ACLs, Access Control Lists.
A single complete filter statement, the ACL, is comprised of one or more ACEs, Access Control Entries.
An ACE statement can permit or deny a packet based on it’s:
•
Source and/or destination IP address or IP subnet
•
Source and/or destination TCP/UDP port number with less than, greater than, equal, not equal
or number range. Being able to specify less than, greater than, etc. can save a lot of ACEs trying
to bound a group of port numbers and is not found in some competitors’ ACL implementations.
•
IP protocol (IP, TCP, UDP)
Each static VLAN on the 5300 can have one inbound and one outbound ACL defined. The 5300 can have
up to 99 Standard ACLs, which are defined as ACLs that are based only on source IP addresses. The
5300 can also have up to 99 Extended ACLs, which are defined as ACLs based on any of the other
parameters listed above. Up to a total of 1024 ACEs can be used to specify the 5300 ACLs.
The order of the ACEs within the ACL is important. When processing an ACL, the 5300 starts with the
first ACE in the ACL and will continue to work through the list of ACEs, in order, until the packet
matches the condition set forth in a particular ACE. At that point any further ACEs in the ACL are
© Hewlett-Packard Co. 2002, 2003
Rev 1.1 – 2/11/2003
http://www.hp.com/go/hpprocurve
Page 19 of 35
Summary of Contents for 5300
Page 34: ......