TC Filtering Requirements
Currently the resources of the Intel® Ethernet 800 Series Network Controllers support a deterministic number of TC filter types per packet profile, determined by the size of the fields used in the filter types.
For most implementations, filter requirements are not a restriction on implementation.
Profiles
Packet processing profiles are defined by a set of protocols (for example, IPv4 outer IP + TCP port or IPv4 Outer IP, IP tunnel, IPV6 Inner IP). Each profile has a specific number of chain resources available globally per device (see table). Rules can be associated with more than one profile, but a rule must contain all the requested protocols in the profile to be associated. Therefore, having more specific rules narrows which profiles are associated. If any of the associated profiles do not have enough chain resources, the entire rule cannot be added.
For example, if you create a rule that looks only at outer IPv4 source address, every profile that has an outer IPV4 source field must contain enough chain resources, or the rule is not added.
The E810 supports the following packet processing profiles, with chain resources per profile per device in the following table.
| No Tunnel | UDP Tunnel (VXLAN), IPv4 Inner | IP Tunnel (GRE), IPv4 inner | UDP Tunnel (VXLAN), IPv6 Inner | IP Tunnel (GRE), IPv6 Inner | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| IPv4 Outer | TCP UDP Other | 26 26 28 | TCP UDP Other | 11 11 13 | TCP UDP Other | 11 11 13 | TCP UDP Other | 5 5 7 | TCP UDP Other | 5 5 7 |
| IPv6 Outer | TCP UDP Other | 14 14 16 | TCP UDP Other | 17 17 19 | TCP UDP Other | 17 17 19 | TCP UDP Other | 5 5 7 | TCP UDP Other | 5 5 7 |
TC Filter Resource Examples
A recipe is determined by the filter protocol fields, not the values of those fields. Multiple filters can be created with the same recipe, just varying values of the components.
Thus, multiple filters can be added on the same device that uses the same recipe (and requires no additional recipe resources), either on the same interface or on different interfaces on the device. Each filter uses the same fields for matching, but can have different match values.
Example: IPv4 Profile
Recipes = 54
Chain resources for TCP profile = 26
"${pathtotc}/tc filter add dev $iface protocol ip ingress prio 1 \ flower ip_proto tcp dst_port $app_port skip_sw hw_tc 1 Dest MAC ... ... TCP Dest Port Dest MAC (3 Words) + TCP Port (1 word) = 4 words (1 standard recipe slot)
# chain resources = 0
# recipes = 1
Recipes remaining = 53
Chain resources = 26
"${pathtotc}/tc filter add dev $iface protocol ip ingress prio 1 \ flower ip_proto tcp src_port $app_port skip_sw hw_tc 1 Dest MAC ... ... TCP Src Port Dest MAC (3 Words) + TCP Port (1 word) = 4 words (1 standard recipe slot)
# chain resources = 0
# recipes = 1
Recipes remaining = 52
Chain resources = 26
"${pathtotc}/tc filter add dev $iface protocol ip ingress prio 1 \ flower dst_ip $ipaddr/32 ip_proto tcp dst_port $app_port skip_sw hw_tc 1 Dest MAC ... ... TCP Dest Port IPv4 Dest IP ... Dest MAC (3 Words) + TCP Port (1 word) + IPv4 IP (2 words) = 6 words
# chain resources = floor[(6-1)/4]+1= 2
# recipes = 3
Recipes remaining = 49
Chain resources = 24
If you try to add another IPv4 profile filter recipe, such as:
| Dest MAC | ... | ... | TCP Src Port | IPv4 Src IP | ... |
Dest MAC (3 Words) + TCP Port (1 word) + IPv4 IP (2 words) = 6 words
# chain resources = floor[(6-1)/4]+1= 2
# recipes = 3
Recipes remaining = 46
Chain resources remaining = 22
Result: As expected, there are enough resources for all desired filter combinations.