04-01-2013 08:56 AM
I am curious as to the reason(s) why NOS v3.0.1 (the current release as of today) only supports ACL Ingress filtering on an interface.
Please explain the benefits of only supporting Ingress filtering.
04-01-2013 09:46 AM
There are obviously no benefits to only supporting only ingress ACLs vs both ingress/egress ACLs. The enforcement of ACLs on the VDX platform (other then the VDX-8770 which supports egress ACLs) are done in hardware, so if egress ACL support doesn't exist, this is a hardware design that will not be addressed in a software (NOS) release. Now the 'why' doesn't necessarily matter as it doesn't change the fact that egress ACL's are not available (at this time). What I can say is the up and coming 2nd generation VDX platform will include egress ACL support.