[c-nsp] TCAM troubles on 3750 stack

Saku Ytti saku+cisco-nsp at ytti.fi
Sat Apr 29 12:47:26 EDT 2006 

On (2006-04-29 14:52 +0300), Saku Ytti wrote:
 
> LAB-SW1(config)#ipv6 unicast-routing 
> LAB-SW1(config)#^Z
> LAB-SW1#show platform tcam table mac-address detail | i 0006\.03
> LAB-SW1#conf term
> Enter configuration commands, one per line.  End with CNTL/Z.
> LAB-SW1(config)#int vlan2
> LAB-SW1(config-if)#ipv6 address 2001:6e9::1/64
> LAB-SW1(config-if)#^Z
> LAB-SW1#show platform tcam table mac-address detail | i 0006\.03
> LAB-SW1#ping 2001:6e9::1
> 
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2001:6E9::1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
> LAB-SW1#show platform tcam table mac-address detail | i 0006\.03
>   macAddress:                   0006.03BD.CC18
> LAB-SW1#
> 
> I think this supports my suspicions, cisco is uing 0006.03 as some
> sort of hack in rewrite information to signal IPv6 rewrite. It
> only appears once you've passed IPv6 traffic.
> Most probably this is not relevant to problem you're experiencing, but
> quite interesting nevertheless.

Continued this bit further and I added 6400 IPv6 addresses to SVI, which
amazingly SVI ate without issues (NVGEN just can't display it, but
they are there).

My tcam utilization before:
 IPv4 IGMP groups:                             144/1152          7/27
 IPv4 unicast indirectly-connected routes:     144/1152         12/61
 IPv6 unicast directly-connected routes:       672/5376         22/103
 IPv6 unicast indirectly-connected routes:     128/1024         12/42

My tcam utilization after:
 Unicast mac addresses:                        672/5376        419/3281  
 IPv4 unicast directly-connected routes:       672/5376        419/3281  
 IPv6 Multicast groups:                        672/5376        419/3281  
 IPv6 unicast directly-connected routes:       672/5376        419/3281  

So what I believe is happening, is that the MAC address 0006.03 is indeed
some kind of hack that 1) has part of the forwarding information 2) has
link to further forwarding information. I guess another example of
'tcam lookup abuse/trickery' as a method of delivering IPv6 with very
limited hardware capabilities and resources.

-- 
  ++ytti

More information about the cisco-nsp mailing list