[c-nsp] High interrupt CPU load on Cat3750, caused by ACL?

Johannes Resch jr at xor.at
Mon Mar 27 10:12:36 EST 2006 

Hi Tassos,

On Mon, March 27, 2006 16:56, Tassos Chatzithomaoglou said:
> I don't know much about the acls, but all these 3750 switches have a
> limitation
> on the number of routed interfaces; 8 if i'm right.

yep, thats what cisco says in their specs. however, I've seen 3750-stacks
with more than 30 SVIs working without issues, at much higher traffic
loads with interrupt CPU load of 10%.


> Also on 3550s you could use the following in order to find out more info
> about
> the tcam resource usage:
>
> 3550#sh tcam ?
>    inacl   Show Ingress ACL TCAM
>    outacl  Show Egress ACL TCAM
>    pbr     Show PBR TCAM
>    qos     Show Ingress QoS TCAM
>
> There is something similar on 3750s, "sh platform tcam", but CCO doesn't
> want to
> give more information about it :(

I think on 3750 it is this:

hostname#sh platform tcam utilization

CAM Utilization for ASIC# 0                      Max            Used
                                             Masks/Values    Masks/values

 Unicast mac addresses:                        784/6272         46/305
 IPv4 IGMP groups + multicast routes:          144/1152          6/26
 IPv4 unicast directly-connected routes:       784/6272         46/305
 IPv4 unicast indirectly-connected routes:     272/2176        264/2072
 IPv4 policy based routing aces:                 0/0             0/0
 IPv4 qos aces:                                512/512           6/6
 IPv4 security aces:                          1024/1024        119/119

Note: Allocation of TCAM entries per feature uses
a complex algorithm. The above information is meant
to provide an abstract view of the current TCAM utilization


hostname#sh platform tcam usage

=============================================================================
                                  TCAM Table
 TCAM / SSRAM Table            TCAM            SSRAM
                                Start   Size X    Start   Size Y
=============================================================================
 Local Forwarding Table:            0   1D00 1        0   1D00   4
 Local Learning Table:              0   1D00 1     7400   1D00   2
 Secondary Forwarding Table:     1880    D00 1     AE00    D00   8
 QoS Table:                      2580   1000 1    11600   1000   4
 ACL Table:                      3580   2000 1    15600   2000   4
 IPV6 Secondary Forwarding Tabl  7E40     C0 2    1D600     60   8
 IPV6 Classification Table:      7F00     80 2    1D900     40   4
 IPV6 ACL Table:                 7F80     70 2    1DA00     38   4
 Station Table:                     0      0 0    1DB00   1D00   4
 MAC Address Table:                 0      0 0    24F00   1800   8
 Multicast Expansion Table:         0      0 0    30F00    420   8
 VLAN List Table:                   0      0 0    34000    400  10
 Equal Cost Route Table:            0      0 0    33000     80  20

 X - Number of 144-bit TCAM entries per descriptor
 Y - Number of bytes per descriptor
=============================================================================

given this output, to me it seems the device has not yet reached its
TCAM-limits (the number of "IPv4 unicast indirectly-connected routes"
seems to be a bit tight, though).

regards,
-jr

More information about the cisco-nsp mailing list