[c-nsp] N7K tcam handling

Tim Stevenson tstevens at cisco.com
Tue Mar 9 12:10:55 EST 2010 

Hi Tim, please see inline below:

At 08:01 AM 3/9/2010, Tim Durack clamored:

>Anyone know if the N7K handles tcam exhaustion more gracefully than
>the 6500? (If you've lived through that experience, you'll know why
>I'm asking.)

Yes, it does. I say that because n7k will reject your configuration 
if it won't fit within the constraints of the hw resources. C6K will 
instead punt to software to let the RP CPU enforce the ACL (and you 
can probably guess the result - inband saturated & CPU pegged).

Other improvements on n7k WRT ACLs:
- we rarely "merge" polices, the ACL TCAM is carved bank-wise mostly 
on a per feature basis (you can "chain" the banks if you have enormous ACLs)
- also, we don't try a bunch of different merge "strategies" to try 
to make things fit, driving up the CPU util
- we have a verify/commit option using config sessions, ie, you make 
all your ACL changes in a "scratch" area, then use the verify cmd to 
make sure it will fit in the hardware. Only then do you commit it.
- we have atomic ACL commits, ie, non traffic disruptive by default 
(versus a "default result" (deny by default) on c6k while the old 
entries are removed & the new installed).

>Docs suggest the N7K is generally smarter about handling tcam than the
>6500. Or maybe NX-OS is smarter.

(IMHO,) yes, both. :P


>Heres an idea for Cisco: how about porting NX-OS to the 6500?

No committed plans.

>  Or
>release a new Sup that makes the C6K an N6.5K?

C6K will continue to evolve and they do have a roadmap to a new sup & fabric.

Hope that helps,
Tim


>I think you would make
>a lot of customers happy.
>
>--
>Tim:>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
><https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at 
><http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/




Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

More information about the cisco-nsp mailing list