[c-nsp] N7K tcam handling
Tim Durack
tdurack at gmail.com
Tue Mar 9 12:31:22 EST 2010
On Tue, Mar 9, 2010 at 12:10 PM, Tim Stevenson <tstevens at cisco.com> wrote:
> Yes, it does. I say that because n7k will reject your configuration if it
> won't fit within the constraints of the hw resources. C6K will instead punt
> to software to let the RP CPU enforce the ACL (and you can probably guess
> the result - inband saturated & CPU pegged).
>
> Other improvements on n7k WRT ACLs:
> - we rarely "merge" polices, the ACL TCAM is carved bank-wise mostly on a
> per feature basis (you can "chain" the banks if you have enormous ACLs)
> - also, we don't try a bunch of different merge "strategies" to try to make
> things fit, driving up the CPU util
> - we have a verify/commit option using config sessions, ie, you make all
> your ACL changes in a "scratch" area, then use the verify cmd to make sure
> it will fit in the hardware. Only then do you commit it.
> - we have atomic ACL commits, ie, non traffic disruptive by default (versus
> a "default result" (deny by default) on c6k while the old entries are
> removed & the new installed).
Good to know. I was actually thinking more along the lines of: BGP
peering, missing max-prefix, provider dumps 300k routes on me. What
does the N7K do? (Unfortunately I know what a 6500 does.)
>> Heres an idea for Cisco: how about porting NX-OS to the 6500?
>
> No committed plans.
Too bad.
>> Or
>> release a new Sup that makes the C6K an N6.5K?
>
> C6K will continue to evolve and they do have a roadmap to a new sup &
> fabric.
Good. Hopefully it will have a 2010 generation CPU rather than
something closer to Y2K.
Cisco is a business and has to make decisions accordingly. However,
based on market penetration of the 6500, I would suggest Cisco is
missing a big opportunity to sell a lot of Sup/Linecard upgrades to
lots of loyal customers.
> Hope that helps,
> Tim
>
>
>> I think you would make
>> a lot of customers happy.
>>
>> --
>> Tim:>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>
>> <https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at
>> <http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
> Tim Stevenson, tstevens at cisco.com
> Routing & Switching CCIE #5561
> Technical Marketing Engineer, Cisco Nexus 7000
> Cisco - http://www.cisco.com
> IP Phone: 408-526-6759
> ********************************************************
> The contents of this message may be *Cisco Confidential*
> and are intended for the specified recipients only.
>
>
--
Tim:>
More information about the cisco-nsp
mailing list