[c-nsp] Cat 6500 - uRPF - FIB TCAM

Tim Stevenson tstevens at cisco.com
Tue Aug 14 20:03:10 EDT 2012 

At 04:50 PM 8/14/2012, Brandon Applegate vociferated:
>Hello,
>
>I know this has been mentioned over the years here and there, but I 
>don't know that I fully understand the exact behavior.  I've always 
>read 'urpf halves your tcam...'.


It applies only to sup2. Sup720 & later don't suffer this limitation.


>   So this only applies to the interface on which it's configured, correct ?

No. If you turn on uRPF check on sup2 on any interface, the available 
FIB TCAM for IP prefixes becomes 50% of what it is without uRPF check.


>So for example, in a single switch with the full routing table 
>(using ipv4 for examples, and using simple even numbers not counting 
>any built-in entries):
>
>uplink 1 - 400k routes
>uplink 2 - 400k routes
>
>customer interface 1 - 2 routes
>customer interface 2 - 2 routes
>
>So this is 400,004 entries.  Adding (strict) urpf to the customer 
>interfaces (not the uplinks) would make this 400,008 ?


Well this whole discussion is moot, since you're probably not using 
sup2, especially if you have 400K prefixes.


>I guess I'm just unsure of if urpf is added to a single interface 
>(even a customer interface with 1 or 2 prefixes) - does this have 
>some 'global' effect ?


You're probably confusing the sup2 limit described above, and the 
sup720 limitation that all interfaces w/uRPF check have to be in the 
same mode (strict or loose) and last configured wins.

Tim



>Thanks in advance.
>
>--
>Brandon Applegate - CCIE 10273
>PGP Key fingerprint:
>8779 B023 7637 CEC8 C5C6 4052 664D 7E08 3CBB 1739
>"SH1-0151.  This is the serial number, of our orbital gun."
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/




Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

More information about the cisco-nsp mailing list