[c-nsp] ACL TCAM LOU exhaustion on 7600 running 15.1 code
Saku Ytti
saku at ytti.fi
Mon May 5 14:36:53 EDT 2014
On (2014-05-05 10:49 -0600), John Neiberger wrote:
Hi John,
> My first thought was TCAM. I checked "show platform hardware capacity acl"
> and saw that LOUdst was at 100% with the ACL applied, but it was at 81%
> with the ACL removed.
> Do any of you have any experience with this? What would be the expected
> outcome of running out of LOU space in the ACL TCAM?
Not sure really what is the expected, maybe new entries overflow old entries
and old ACLs go to software.
But regardless what the failure mode is, you're not going to want it, so you
want to keep below limits.
IIRC LUA is not used for port match, it is only used for port-ranges (ge, le
are port ranges too).
Reusing ranges shouldn't waste new LOU, so you might want to try to redesign
the ACL so that you try to reuse existing set of LOUs.
Say you have 500-600 and 500-700 already and you need now 500-700, it makes
more sense to add two rules with existing ranges than waste new LOU.
--
++ytti
More information about the cisco-nsp
mailing list