TCAM utilization on Nexus 9396
Tim Stevenson (tstevens)
tstevens at cisco.com
Wed Mar 20 16:31:12 EDT 2019
Please check the config guide. I am not as familiar w/the 1st gen switches as 2nd gen, but there should be at least some level of reconfigurability of the regions in gen 1. So you may be able to size up the region you want by removing entries from some other region.
Yes, region resizing requires a switch reboot.
Tim
-----Original Message-----
From: Satish Patel <satish.txt at gmail.com>
Sent: Wednesday, March 20, 2019 12:12 PM
To: Tim Stevenson (tstevens) <tstevens at cisco.com>
Cc: Cisco Network Service Providers <cisco-nsp at puck.nether.net>; Nick Cutting <ncutting at edgetg.com>
Subject: Re: TCAM utilization on Nexus 9396
Thanks for clarification, i have noticed when i add 1 rules number
bump +1 but i believe you can't go above 510 right? that is hard limit
if i am not wrong.
also changing in resource required reload.
On Wed, Mar 20, 2019 at 2:07 PM Tim Stevenson (tstevens)
<tstevens at cisco.com> wrote:
>
> Yes, ACL lines consume space in the TCAM. TCAM can be recarved according to the features in use/required.
>
> As long as the policy fits in the available TCAM space for that feature (software will complain and fail your config if it won't), enforcement is at full rate, no performance penalty for that.
>
> Tim
>
> -----Original Message-----
> From: Satish Patel <satish.txt at gmail.com>
> Sent: Wednesday, March 20, 2019 10:46 AM
> To: Cisco Network Service Providers <cisco-nsp at puck.nether.net>; Nick Cutting <ncutting at edgetg.com>; Tim Stevenson (tstevens) <tstevens at cisco.com>
> Subject: TCAM utilization on Nexus 9396
>
> Folks and ( Tim/Nick )
>
> I have Cisco Nexus 9396 L3 switch and running bunch of ACL ( IPv4
> Access-list to block certain traffic ) today i was reading about TCAM
> and when i look at switch i found following utilization, so trying to
> understand how ACL relationship with TCAM.
>
> - Does number of ACL impact TCAM utilization or traffic ?
>
>
> # show hardware access-list resource utilization
>
> slot 1
> =======
>
>
>
> INSTANCE 0x0
> -------------
>
>
> ACL Hardware Resource Utilization (Mod 1)
> ----------------------------------------------------------
> Used Free Percent
> Utilization
> -------------------------------------------------------------------
> Ingress IPv4 PACL 3 509 0.59
> Ingress IPv4 Port QoS 4 252 1.56
> Ingress IPv4 VACL 2 510 0.39
> Ingress IPv4 RACL 226 286 44.14
> Egress IPv4 VACL 3 509 0.59
> Egress IPv4 RACL 3 253 1.17
> SUP COPP 205 51 80.08
> SUP COPP Reason Code TCAM 6 122 4.69
> Redirect 2 510 0.39
> SPAN 21 235 8.20
> VPC Convergence 1 255 0.39
>
> LOU 2 22 8.33
> Both LOU Operands 2
> Single LOU Operands 0
> LOU L4 src port: 1
> LOU L4 dst port: 1
> LOU L3 packet len: 0
> LOU IP tos: 0
> LOU IP dscp: 0
> LOU ip precedence: 0
> LOU ip TTL: 0
> TCP Flags 0 16 0.00
>
> Protocol CAM 2 244 0.81
> Mac Etype/Proto CAM 0 14 0.00
>
> L4 op labels, Tcam 0 0 1023 0.00
> L4 op labels, Tcam 2 1 62 1.58
> L4 op labels, Tcam 6 0 2047 0.00
>
> Ingress Dest info table 0 512 0.00
>
> Egress Dest info table 0 512 0.00
More information about the cisco-nsp
mailing list