[j-nsp] EX switches and TCAM utilisation
William J Hulley
bill.hulley at gmail.com
Wed May 18 13:48:57 EDT 2011
Wonderful, thanks!
On 18 May 2011, at 18:42, Richard A Steenbergen wrote:
> On Wed, May 18, 2011 at 05:10:54PM +0100, William J Hulley wrote:
>> Hi,
>>
>> I'm using some EX3200s running 10.0S6.1 and developing a configuration
>> using filter based forwarding to policy route traffic between routing
>> instances.
>>
>> It's all working fine in the lab but I'm concerned about the potential
>> growth of the firewall policy and utilisation of the TCAM in
>> production and would obviously like to model the usage and monitor it.
>>
>> Are there any known supported/un-supported ways of getting useful
>> stats out of the box beyond just relying on syslog messages saying
>> there isn't enough cam?
>
> Drop into the fpc shell from root, like so:
>
> RE:0% vty fpc0
>
> BSD platform (MPC 8544 processor, 48MB memory, 0KB flash)
>
> PFEM0(vty)#
>
>
> Next you need to find the vendor ID for the platform, like so:
>
> PFEM0(vty)# show tcam vendor
> Vendor = internal_ch3_tcam Vendor_id = 1
>
> For EX8200 it's vendor id 6, for EX3200 it seems to be vendor id 1.
>
> Then you need to find the instance ID for the hardware you're looking
> for. On EX8200 I know instance 2 is used for GE cards, instance 4 is
> used for XE cards. On EX3200 there only seems to be instance 2 (as
> you'd expect):
>
> PFEM0(vty)# show tcam vendor 1 instances
>
> Vendor Instance Page Size
> --------------------------------------------
> internal_ch3_tcam 2 4
>
>
> So then to view the usage info for this vendor/instance:
>
> PFEM0(vty)# show tcam vendor 1 instance 2 rules
> Number of rules as Ingress PACL: 0
> Number of rules as Ingress VACL: 0
> Number of rules as Ingress RACL: 528
> Number of rules as Egress PCL: 135
>
> 528 Ingress RACL rules
>
> HW-index Page_id Entry_id rule_size fw_id Rule
> --------------------------------------------------------------------------------
> 6296 1574 0 2 27 AUTOFW-INVALID-PROTOCOLS.ext.0
> 6298 1574 2 2 27 AUTOFW-INVALID-PROTOCOLS.ext.1
> 6496 1624 0 2 27 AUTOFW-BORDER-FILTERED-PROTOCOLS.ext.0
> 6498 1624 2 2 27 AUTOFW-BORDER-FILTERED-PROTOCOLS.ext.1
> 6708 1677 0 2 27 AUTOFW-BORDER-LIMIT-IP-OPTIONS.ext.0
> 6710 1677 2 2 27 AUTOFW-BORDER-LIMIT-IP-OPTIONS.ext.1
> 6960 1740 0 2 27 AUTOFW-LIMIT-ICMP-ECHO.ext.0
> ...
>
> TCAM utilization: 1326(used), 12938(free), 14264(total)
>
> And there is your total tcam utilization above. Depending on code and
> platform it may show you a slightly different view, for example here is
> the utilization on an EX8200 running older 10.1 code:
>
> PFEM15(vty)# show tcam vendor 6 instance 4 rules
> Instance 4
> DB 0 Ingr PACL: 0/ 996 (current/max) rules. Util. 0.000%
> DB 1 Ingr VACL: 0/ 12288 (current/max) rules. Util. 0.000%
> DB 2 Ingr RACL: 410/ 32768 (current/max) rules. Util. 1.251%
> DB 3 Egr PACL: 0/ 1024 (current/max) rules. Util. 0.000%
> DB 4 Egr PCL1: 103/ 8188 (current/max) rules. Util. 1.258%
>
> But you get the gist. :)
>
> --
> Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list