Wednesday, October 30, 2019

Cisco Nexus 9300 TCAM carving

I have Cisco Nexus C9396PX L3 switch and i have configured bunch of ACL (inbound) on it to deny/permit traffic. now if i am trying to add more ACL then getting error that your TCAM table is full. here is the output of tcam

If you noticed line "Ingress IPv4 RACL 259 253 50.59" It is for L3 ACL and reach to 50% utilization but still i have 50% free so why i am not able to add more rules? one thing i noticed its Ingress so may be possible i used up all Ingress entries and now whatever else which is for egress.. am i right?

Let's say i am not using any L2 function on switch and want to give VACL tcam size to RACL does that possible?

swt-c9396PX# show hardware access-list resource utilization slot 1 ======= INSTANCE 0x0 ------------- ACL Hardware Resource Utilization (Mod 1) ---------------------------------------------------------- Used Free Percent Utilization ------------------------------------------------------------------- Ingress IPv4 PACL 3 509 0.59 Ingress IPv4 Port QoS 4 252 1.56 Ingress IPv4 VACL 2 510 0.39 Ingress IPv4 RACL 259 253 50.59 Egress IPv4 VACL 3 509 0.59 Egress IPv4 RACL 3 253 1.17 SUP COPP 205 51 80.08 SUP COPP Reason Code TCAM 6 122 4.69 Redirect 2 510 0.39 VPC Convergence 1 255 0.39 sFlow Northstar ACL 0 256 0.00 LOU 2 22 8.33 Both LOU Operands 2 Single LOU Operands 0 LOU L4 src port: 1 LOU L4 dst port: 1 LOU L3 packet len: 0 LOU IP tos: 0 LOU IP dscp: 0 LOU ip precedence: 0 LOU ip TTL: 0 TCP Flags 0 16 0.00 Protocol CAM 2 244 0.81 Mac Etype/Proto CAM 0 14 0.00 L4 op labels, Tcam 0 0 1023 0.00 L4 op labels, Tcam 2 1 62 1.58 L4 op labels, Tcam 6 0 2047 0.00 Ingress Dest info table 0 512 0.00 Egress Dest info table 0 512 0.00 INSTANCE 0x1 ------------- ACL Hardware Resource Utilization (Mod 1) ---------------------------------------------------------- Used Free Percent Utilization ------------------------------------------------------------------- Ingress NS IPv4 Port QoS 1 255 0.39 Ingress NS IPv4 L3 QoS 1 255 0.39 Ingress NS IPv4 VLAN QoS 1 255 0.39 LOU 0 24 0.00 Both LOU Operands 0 Single LOU Operands 0 LOU L4 src port: 0 LOU L4 dst port: 0 LOU L3 packet len: 0 LOU IP tos: 0 LOU IP dscp: 0 LOU ip precedence: 0 LOU ip TTL: 0 TCP Flags 0 16 0.00 Protocol CAM 0 246 0.00 Mac Etype/Proto CAM 0 14 0.00 


No comments:

Post a Comment