TCAM carving using API

Marian Rychtecky · ‎02-24-2022

Hi all,

we are facing an issue with TCAM carving using NX OS API. We cannot find an attribute for "hardware access-list tcam region ing-redirect 256". We know all the other attributes listed down below, but "ing-redirect". Can someone help us, please?

hardware access-list tcam region ing-racl 256
hardware access-list tcam region ing-l3-vlan-qos 256
hardware access-list tcam region egr-racl 1024
hardware access-list tcam region ing-ifacl 512
hardware access-list tcam region vacl 256
hardware access-list tcam region ing-redirect 256
hardware access-list tcam region egr-l2-qos 256
hardware access-list tcam region ing-pacl-sb 1024

This is what we are POSTing to set all the other parameters

POST /api/mo/sys/pltfm.json

{
    "platformEntity": {
        "children": [
            {
                "platformTcamRegion": {
                    "attributes": {
                        "vaclSize": 512
                    },
                    "children": [
                        {
                            "platformTcamRegionExtended": {
                                "attributes": {
                                    "egrL2QosSize": 256,
                                    "egrRaclSize": 1024,
                                    "ingIfaclSize": 512,
                                    "ingRaclSize": 512,
                                    "ingVlanQosSize": 256
                                }
                            }
                        }
                    ]
                }
            }
        ]
    }
}
----
{
    "imdata": [
        {
            "warning": {
                "attributes": {
                    "text": "Please resolve if any fault arised, by checking the cfgFault/cfgFaultBmpproperty in platformTcamRegion MO. \nPlease save config and reload the system for the configuration to take effect\n"
                }
            }
        }
    ]
}

Thank you Marian

Alexander Stevenson · ‎03-04-2022

Hi @Marian Rychtecky,

I'm not an NX-API expert but I went searching with a fresh set of eyes in order to find something which may be of help.

I'm curious if you've tried using the NX-API Developer Sandbox to convert all the CLI commands, including hardware access-list tcam region ing-redirect 256, into a REST payload.

According to the section Configuring ACL TCAM Region Sizes of the Chapter: Configuring IP ACLs of the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x, the hardware access-list tcam region command changes the ACL TCAM region size and ing-redirect is one of the available regions:

"ing-redirect—Configures the size of the redirect TCAM region for DHCPv4 relay, DHCPv4 snooping, and DHCPv4 client (Cisco Nexus 9200 switches only)."

Some other useful notes from that section:

"Once you apply a template (using Using Templates to Configure ACL TCAM Region Sizes), the hardware access-list tcam region command in this section will not work. You must uncommit the template in order to use the command.
The hardware access-list tcam region command for the Multicast PIM Bidir feature is applicable only to the Broadcom-based Cisco Nexus 9000 Series switches.
For information on configuring QoS TCAM carving, see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide."

I hope this help!

Marian Rychtecky · ‎04-22-2022

Hi all,

long story short - this command is not implemented in the API. We had to move all TCAM carving configuration statements to the "bootstrap" configuration (our minimum manual config when the switch is new). Another reason was no option to save configuration uploaded via API to switch from CLI, when TCAM carving is part of the API calls.

host# copy run startup-config
[########################################] 100%
Configuration update aborted: request was aborted