Solved: ICAM treshold warning for Utilization of 100 percent for feature VLANs

filip.johannes.hansen · ‎10-27-2023

So for some.. random reason I have client whom has created all 3967 vlans on two pair of nexus switches, and I am getting the warning trheshold on this that its utilizaion 100 percent of the feature vlans

I get that he has reached maxim allowed vlans and the ICAM is triggering on it, but what I am trying to figure out what is the consequences of it? I mean you should able to utilize all vlans if that is what is wanted.. so just trying to get some understanding of the following alarms. and what happens over the long run

%ICAM-2-SCALE_THRESHOLD_EXCEEDED_CRIT: Utilization of 100 percent for feature VLANs is over the critical threshold.

and

%ICAM-2-SCALE_THRESHOLD_EXCEEDED_CRIT: Utilization of 100 percent for feature RPVST VLANs is over the critical threshold

f00z · ‎10-30-2023

I agree it is a bit silly of a 'critical alert', knowing that it can use all the vlans and then having an alarm when it does. The vlanports/virtualports/vports is the number to watch out for, once that reaches the limit you will run into a lot of problems. And even if STP is disabled, there's still a vlanports limitation somewhere (mdb or whatever table it uses, which isn't exposed on nexus afaik).

If you want to get rid of the alarm just change the threshold to something higher, but having all the vlans configured shouldn't hurt anything. (although you wouldn't be able to make a layer3 port with no reserved vlans left, and some other things)

View solution in original post

ericnich · ‎10-30-2023

Filip,

It's normal to get a syslog when you're at 100% of the threshold - it happens whether or not that's problematic. Most of our scalability limits (this one included) are "unidimensional." This means the quality assurance team verified the device works well with X of Y (in this case 3967 of VLANs) and basically nothing of anything else. Every environment is different, so the only way to know for sure is to check the device's performance yourself (or implement some kind of monitoring solution).

The purpose of the scalability guide is to provide general limits we recommend staying under, but the impact needs to be assessed on a case-by-case basis.

View solution in original post

filip.johannes.hansen · ‎11-05-2023

Thanks for clarifying a bit erinich. We wil be monitoring this and this is something that the customer has wanted to do. It is the impact that worries me a bit, but as you said and as assumed this should work as planned.

View solution in original post

f00z · ‎10-27-2023

It's just letting you know that it is used.. Shouldn't be a problem configuring them all, however there's also another limitation of how many vlanports you can have , which also depends on which STP implementation is running. Also depends on which switch model it is.

I'd verify with show icam scale l2-switching.

filip.johannes.hansen · ‎10-30-2023

So I agree that its letting me know that its used.. but would you really get an alarm telling you that you have reached the treshold without it having any side effects on for instance performance?

this is on a nex 93240YC-FX2

ericnich · ‎10-30-2023

Filip,

It's normal to get a syslog when you're at 100% of the threshold - it happens whether or not that's problematic. Most of our scalability limits (this one included) are "unidimensional." This means the quality assurance team verified the device works well with X of Y (in this case 3967 of VLANs) and basically nothing of anything else. Every environment is different, so the only way to know for sure is to check the device's performance yourself (or implement some kind of monitoring solution).

The purpose of the scalability guide is to provide general limits we recommend staying under, but the impact needs to be assessed on a case-by-case basis.

filip.johannes.hansen · ‎11-05-2023

Thanks for clarifying a bit erinich. We wil be monitoring this and this is something that the customer has wanted to do. It is the impact that worries me a bit, but as you said and as assumed this should work as planned.

f00z · ‎10-30-2023

I agree it is a bit silly of a 'critical alert', knowing that it can use all the vlans and then having an alarm when it does. The vlanports/virtualports/vports is the number to watch out for, once that reaches the limit you will run into a lot of problems. And even if STP is disabled, there's still a vlanports limitation somewhere (mdb or whatever table it uses, which isn't exposed on nexus afaik).

If you want to get rid of the alarm just change the threshold to something higher, but having all the vlans configured shouldn't hurt anything. (although you wouldn't be able to make a layer3 port with no reserved vlans left, and some other things)

filip.johannes.hansen · ‎11-05-2023

F00z thats the part that gets me "critical" as a warning yes.. to inform you that it has happend.. when I am thinking critical am thinking it will have major impact.. still I know that we can change the scale here so at least the logs wont be filled up. Will talk to the customer regarding the layer 3 ports. For the case they are working on it might be not be happening but for future things afew vlans saved up could be a good thing