CAM (Content Addressable Memory) VS TCAM (Ternary Content Addressable Memory)
CAM VS TCAM
Multilayer switches forward frames and packets at wire speed by using ASIC hardware. Specific Layer 2 and Layer 3 components, such as routing tables or Access Control Lists (ACLs), are cached into hardware. Routing, switching, ACL and QoS tables are stored in a high-speed table memory so that forwarding decisions and restrictions can be made in high-speed hardware. Switches perform lookups in these tables for result information, such as to determine whether a packet with a specific destination IP address is supposed to be dropped according to an ACL.
Cisco Catalyst switches deploys these memory tables using specialized memory architectures, referred to as CAM and TCAM.
CAM (Content Addressable Memory)
CAM stands for Content Addressable Memory which is a special type of memory used by Cisco switches. In the case of ordinary RAM the IOS uses a memory address to get the data stored at this memory location, while with CAM the IOS does the inverse. It uses the data and the CAM returns the address where the data is stored. Also the CAM is considered to be faster than the RAM since the CAM searches the entire memory in one operation.
CAM tables provide only two results: 0 (true) or 1 (false). CAM is most useful for building tables that search on exact matches such as MAC address tables. The CAM table is the primary table used to make Layer 2 forwarding decisions. In the case of Layer 2 switching tables, the switch must find an exact match to a destination MAC address or the switch floods the packet out all ports in the VLAN.
The table is built by recording the source address and inbound port of all frames. As frames arrive on switch ports, the source MAC addresses are learned and recorded in the CAM table. The port of arrival and the VLAN are both recorded in the table, along with a timestamp. If a MAC address learned on one switch port has moved to a different port, the MAC address and timestamp are recorded for the most recent arrival port. Then, the previous entry is deleted. If a MAC address is found already present in the table for the correct arrival port, only its timestamp is updated.
When a frame arrives at the switch with a destination MAC address of an entry in the CAM table, the frame is forwarded out through only the port that is associated with that specific MAC address. The information a switch uses to perform a lookup in a CAM table is called a key. For example, a Layer 2 lookup would use a destination MAC address and a VLAN ID as a key.
To view the contents of the CAM table, you can use the following EXEC command:
Switch# show mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id]The entries that have been dynamically learned will be shown. You can add the address keyword to specify a single MAC address, or the interface or vlan keywords to see addresses that have been learned on a specific interface or VLAN.To see the CAM table's size, use the show mac address-table count command.
The problem with CAM is that it can only do exact matches on ones and zeros (binary CAMs), and here comes TCAM.
TCAM (Ternary Content Addressable Memory)
TCAM stands for Ternary Content Addressable Memory which can match a third state, which is any value. This makes TCAM a very important component of Cisco Layer 3 switches and modern routers, since they can store their routing table in the TCAMs, allowing for very fast lookups, which is considerably better than routing tables stored in ordinary RAM. TCAM is a specialized CAM designed for rapid table lookups.
TCAM provides three results: 0, 1, and "don't care." TCAM is most useful for building tables for searching on longest matches such as IP routing tables organized by IP prefixes. The TCAM table stores ACL, QoS and other information generally associated with upper-layer processing. As a result of using TCAM, applying ACLs does not affect the performance of the switch.
Most switches have multiple TCAMs so that both inbound and outbound security, as well as QoS ACLs, can be evaluated simultaneously or entirely in parallel with a Layer 2 or Layer 3 forwarding decision.
The term VMR (Value, Mask and Result) refers to the format of entries in TCAM. The "value" in VMR refers to the pattern that is to be matched; examples include IP addresses, protocol ports, DSCP values, and so on. The "mask" refers to the mask bits associated with the pattern and determines the prefix. The "result" refers to the result or action that occurs in the case where a lookup returns a hit for the pattern and mask.
This result might be a "permit" or "deny" in the case of a TCAM for ACLs, values for QoS policies in case of QoS or a pointer to an entry in the hardware adjacency table that contains the next-hop MAC rewrite information in the case of a TCAM used for IP routing.
To see the current TCAM resource usage, use the show tcam counts EXEC command. To see the current TCAM partitioning, you can use the show sdm prefer EXEC command.
Most of the traditional Layer 2 Cisco switches has only CAM for Layer 2 switching, while some Layer 2 Cisco switches has TCAM for QoS and not for routing, while layer 3 switches has the routing TCAM. CAM and TCAM are the most important parts of the so called ASICs that Cisco switches leverage for line-speed fast switching.
Catalyst switch architecture supports the ability to perform multiple lookups into multiple distinct CAM and TCAM regions in parallel. As a result of this ability to perform multiple lookups simultaneously, Catalyst switches do not suffer any performance degradation by enabling additional hardware-switching features such as QoS and IP ACL processing.
I have a two-port router and external switch. One router interface is configured with the WAN information. The other interface has the LAN information, including dot1Q VLANs, and some firewall rules. Plug the LAN-side cable into a switch, configure ...
Its a ws-c3850-48tMy member 4 and 3 are stuck at syncing after power outage. Why is the config not syncing?Tried reloading and unplugging the cables.Should I remove the stack member ? Then plug the cable back in?Something like: https://vmguru.co...
Hello, I have 3 routers connected on which I ran IP OSPF 1 Area 0 command and they all worked fine as I am able to ping from each computer connected to the router through a Switch. I decided to removed OSPF from all interfaces using NO IP ...
Hi All, I am creating a new user with privilege level of 15 on my ASA using the ASDM client. When, attempting to authentication using SSH and a password for the SSH session (note: no keys are installed), I receive the following error, indicating an i...
I have a c9300 in use as a router. We have inter vlan routing and source based policy based routing.When we try to go to addresses that do not have a route in place for, the mgmt page for the c9300 comes up. I have not been able to find anythin...