CAM (Content Addressable Memory) VS TCAM (Ternary Content Addressable Memory)
CAM VS TCAM
Multilayer switches forward frames and packets at wire speed by using ASIC hardware. Specific Layer 2 and Layer 3 components, such as routing tables or Access Control Lists (ACLs), are cached into hardware. Routing, switching, ACL and QoS tables are stored in a high-speed table memory so that forwarding decisions and restrictions can be made in high-speed hardware. Switches perform lookups in these tables for result information, such as to determine whether a packet with a specific destination IP address is supposed to be dropped according to an ACL.
Cisco Catalyst switches deploys these memory tables using specialized memory architectures, referred to as CAM and TCAM.
CAM (Content Addressable Memory)
CAM stands for Content Addressable Memory which is a special type of memory used by Cisco switches. In the case of ordinary RAM the IOS uses a memory address to get the data stored at this memory location, while with CAM the IOS does the inverse. It uses the data and the CAM returns the address where the data is stored. Also the CAM is considered to be faster than the RAM since the CAM searches the entire memory in one operation.
CAM tables provide only two results: 0 (true) or 1 (false). CAM is most useful for building tables that search on exact matches such as MAC address tables. The CAM table is the primary table used to make Layer 2 forwarding decisions. In the case of Layer 2 switching tables, the switch must find an exact match to a destination MAC address or the switch floods the packet out all ports in the VLAN.
The table is built by recording the source address and inbound port of all frames. As frames arrive on switch ports, the source MAC addresses are learned and recorded in the CAM table. The port of arrival and the VLAN are both recorded in the table, along with a timestamp. If a MAC address learned on one switch port has moved to a different port, the MAC address and timestamp are recorded for the most recent arrival port. Then, the previous entry is deleted. If a MAC address is found already present in the table for the correct arrival port, only its timestamp is updated.
When a frame arrives at the switch with a destination MAC address of an entry in the CAM table, the frame is forwarded out through only the port that is associated with that specific MAC address. The information a switch uses to perform a lookup in a CAM table is called a key. For example, a Layer 2 lookup would use a destination MAC address and a VLAN ID as a key.
To view the contents of the CAM table, you can use the following EXEC command:
Switch# show mac address-table dynamic [address mac-address | interface type mod/num | vlan vlan-id]The entries that have been dynamically learned will be shown. You can add the address keyword to specify a single MAC address, or the interface or vlan keywords to see addresses that have been learned on a specific interface or VLAN.To see the CAM table's size, use the show mac address-table count command.
The problem with CAM is that it can only do exact matches on ones and zeros (binary CAMs), and here comes TCAM.
TCAM (Ternary Content Addressable Memory)
TCAM stands for Ternary Content Addressable Memory which can match a third state, which is any value. This makes TCAM a very important component of Cisco Layer 3 switches and modern routers, since they can store their routing table in the TCAMs, allowing for very fast lookups, which is considerably better than routing tables stored in ordinary RAM. TCAM is a specialized CAM designed for rapid table lookups.
TCAM provides three results: 0, 1, and "don't care." TCAM is most useful for building tables for searching on longest matches such as IP routing tables organized by IP prefixes. The TCAM table stores ACL, QoS and other information generally associated with upper-layer processing. As a result of using TCAM, applying ACLs does not affect the performance of the switch.
Most switches have multiple TCAMs so that both inbound and outbound security, as well as QoS ACLs, can be evaluated simultaneously or entirely in parallel with a Layer 2 or Layer 3 forwarding decision.
The term VMR (Value, Mask and Result) refers to the format of entries in TCAM. The "value" in VMR refers to the pattern that is to be matched; examples include IP addresses, protocol ports, DSCP values, and so on. The "mask" refers to the mask bits associated with the pattern and determines the prefix. The "result" refers to the result or action that occurs in the case where a lookup returns a hit for the pattern and mask.
This result might be a "permit" or "deny" in the case of a TCAM for ACLs, values for QoS policies in case of QoS or a pointer to an entry in the hardware adjacency table that contains the next-hop MAC rewrite information in the case of a TCAM used for IP routing.
To see the current TCAM resource usage, use the show tcam counts EXEC command. To see the current TCAM partitioning, you can use the show sdm prefer EXEC command.
Most of the traditional Layer 2 Cisco switches has only CAM for Layer 2 switching, while some Layer 2 Cisco switches has TCAM for QoS and not for routing, while layer 3 switches has the routing TCAM. CAM and TCAM are the most important parts of the so called ASICs that Cisco switches leverage for line-speed fast switching.
Catalyst switch architecture supports the ability to perform multiple lookups into multiple distinct CAM and TCAM regions in parallel. As a result of this ability to perform multiple lookups simultaneously, Catalyst switches do not suffer any performance degradation by enabling additional hardware-switching features such as QoS and IP ACL processing.
Hi ! The datacenter I'm hosted at delivered me two subnets of public IP address on the same interface on my CISCO2911 router. The secondary subnet is mainly going to be used for NAT static translations. I'm struggling to get things to work ...
Hello, I have Cisco Catalyst 3560 network switch and am trying to receive UDP packets from four attached devices. Each device is sending packets to the same ip address and port, and this destination address cannot be changed. Is it possible to redire...
Currently I have dot1x to authenticate by cable, at the time of placing an avaya esete phone if it authenticates but fails to receive an IP from the dhcp. the port get in Drops state will have some reason, I use ISE #sh mac address-table interface fa...
I am about to build an OOB Management network, for about 10 sites, and am trying to identify the most cost effective hardware. I intend to provide OOB Ethernet and Serial connectivity to each network device on my main network which is around 100 dev...