Since the early 1990s, we’ve watched as the number of entries on the Internet routing table has steadily grown. It wasn’t that long ago (2008) that the table reached 256k routes, triggering action by network administrators to ensure the continued growth of the Internet. Now that the table has passed 500,000 routes, it’s time to start preparing for another significant milestone – the 512k mark.
Looking Ahead to 512k
As an industry, we’ve known for some time that the Internet routing table growth could cause Ternary Content Addressable Memory (TCAM) resource exhaustion for some networking products. TCAM is a very important component of certain network switches and routers that stores routing tables. It is much faster than ordinary RAM (random access memory) and allows for rapid table lookups.
Networking Product Implications
No matter who provides your networking equipment, it needs to be able to manage the ongoing growth of the Internet routing table. We recommend confirming and addressing any possible impacts for all devices in your network, not just those provided by Cisco. The products that could be affected include those with a default configuration supporting 512k routes. From Cisco’s perspective, this includes:
Cisco Catalyst 6500 Switches
Cisco 7600 Series Routers
Cisco ASR 9000 Series Aggregation Services Routers configured with Trident-based line cards (typhoon-based line cards are not affected)
Cisco ASR 1000 Series Aggregation Services Routers with 4GB (devices with 8GB or RAM or higher can scale to up to 1,000,000 routes)
The Good News – Workarounds Are Available!
Cisco has published information on several workarounds that can be applied by our customers, including changing the default configuration for affected devices. In some cases this may require a reload of the device or line card. See below for the links to this customer information.
Cisco Catalyst 6500/Cisco 7600 Series Supervisor Engine 720
The following document describes how to customize the forwarding information base (FIB) ternary content addressable memory (TCAM) on Catalyst 6500 switches that run the Supervisor Engine 720:
Cisco ASR 9000 Series Aggregation Services Routers
The following document describes workarounds available for the Cisco ASR 9000 Series Aggregation Services Routers. When a Trident-based line card reaches its prefix limit, the message %ROUTING-FIB-4-RSRC_LOW occurs, causing potential traffic loss on the line cards:
Cisco ASR 1000 Series Aggregation Services Routers
Cisco ASR 1000 Series Aggregation Services Routers with 4GB can scale to up to 500,000 IPv4 or IPv6 routes. Cisco ASR 1000 Series Aggregation Services Routers with 8GB of RAM or higher can scale to up to 1,000,000 routes. The following document provides an overview of the number of supported routes:
Route filtering and the use of a default route can also be used to decrease the number of routes in an affected device. Prefix lists can be used as an alternative to access lists in many BGP route-filtering commands. The use of prefix lists provides significant performance improvements when loading and performing route lookup of large routing tables. Additional information about BGP best practices and configuring prefix lists is available at:
The possibility of TCAM resource exhaustion at 512k routes is a known issue that we all know has been coming for some time. There is no related security vulnerability, and it cannot be easily triggered by a remote, untrusted user.
The following website is a great resource that provides the current state of the Internet routing table. This could help Cisco customers when configuring route filtering:
Implementing the recommended workarounds ahead of time will help your network avoid any performance degradation, routing instability, or impact to availability. Having just passed the 500,000 route milestone, now is the right time to ensure your network is prepared to manage a 512k entry internet routing table.
Whether you're attending VMworld 2019 on-site or from afar, read the latest on the key themes to expect. They are also the key themes for IT management today, from software defined everything to cloud and automation to IoT and edgecomputing : http:...
Hi All,our backup server is connect with cisco 3750. that port is configued as Trunk VLAN100. for other sw to sw links we are using VLAN1 trunk. my question is trunk allows all vlan traffic to pass then why they have put vlan100 instead of vlan1 ...
We have a Shoretel VOIP system and I want to ensure I have QOS properly in place on my 3850 and 2960 stacks. We want dscp 46 to have higher priority from what I understand. We basically did "auto qos voip trust" on all user ports, and "au...