Out of hardware TCAM entries

pahremark · ‎06-06-2004

Hi there!

A customer of ours have a problem with their Catalyst 4500-SUPII+, they are having one customer on each physical-if and then they use service-policy to limit the traffic.

The problem is that they reach a limit after about 96 interface's, the log reports this:

-4-ACLHWPROGERRREASON: Output Policy Map: 10Mbps - out of hardware TCAM entries.

*Jan 1 09:37:08: %C4K_HWACLMAN-4-ACLHWPROGERR: Output Policy Map: 10Mbps - hard

ware TCAM limit, qos being disabled on relevant interface.

The interface configurations looks like this:

switchport trunk encapsulation dot1q

switchport trunk native vlan 67

switchport trunk allowed vlan 67,416

switchport mode trunk

duplex full

service-policy input 10Mbps

service-policy output 10Mbps

tx-queue 3

priority high

shape 1000000 bps

spanning-tree portfast trunk

In regards to access-lists they are using vlan access-maps to minimize the usage of TCAM entries (but it doesn't help, still the same problem);

vlan access-map kunder 10

action drop

match ip address test

vlan access-map kunder 20

action forward

match ip address all

vlan filter kunder vlan-list 67

ip access-list extended all

permit ip any any

ip access-list extended test

permit tcp any any range 135 139

permit udp any any range 135 netbios-ss

permit udp any any eq 445

permit tcp any any eq 445

deny udp host 172.16.20.1 eq bootps any

permit udp any eq bootps any

So then question: Is there any way to minimize and simply this further, to be able to use QoS on every interface? + which good show commands can we use (most of the TCAM related ones doesn't work on the SUPII+)?

Thanx ahead!

/Peter Ahremark

CCIE #8680

Georg Pauwen · ‎06-07-2004

Hello,

try and increase the TCAM size, I do not know if this command works on the 4500 though:

Switch(config)# sdm access-list 8192

With the command:

show internal all-regions

you can verify how much space is available in TCAM.

HTH,

GP

pahremark · ‎06-07-2004

First of all a big thanx for your quick answer!

I'm sorry to say though, that neither of these two commands works, they don't exist on a SUPII+ in a 4500 :-(

I have had the thought before about increasing TCAM, but we didn't find any "SDM" commands sadly....

Any other ideas ???

Thanx ahead!

/Peter

lakn · ‎07-09-2004

Hi.

I hope you have solved your problem, but I have had the same. And I found the solution in this:

mls aclmerge algorithm {bdd | odm}

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_3/msfc121e/msfc.htm#1047404

Saying this knowing that I have a Cat6K and yours is a Cat4500.

Hope this helps.

pahremark · ‎07-15-2004

Hi there!

Thanx for your reply. Well I actually opened up a TAC-case in regards to this situation.

And we also ended out in looking on ways to optimize, but sadly it's not possible to switch between BDD and ODM on a 4500 box, that's only available on the 6500.

So we have basically given up this, the 4500 isn't really suitable if you want to do policers on all interfaces + some acl's, at least not to the extent that our customer wants...

Anyway, thanx a lot for your reply, great that it solved itself for you!

Greetings from Stockholm, Sweden!