Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2037
Views
0
Helpful
2
Replies

Nexus 9300 - TCAM Carving for VLAN egress policy

Christian Jorge
Level 1
Level 1

‎09-09-2019 07:29 AM

Good morning gentlemen


I'm configuring a pair of Nexus C93180YC-EX switches, NX-OS 9.3(1).

Main customer is using these switches with Internet distribution layer function:
- connect other customers - using a transit VLAN for each customer
- perform a bandwith restriction for each customer (using policy-map / class-default / police / service policy input/output at each customer int vlan)
- ospf routing to uplink Internet routers (only Ipv4)

We are referring about 65 customer connections (and bandwith policies) today (may increase until about 100).

Reading Nexus 9000 guide, and configuring switches, I verified we can't configure service-policies at interface VLANs.

This case, I tried using service-policies applied directly to customer transit vlans (layer2 vlan). Switches permit to apply it input/ingress direction (it worked fine).
But in egress/output direction, switch asked for carving TCAM.

I need a help in which TCAM part I can carve and how to perform it.
Nexus guide explais about allocate TCAM for VLAN QOS and QOS Egress, but not sure about them.


This is the TCAM allocation today (default):
brbzqrtd1ist3fd# show hardware access-list tcam region
NAT ACL[nat] size = 0
Ingress PACL [ing-ifacl] size = 0
VACL [vacl] size = 0
Ingress RACL [ing-racl] size = 1792
Ingress RBACL [ing-rbacl] size = 0
Ingress L2 QOS [ing-l2-qos] size = 256
Ingress L3/VLAN QOS [ing-l3-vlan-qos] size = 512
Ingress SUP [ing-sup] size = 512
Ingress L2 SPAN filter [ing-l2-span-filter] size = 256
Ingress L3 SPAN filter [ing-l3-span-filter] size = 256
Ingress FSTAT [ing-fstat] size = 0
span [span] size = 512
Egress RACL [egr-racl] size = 1792
Egress SUP [egr-sup] size = 256
Ingress Redirect [ing-redirect] size = 0
Egress L2 QOS [egr-l2-qos] size = 0
Egress L3/VLAN QOS [egr-l3-vlan-qos] size = 0
Ingress Netflow/Analytics [ing-netflow] size = 0
Ingress NBM [ing-nbm] size = 0
TCP NAT ACL[tcp-nat] size = 0
Egress sup control plane[egr-copp] size = 0
Ingress Flow Redirect [ing-flow-redirect] size = 0
Ingress RACL Lite [ing-racl-lite] size = 0
Ingress PACL IPv4 Lite [ing-ifacl-ipv4-lite] size = 0
Ingress PACL IPv6 Lite [ing-ifacl-ipv6-lite] size = 0



Regards and thanks for  helping me

Christian

Labels:
0 Helpful
2 Replies 2

dducamps01
Level 1
Level 1
In response to dducamps01

‎12-19-2020 04:19 AM

so you should extend 

Egress L2 QOS [egr-l2-qos] size = 0
Egress L3/VLAN QOS [egr-l3-vlan-qos] size = 0

 

you can see which region are used currently with your vlan INGRESS QoS

by typing this command 

and allocate soem 256 quantum to the equivalent egress TCAM region

of course to perform this, you have to decrease a current TCAM region (as all TCAM ressources ia loacted by default)
so usually we decease ing-racl or egr-racl casue they are the bigger region

feasible if you do not need layer3 intf ACL

 


MAQ-93180# sh hardware access-list resource utilization

slot 1
=======

 

INSTANCE 0x0
-------------


ACL Hardware Resource Utilization (Mod 1)
----------------------------------------------------------
Used Free Percent
Utilization
-------------------------------------------------------------------
Ingress PACL 2 254 0.78
Ingress PACL IPv4 0 0.00
Ingress PACL IPv6 0 0.00
Ingress PACL MAC 0 0.00
Ingress PACL ALL 2 0.78
Ingress PACL OTHER 0 0.00
Ingress L2 QOS 2 254 0.78
Ingress L2 QOS IPv4 0 0.00
*****

 

0 Helpful
Customers Also Viewed These Support Documents