From the specs, i see that the 3850 only supports 8K of IPv4 routes. Is this per VRF or across all VRFs ?

Isn't this number of 8K routes very limited, especially for the 3850XS models which are targeted at core/aggregation level ?

The switch supports up to 27 VRFs, but this means only 300 IPv4 routes per VRF and if you are mixing in with IPv6, even less.

We have VRFs of around 2500 route entries. It would mean we can only support 3 VRFs ? (and this without any IPv6 deployment)



where are you seeing that ? im looking at the data sheet and its up to 24000 routes ipv4

it depends on what the sdm is set to as well and what license is in place

looking at 1 of my 38s running ip services with sdm set to advanced it can take up to 24

sh sdm prefer
Showing SDM Template Info

This is the Advanced (high scale) template.
  Number of VLANs:                                 4094
  Unicast MAC addresses:                           32768
  Overflow Unicast MAC addresses:                  512
  IGMP and Multicast groups:                       8192
  Overflow IGMP and Multicast groups:              512
  Directly connected routes:                       16384
  Indirect routes:                                 7168
  Security Access Control Entries:                 3072
  QoS Access Control Entries:                      3072
  Policy Based Routing ACEs:                       1024
  Netflow ACEs:                                    768
  Wireless Input Microflow policer ACEs:           256
  Wireless Output Microflow policer ACEs:          256
  Flow SPAN ACEs:                                  512
  Tunnels:                                         256
  Control Plane Entries:                           512
  Input Netflow flows:                             8192
  Output Netflow flows:                            16384
  SGT/DGT entries:                                 4096
  SGT/DGT Overflow entries:                        512
These numbers are typical for L2 and IPv4 features.

Total number of IPv4 routes (ARP plus learned routes)



"Directly connected routes" 

"Directly connected routes"  are local VLANs and loopbacks. That are not "learned" routes, ie OSPF or BGP learned routes. These are "Indirect routes", and this limit is 7168. Or am i wrong ?

The original 3750G-12S,

The original 3750G-12S, designed for distribution, had a larger TCAM and additional SDM templates.  I can only guess that Cisco found having a "special" variant wasn't worth the trouble or they decided they didn't want to compete against other products in their line (existing or planned) that would be more suitable in such a role for larger networks.  Either might explain why the 3860XS is as it is.

I haven't any direct experience with the3650/3850 series, but assuming its architecture is somewhat similar to earlier 3560/3750 series, I would expect the number of routes supported to be a global resource, i.e. I would expect it to be shared across VRFs.

Although Mark's references notes IPv4 routes as 24K, table 1 in, lists


Advanced Template

VLAN Template

Resource Explained

Indirect routes



Maximum supported indirect routes

This document also notes:

Table 1 details the resource allocation for VLAN and advanced SDM templates. These resource allocations are based on L2 and IPv4 features. Because IPv6 features consume twice the ternary content addressable memory (TCAM) table size of IPv4 table entries, the switch supports half the number of TCAM table entries for IPv6.

In my company, we didn't move from 3750s to 3850s for similar concerns especially as we were looking to roll out IPv6.




I am running Denali 16.3.3 with 2 VRF of each around 2100 IPv4 external prefixes:

show ip route vrf O1 summ
ospf 1001       168         2287        0           235680      736500
  Intra-area: 155 Inter-area: 85 External-1: 52 External-2: 2163
  NSSA External-1: 0 NSSA External-2: 0
show ip route summ
ospf 1000       167         2306        0           237408      741900
  Intra-area: 152 Inter-area: 85 External-1: 52 External-2: 2184
  NSSA External-1: 0 NSSA External-2: 0
Looking at the TCAMs:
#show platform hardware fed switch 1 fwd-asic resource tcam utilization
CAM Utilization for ASIC# 0
 Table                                              Max Values        Used Values
 Unicast MAC addresses                              32768/512          22/23  
 Directly or indirectly connected routes            16384/7168      1479/3591
 L2 Multicast groups                                4096/512           0/7   
 L3 Multicast groups                                4096/512           0/9   
 QoS Access Control Entries                         2560               154
 Security Access Control Entries                    3072               162
 Netflow ACEs                                        768                15
 Input Microflow policer ACEs                        256                 7
 Output Microflow policer ACEs                       256                 7
 Flow SPAN ACEs                                      256                 5
 Output Flow SPAN ACEs                               256                 8
 Control Plane Entries                               512               285
 Policy Based Routing ACEs                          1024                 9
 Tunnels                                             256                18
 Lisp Instance Mapping Entries                       256                 3
 Input Security Associations                         256                 4
 SPD                                                 256                 2
 Output Security Associations and Policies           256                 9
 SGT_DGT                                            3840/512           0/0   
 CLIENT_LE                                          4096/256           0/0   
 INPUT_GROUP_LE                                     6144                 0
 OUTPUT_GROUP_LE                                    6144                 0

It doesn't fit 100%, only 3500 used instead of 4200, but 3500 is still already 50% of available space.

