Kindly explain show fm fie interface xxx command ( High Low bank

chandu.84 · ‎08-09-2011

Can someone kindly explain the details of the command:

we want to know why out low bank utilisation is high in ACL_TCAM

and one way to determine is to check the features on the interface done by

sh fm fie int po31.100

Interface Po31.100:
Feature interaction state created: Yes
Flowmask conflict status for protocol IP : FIE_FLOWMASK_STATUS_SUCCESS
Flowmask conflict status for protocol OTHER : FIE_FLOWMASK_STATUS_SUCCESS
Interface Po31.100 [Ingress]:
FIE Result for protocol IP : FIE_SUCCESS_NO_CONFLICT
Features Configured : V4_DEF   - Protocol : IP
FM Label when FIE was invoked : 2
Current FM Label : 2
Last Merge is for slot: 7
Features in Bank2 = V4_DEF
+-------------------------------------+
        Action Merge Table
+-------------------------------------+
   V4_DEF       RSLT    R_RSLT  COL
+-------------------------------------+
   L3D          L3D     P       0
   X            P       P       0
+-------------------------------------+
num# of strategies tried : 1
Description of merging strategy used:
  Serialized Banks: FALSE
  Bank1 Only Features: [empty]
  Bank2 Only Features: [empty]
  Banks Swappable: TRUE
Merge Algorithm: ODM
  num# of merged VMRs in bank 1 = 0
  num# of free TCAM entries in Bank1 = 32730
 num# of merged VMRs in bank 2 = 1
  num# of free TCAM entries in Bank2 = 32760
FIE Result for protocol OTHER : FIE_SUCCESS_NO_CONFLICT
Features Configured : OTH_DEF   - Protocol : OTHER
FM Label when FIE was invoked : 2
Current FM Label : 2
Last Merge is for slot: 7
Features in Bank2 = OTH_DEF
+-------------------------------------+
        Action Merge Table
+-------------------------------------+
   OTH_DEF      RSLT    R_RSLT  COL
+-------------------------------------+
   SB           HB      P       0
   X            P       P       0
+-------------------------------------+
num# of strategies tried : 1
Description of merging strategy used:
  Serialized Banks: FALSE
  Bank1 Only Features: [empty]
  Bank2 Only Features: [empty]
  Banks Swappable: TRUE
Merge Algorithm: ODM
  num# of merged VMRs in bank 1 = 0
  num# of free TCAM entries in Bank1 = 32730
  num# of merged VMRs in bank 2 = 1
  num# of free TCAM entries in Bank2 = 32759
Interface Po31.100 [Egress]:
FIE Result for protocol IP : FIE_SUCCESS_NO_CONFLICT
Features Configured : RACL   - Protocol : IP
FM Label when FIE was invoked : 134
Current FM Label : 134
Last Merge is for slot: 0
Features in Bank2 = RACL
+-------------------------------------+
        Action Merge Table
+-------------------------------------+
   RACL         RSLT    R_RSLT  COL
+-------------------------------------+
   SB           HB      P       0
   HB           HB      L3D     0
   L3D          L3D     L3D     0
   P            P       P       0
+-------------------------------------+
num# of strategies tried : 1
Description of merging strategy used:
  Serialized Banks: FALSE
  Bank1 Only Features: [empty]
  Bank2 Only Features: [empty]
  Banks Swappable: TRUE
Merge Algorithm: ODM
  num# of merged VMRs in bank 1 = 0
  num# of free TCAM entries in Bank1 = 21640
  num# of merged VMRs in bank 2 = 11122
  num# of free TCAM entries in Bank2 = 32291
No IP Guardian Feature Configured
No IPv6 Guardian Feature Configured
No QoS Feature Configured

show tcam counts detail
           Used        Free        Percent Used       Reserved
           ----        ----        ------------       --------
Labels:(in)  5        4091            0
Labels:(eg)  8        4088            0

ACL_TCAM
--------
HI BANK
  Masks:     15        2033            0                    72
Entries:     58       16326            0                   576

LOW BANK
  Masks:   1931         117           94     <<<<<                0
Entries:  11542        4842           70                     0

QOS_TCAM
--------
HI BANK
  Masks:      3        2045            0                    18
Entries:      5       16379            0                   144

Kindly help me with your expert opinions

Thank you so much

Richard Michael · ‎08-09-2011

Hi Chandu,

There are two banks in the Tcam which are bank 0 and bank 1 ( HI Bank is bank 0 and Low Bank is Bank 1).

The distribution between HI and LOW bank is determined by the features configured on an interface

We can confirm this with the following command:

- 'show fm fie interface xxx

Fm stands for feature manager

Feature manager -The software responsible for converting individual ACEs into the actual VMRs that will be installed in the TCAM, and for performing ACL optimizations

We can also run this before and then after any further changes to the ACLs. This will show why one bank decreases while another slightly increases.

If the TCAM is full and you attempt to add new ACLs, or ACEs to existing ACLs, the commit or map process will fail, and any prior configuration will remain in effect. In the case of RACLs, the ACL will be enforced in software on the MSFC, with the corresponding performance penalty.

On a switch running hybrid software, if you configure VACL or QoS ACL ACEs that exceed the pattern or mask capacity of the TCAM, a syslog message similar to the following will be printed to the console:

%ACL-5-TCAMFULL: acl engine TCAM table is full

On Supervisor IOS systems, or on the MSFC in a hybrid system, if you configure RACL ACEs that exceed the capacity of the TCAM, a syslog message similar to the following will be printed to the console:

%FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

On Supervisor IOS systems, or on the MSFC in a hybrid system, issue the show fm summary command to see which interfaces are enforcing ACLs in hardware (ACTIVE) and which are enforcing ACLs in software (INACTIVE)

The Reason why you are seeing the low bank to be highly utilized is there is some ACL configs that has filled up the bank, what we can do is try and see if there are any which are not in use and try and remove them and check the usage of the bank before and after the use by using the sh tcam count det .

Commands such as sh fm summary can be found here :

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_s1.html#wp1069142

More information about 6500 ACls and algorithms can be found here :

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00800c9470.shtml#wp39459

Thanks,

Ricky Micky

*Rate if the content is useful

chandu.84 · ‎08-09-2011

Hello Richard,

Thank you so much for your reply.

I uploaded the output of the sh fm fie int command but its hard to understand the output

How can we determine which bank to use and what is it using now from the output

Why do we have huge low bank utilization?

Kindly help me with the above answers

Much appreciated

Richard Michael · ‎08-09-2011

Hi Chandu,

As i said earlier there is some bizarre config in the switch that is doing this. its tough to interpret only with this command. Please delete if there any kind of unwanted ACL's, remove un necessary PBR/VACL's. You need to have matches for all the PBR. if possible post the config of the switch, we will try to determine if there is anything unusual.

Thanks,

Ricky Micky

chandu.84 · ‎08-09-2011

I made some reasrch too :

Yes your right . There is not direct approach or any document which explains which feature uses which bank.

FM and Fie are responsible to determine an alogirthm based on the configurations in the switch.

In our case as we have lot of routed acls fm and fie determined that there will be no serialised approach instead all of them have been programmed in the Low bank

If we had any other acls such as natted acls, they will be stored in another tcam.

As the banks are not serialised, removing acl entries should not affect other tcam entries

I will try that and let you guys know

Thank you so much for your time

Jon Marshall · ‎08-09-2011

Ricky

Excellent post, learn't a lot from it and deserves a rating (+5).

Jon

Somasundaram Jayaraman · ‎08-09-2011

Nice explanation Richard. Very informative..

-Somu

Kindly explain show fm fie interface xxx command ( High Low bank TCAm util)