I have several ACLs configured on my N9K. I see a lot of 'fragmented' entries like these:
[0x0472:0x0474:0x0474] permit tcp 0.0.0.0/0 x.x.x.x/26 fragment routeable 0x1 
It always comes together with 'normal' entries like these: [0x0473:0x0475:0x0475] permit tcp 0.0.0.0/0 x.x.x.x/26 eq 443 routeable 0x1  [0x0474:0x0476:0x0476] permit tcp 0.0.0.0/0 x.x.x.x/26 eq 1234 routeable 0x1  [0x0475:0x0477:0x0477] permit tcp 0.0.0.0/0 x.x.x.x/26 eq 2345 routeable 0x1  [0x0476:0x0478:0x0478] permit tcp 0.0.0.0/0 1x.x.xx/26 eq 80 routeable 0x1 
One of my ACLs is consuming about 800 ACEs, about 100 of which are those fragmented entries.
This document refers to this issue and provide a solutuon to it. It says:
"Default programming model creates parallel non-first fragment entry in hardware for each ACE. This entry matches same source/destination IP addresses and protocol as original ACE, but with no L4 port information and matching on non-initial fragments.
Default fragment handling results in 2X CL TCAM utilization. Configuration knob provided to permit or deny ALL non-initial fragments<...>"
Due to my previous experiences I'm now really careful when it comes to doing anything regarding TCAM optimization, so I'd like to understand 1)why exactly TCAM is originally programmed in this non-optimal fashion and 2)what are possible drawbacks of enabling the optimization.
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...
We know that the Type-1 LSA describes the link type connected to the router, the neighbor router and the subnet number.In this topology, assume we dont have a Type-2 LSA, so each router will create its own Type-1 LSA, the Type-1 LSA will describe the neig...
Here are some commonly asked questions and answers to help with your adoption of Cisco DNA Center Wireless. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
Q. I have a Cisco Appl...