cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

SDM templates in stacked environments

Nadav
Rising star
Rising star

Hi,

 

If I have a certain SDM template configured for the stack, are those maximums listed with the "show sdm prefer" command per switch or for the entire stack? For example, for an older 3750x you can have as many as 1k security aces for the access template, but I'd like to know if those 1k aces are split between all the switches in the stack or if they are per switch.

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Joseph W. Doherty
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

An interesting question, and one, I don't recall, as being very well, if at all, documented.  (If there's no documentation, possibly because not really relevant to operations and/or considered proprietary.)

As many of the high level functions, for a 3750 switch stack, are performed/managed by the stack master, likely the SDM TCAM allocations are only actively used on that switch, and effectively become the limits for the whole stack.  I.e. possibly other stack member's TCAM (some?) resources do not actually get used unless a stack member takes over for a failed stack master.

However, some lower level functions are directly supported by each stack member, so likely for those, it's possible only that stack member's TCAM resources are actually used for their support. Such TCAM resources, though, might be logically/physically set aside from the SDM TCAM resources.

Part of this possible demarcation of TCAM resources might be "seen" when the stack master fails.  I.e. some functions fail until a new stack master takes over, while some functions continue to work during the stack member election.

From a practical perspective, I believe you should consider the SDM TCAM limits apply to the whole switch stack, whether just one unit or a max number of units stack.

View solution in original post

6 REPLIES 6

balaji.bandi
VIP Guru VIP Guru
VIP Guru

Stack - Virtually one switch (consists of more physical switches)

 

SDM for all in the stack.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks! Have you seen this anywhere in the documentation? From what I've seen in SDM documentation it sounds like a hardware TCAM resource issue rather than a software one for an entire stack.

Thanks for the reference, however it doesn't state that the SDM is shared across all stack members unfortunately.

Perhaps not, but I recall (?), for example, on the 3750 series the member SDM templates had to be the same.  I also recall, on the 3750G model, designed as a distro switch, it had a set of SDM templates unique to it, which could not be used if you has unlike models in the same stack.

So, minimally, I would expect the prior is to insure, at least, if the stack master fails, a member switch's TCAM resources will support whatever the master supported.  Again, there might not be any master to member active TCAM replication, but I would expect (but don't know) that a member switch would, ideally, do whatever it can locally using its own resources.

Joseph W. Doherty
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

An interesting question, and one, I don't recall, as being very well, if at all, documented.  (If there's no documentation, possibly because not really relevant to operations and/or considered proprietary.)

As many of the high level functions, for a 3750 switch stack, are performed/managed by the stack master, likely the SDM TCAM allocations are only actively used on that switch, and effectively become the limits for the whole stack.  I.e. possibly other stack member's TCAM (some?) resources do not actually get used unless a stack member takes over for a failed stack master.

However, some lower level functions are directly supported by each stack member, so likely for those, it's possible only that stack member's TCAM resources are actually used for their support. Such TCAM resources, though, might be logically/physically set aside from the SDM TCAM resources.

Part of this possible demarcation of TCAM resources might be "seen" when the stack master fails.  I.e. some functions fail until a new stack master takes over, while some functions continue to work during the stack member election.

From a practical perspective, I believe you should consider the SDM TCAM limits apply to the whole switch stack, whether just one unit or a max number of units stack.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: