Re: TCAM error

jackson.ku · ‎11-07-2006

Dear Sir,

My Catalyst 6509 have the following TCAM error message :

.Nov 7 22:47:14: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

.Nov 7 22:47:14: %FMCORE-4-RACL_REDUCED: Interface Vlan202 routed traffic will

be software switched in ingress direction

.Nov 7 22:47:14: %FM_EARL7-4-MLS_FLOWMASK_NO_TCAM_RESOURCES: mls flowmask may n

ot be honored on interface Vlan202 due to TCAM resource shortage

.Nov 7 22:47:18: %SYS-5-CONFIG_I: Configured from console by vty0 (10.119.0.119

)

.Nov 7 22:47:19: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

.Nov 7 22:47:19: %FMCORE-4-RACL_REDUCED: Interface Vlan119 routed traffic will

be software switched in ingress direction

.Nov 7 22:47:19: %FM_EARL7-4-MLS_FLOWMASK_NO_TCAM_RESOURCES: mls flowmask may n

ot be honored on interface Vlan202 due to TCAM resource shortage

.Nov 7 22:47:19: %FMCORE-4-RACL_REDUCED: Interface Vlan119 routed traffic will

be software switched in ingress direction

.Nov 7 22:47:20: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

.Nov 7 22:47:20: %FMCORE-4-RACL_REDUCED: Interface Vlan202 routed traffic will

be software switched in ingress direction

.Nov 7 22:47:20: %FM_EARL7-4-MLS_FLOWMASK_NO_TCAM_RESOURCES: mls flowmask may n

ot be honored on interface Vlan202 due to TCAM resource shortage

.Nov 7 22:47:20: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

.Nov 7 22:47:20: %FMCORE-4-RACL_REDUCED: Interface Vlan202 routed traffic will

be software switched in ingress direction

.Nov 7 22:47:20: %FM_EARL7-4-MLS_FLOWMASK_NO_TCAM_RESOURCES: mls flowmask may n

ot be honored on interface Vlan202 due to TCAM resource shortage

How to resolve this problem? Can I increase the TCAM table? What's the symptom when this problem occur?

Best Regards,

Jackson Ku

royalblues · ‎11-07-2006

Hi Jackson,

The Access-lists are generaly compiled into a single table lookup in the TCAM. This helps to process the access-list at hardware speeds.

When thee TCAM gets full, the access-lists are then software or process switched which might be processor intensive.

I dont know whether you van increase the TCAM size.

If you have large number of access-list statements try to consolidate them

HTH, rate if it does

Narayan

royalblues · ‎11-07-2006

Hi Jackson,

The Access-lists are generaly compiled into a single table lookup in the TCAM. This helps to process the access-list at hardware speeds.

When thee TCAM gets full, the access-lists are then software or process switched which might be processor intensive.

I dont know whether you can increase the TCAM size.

If you have large number of access-list statements try to consolidate them

HTH, rate if it does

Narayan

smothuku · ‎11-07-2006

Hi Jackson ,

When you create a RACL (router access list) on the 6500 running native IOS it programs these values into the TCAM used by the ACL engine on the PFC so that they can be executed in hardware at 15MPPS.The messages are telling you that when this was attempted with your ACL configuration you ran out of room in the PFC's TCAM. It then goes on to

warn you that because of this, on some of your vlan interfaces traffic will have to be processed in software in order to utilize these access list since they could not be programmed in hardware. You can use the ********** 'tcam priority {high | low | normal}'. It is an interface level hidden command.

command to prioritize which interfaces get programmed into hardware or try to reduce the size/ make more efficient use of your acl's:

High priority gives ACLs on that interface priority for getting into the TCAM over ACLs of interfaces with lower (low or normal) priority. If the ACLs on an interface

with high priority do not fit in the TCAM, the ACLs for interfaces of lower priority will not be inserted into the TCAM until it is possible to fit the high-priority ACLs into the TCAM.

Here are also a few good show commands (hidden) that you can use to look at

how the TCAM is being programmed...

show tcam

show tcam count

show fm summary

show fm feature

SInce It is a Sup2 and you have not tired it yet, try changing the algorithm to ODM.

Please review the following:

http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/65acl_wp.pdf

following steps which will fix the problem

rtr(config)#mls aclmerge algorithm odm

rtr(config)mls aclmerge odm optimization

Then remove and reapply "access-groups" commands on all the interfaces. This includes all the PBRs as well that is utilizing any ACL and is applied under any interface.

Once you have done that,please run the following commands

#show fm summary

#sh tcam counts

Hope it helps you.

Thanks,

satish

royalblues · ‎11-07-2006

Thanks satish for the above info.

Narayan

jackson.ku · ‎11-07-2006

Thanks everybody. The result of execute "show tcam count" :

Used Free Percent Used Reserved

---- ---- ------------ --------

Labels: 10 4086 0

ACL_TCAM

--------

Masks: 3518 578 85 72

Entries: 28102 4666 85 576

QOS_TCAM

--------

Masks: 2045 2051 49 18

Entries: 16298 16470 49 144

LOU: 0 128 0

ANDOR: 0 16 0

ORAND: 0 16 0

ADJ: 0 2048 0

It have 15% free of ACL_TCAM yet. Why the system show me the TCAM error? I tried to reduce access-list, but can not release ACL_TCAM table. How can I reduce it?

Best Regards,

pflavio · ‎11-26-2006

Hi Jackson,

We had a similar issue with the TCAM table exhaustion.

This issue created some of the interfaces to do software switching which in turn caused high CPU.

Here is what Cisco engineers recommended:

BDD (Binary Decision Diagrams)algorithm did not merge the ACL properly and the TCAM was full due to BDD limitations. ODM (order dependent merge) is a better algorithm for the ACL merge but the code 12.1(8b)E15 (this is the code we are currently running)doesn't support ODM algorithm.

To remediate the issue:

1. Remove unnecessary ACLs in the box.

2. Upgrade the code to 12.1(13)E or above for ODM algorithm.

Here is a good link that explains the difference between BDD and ODM:

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_white_paper09186a00800c9470.shtml#wp42319

Thanks,

Flavio