Re: [c-nsp] N7K tcam handling

Tue, 09 Mar 2010 09:16:03 -0800 

Hi Tim, please see inline below:

At 08:01 AM 3/9/2010, Tim Durack clamored:


Anyone know if the N7K handles tcam exhaustion more gracefully than
the 6500? (If you've lived through that experience, you'll know why
I'm asking.)
Yes, it does. I say that because n7k will reject your configuration if it won't fit within the constraints of the hw resources. C6K will instead punt to software to let the RP CPU enforce the ACL (and you can probably guess the result - inband saturated & CPU pegged). 

Other improvements on n7k WRT ACLs:
- we rarely "merge" polices, the ACL TCAM is carved bank-wise mostly on a per feature basis (you can "chain" the banks if you have enormous ACLs) - also, we don't try a bunch of different merge "strategies" to try to make things fit, driving up the CPU util - we have a verify/commit option using config sessions, ie, you make all your ACL changes in a "scratch" area, then use the verify cmd to make sure it will fit in the hardware. Only then do you commit it. - we have atomic ACL commits, ie, non traffic disruptive by default (versus a "default result" (deny by default) on c6k while the old entries are removed & the new installed). 


Docs suggest the N7K is generally smarter about handling tcam than the
6500. Or maybe NX-OS is smarter.


(IMHO,) yes, both. :P



Heres an idea for Cisco: how about porting NX-OS to the 6500?


No committed plans.


 Or
release a new Sup that makes the C6K an N6.5K?


C6K will continue to evolve and they do have a roadmap to a new sup & fabric.

Hope that helps,
Tim



I think you would make
a lot of customers happy.

--
Tim:>
_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
<https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at <http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/ 




Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to