BugZero | Cisco BugID CSCut18665 - N9K - Default TCAM allocation for CoPP

Cisco - Defect ID: CSCut18665

N9K - Default TCAM allocation for CoPP

Cisco - Defect ID: CSCut18665

N9K - Default TCAM allocation for CoPP

Last updated on September 9th, 2019

BugZero Risk Score
3.1 Low

Overall: 3.1

Severity: 3.7

Lifecycle: 4.0

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 2

Description

Symptom

Attempting to make modifications to the default CoPP policy on a Nexus 9300 or 9500 it errors out with the following: Nexus9K-1(config)# control-plane Nexus9K-1(config-cp)# service-policy input CUSTOM-copp-policy-strict This operation can cause disruption of control traffic. Proceed (y/n)? [no] y ERROR: Sufficient free entries are not available in TCAM bank 2015 Feb 28 12:23:25 Nexus9K-1 %$ VDC-1 %$ %ACLQOS-SLOT1-2-ACLQOS_OOTR: Tcam resource exhausted: (null)

Conditions

Attempting to make modifications to the default CoPP policy on a Nexus 9300 or 9500

Workaround

Gauge what other TCAM region on your system has a low percentage utilized via the following CLI: Nexus9K-1# show hardware access-list resource utilization Once this is determined you will need to reduce the allocated size to this/these bank(s) and increase the allocated size to the CoPP region via the following CLI: Nexus9K-1(config)# hardware access-list tcam region [region_id] [size] Nexus9K-1(config)# hardware access-list tcam region copp [size] Note: Following the above changes a reload must be performed for the new TCAM carving to occur.

Further Problem Description

This is due to the default TCAM region allocation for CoPP being 95% utilized with the default policy applied. This does not allow for much room to customize the policy: N9396-1# sh hardware access-list resource utilization | i Used|Free|Percent|Utilization|-|COPP ------------- ACL Hardware Resource Utilization (Mod 1) ---------------------------------------------------------- Used Free Percent Utilization ------------------------------------------------------------------- SUP COPP 244 12 95.31 For more information on the TCAM region limitations on the Nexus 9000 series platform please review the following section of the configuration guide: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/qos/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Quality_of_Service_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Quality_of_Service_Configuration_Guide_7x_chapter_0100.html

Relevant Products

Click on a version to see all relevant bugs

Affected versions:6.1(2)I2(1), 6.1(2)I2(2), 6.1(2)I2(2a), 6.1(2)I2(2b), 6.1(2)I2(3), 6.1(2)I3(1), 6.1(2)I3(3a), 6.1(2)I3(3b), 6.1(2)I3(4)

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Affected versions:6.1(2)I2(1), 6.1(2)I2(2), 6.1(2)I2(2a), 6.1(2)I2(2b), 6.1(2)I2(3), 6.1(2)I3(1), 6.1(2)I3(3a), 6.1(2)I3(3b), 6.1(2)I3(4)

Fixed versions: No known fixed versions

Top Cisco Defects

9.7Defect ID: CSCws52722
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCwt50498
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCvn12442
Under heavy load, ISE live logs stop working on ISE 2.3
9.7Defect ID: CSCws61409
Live Logs Not Displaying on GUI Due to Fast Expansion of MNT Database
9.7Defect ID: CSCvz07394
2960X Stack may observe hang/freeze of member switches or complete stack.

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCut18665

N9K - Default TCAM allocation for CoPP

Cisco - Defect ID: CSCut18665

N9K - Default TCAM allocation for CoPP

Last updated on September 9th, 2019

BugZero Risk Score3.1 Low

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
3.1 Low