Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Nexus 9k High TCAM utilization after adding additional ACL to an interface and there may be logs for TCAM exhaustion.
N9k with interfaces on same instance, but different combination of ACLs configured. Ex. show run interface Ethernet1/1 switchport switchport mode trunk ip port access-group IPacl in ipv6 port traffic-filter IPv6acl in mac port access-group Macacl mtu 9216 no shutdown interface Ethernet1/2 switchport switchport mode trunk ip port access-group IPacl in ipv6 port traffic-filter IPv6acl in mac port access-group Macacl mtu 9216 no shutdown interface Ethernet1/3 switchport switchport mode trunk ip port access-group IPacl in ipv6 port traffic-filter IPv6acl in mac port access-group MacTestacl mtu 9216 no shutdown interface Ethernet1/4 switchport switchport mode trunk ip port access-group IPacl in ipv6 port traffic-filter IPv6acl in mac port access-group MacTestacl <<<<< different than eth1/1-2, so it has a different label mtu 9216 no shutdown 513E-A-19-N9K-C93600CD-GX-1(config)# show system internal access-list slot 1 ======= VDC-1 Ethernet1/1 : ==================== Policies in ingress direction: Policy type Policy Id Policy name ------------------------------------------------------------ PACL 4 IPacl PACL 5 IPv6acl PACL 6 Macacl No Netflow profiles in ingress direction INSTANCE 0x0 --------------- Tcam Label 1 resource usage: ------------------------------ LBL A = 0x1 <<<<<<<<<< LBL 0x1 Bank 0 ------ IPv4 Class Policies: PACL(IPacl) 255 tcam entries IPv6 Class Policies: PACL(IPv6acl) 243 tcam entries MAC Class Policies: PACL(Macacl) 6 tcam entries 0 l4 protocol cam entries 0 mac etype/proto cam entries 0 lous 0 tcp flags table entries 0 adjacency entries No egress policies No Netflow profiles in egress direction VDC-1 Ethernet1/2 : ==================== Policies in ingress direction: Policy type Policy Id Policy name ------------------------------------------------------------ PACL 4 IPacl PACL 5 IPv6acl PACL 6 Macacl No Netflow profiles in ingress direction INSTANCE 0x0 --------------- Tcam Label 1 resource usage: ------------------------------ LBL A = 0x1 <<<<<<<<<< LBL 0x1 Bank 0 ------ IPv4 Class Policies: PACL(IPacl) 255 tcam entries IPv6 Class Policies: PACL(IPv6acl) 243 tcam entries MAC Class Policies: PACL(Macacl) 6 tcam entries 0 l4 protocol cam entries 0 mac etype/proto cam entries 0 lous 0 tcp flags table entries 0 adjacency entries No egress policies No Netflow profiles in egress direction VDC-1 Ethernet1/3 : ==================== Policies in ingress direction: Policy type Policy Id Policy name ------------------------------------------------------------ PACL 4 IPacl PACL 5 IPv6acl PACL 7 MacTestacl No Netflow profiles in ingress direction INSTANCE 0x0 --------------- Tcam Label 1 resource usage: ------------------------------ LBL A = 0x2 <<<<<<<<<< LBL 0x2 due to different combination of ACLs Bank 0 ------ IPv4 Class Policies: PACL(IPacl) 255 tcam entries IPv6 Class Policies: PACL(IPv6acl) 243 tcam entries MAC Class Policies: PACL(MacTestacl) 6 tcam entries 0 l4 protocol cam entries 0 mac etype/proto cam entries 0 lous 0 tcp flags table entries 0 adjacency entries No egress policies No Netflow profiles in egress direction VDC-1 Ethernet1/4 : ==================== Policies in ingress direction: Policy type Policy Id Policy name ------------------------------------------------------------ PACL 4 IPacl PACL 5 IPv6acl PACL 7 MacTestacl No Netflow profiles in ingress direction INSTANCE 0x0 --------------- Tcam Label 1 resource usage: ------------------------------ LBL A = 0x2 <<<<<<<<<< LBL 0x2 due to different combination of ACLs Bank 0 ------ IPv4 Class Policies: PACL(IPacl) 255 tcam entries IPv6 Class Policies: PACL(IPv6acl) 243 tcam entries MAC Class Policies: PACL(MacTestacl) 6 tcam entries 0 l4 protocol cam entries 0 mac etype/proto cam entries 0 lous 0 tcp flags table entries 0 adjacency entries No egress policies No Netflow profiles in egress direction 513E-A-19-N9K-C93600CD-GX-1(config)# show hardware access-list resource utili slot 1 ======= INSTANCE 0x0 ------------- ACL Hardware Resource Utilization (Mod 1) ---------------------------------------------------------------------------------------------------------- Used Free Percent Utilization ---------------------------------------------------------------------------------------------------------- Ingress PACL ALL 1496 40 97.39 <<<<<<<<<<<< high Utilization Ingress PACL ALL IPv4 510 33.20 Ingress PACL ALL IPv6 972 63.28 Ingress PACL ALL MAC 12 0.78 Ingress PACL ALL ALL 2 0.13 Ingress PACL ALL OTHER 0 0.00
Disable atomic updates or reduce the ACL sizes