Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policy Routing failing - possible TCAM overload on 6509 switch?

Hi

We have been experiencing some problems on a 6509 switch which routes primarily using Policy Based Routing. PBR has been configured to fast-switch (by issuing ip route-cache policy) in all VLANs.

The problem is that users connected to certain VLANs are unable to access certain destination addresses. The route to these destination IPs is determined by PBR. This appears to be failing (evidence of which is that when we add a static route to one of these destinations the connection is sucessful).

The following is an example of a VLAN from which an end user is unable to reach certain destination websites. A 'show fm summary' command has been issued:

Interface: Vlan2 is up

ACL merge algorithm used:

inbound direction: BDD

outbound direction: BDD

TCAM screening for features is ACTIVE outbound

TCAM screening for features is ACTIVE inbound

Whereas a VLAN that is NOT experiencing any problems shows -

Interface: Vlan14 is up

ACL merge algorithm used:

inbound direction: BDD

outbound direction: BDD

TCAM screening for features is ACTIVE outbound

TCAM screening for features is INACTIVE inbound

The TCAM screening as active or inactive is not manually configured. Does anyone why some VLANs have TCAM screening 'active' and the others 'inactive' as all are configured the same?

It looks like TCAM memory usage might be involved in all of this. The following shows -

6509NATIVE#sh tcam counts module 1

Used Free Percent Used Reserved

---- ---- ------------ --------

Labels: 16 496 3

ACL_TCAM

Masks: 3957 139 96 0

Entries: 4087 28681 12 0

QOS_TCAM

Masks: 3 4093 0 0

Entries: 12 32756 0 0

LOU: 0 64 0

ANDOR: 0 16 0

ORAND: 0 16 0

ADJ: 6 1018 0

It does look as though we are perhaps running out of ACL masks (96% used). We are contemplating whether changing the ACL merge algorithm (command 'mls aclmerge algorithm odm') might be an answer to the problems we have been experiencing.

Any help gratefully received!

Regards

Paul

616
Views
0
Helpful
0
Replies