Trunked Switches = Limited TCAM Resources

chad · September 28, 2016, 12:46am

I originally had 2 x 3650 switches stacked, unknowing that this limits the routing resources from 24k per switch to just 24k for the whole stack. So, as advised by Cisco I removed the stack so I can utilize full resources. Now, I have the two switches trunked, not stacked.

The issue: it appears that the primary switch is still doing all the routing and my TCAM resources are still limited to 24k total, not 24k per switch. Each switch should technically behave like an L3 switch and have their full resources allowed, but they don’t. How can I rectify this problem?

Technically: switch #1 has about 10k IPv4 routed on those VLANs ported and switch #2 about 13k on the VLANs ported on that switch. Below shows otherwise.

First switch in trunk:

Cisco3650#show platform tcam utilization asic all
CAM Utilization for ASIC# 0
Table                                              Max Values        Used Values
&#45;&#45;&#45;&#45;&#45;---------------------------------------------------------------------------
Unicast MAC addresses                              32768/512         189/22  
 Directly or indirectly connected routes            16384/7168       16271/7168
L2 Multicast groups                                4096/512           0/7   
 L3 Multicast groups                                4096/512           0/9   
 QoS Access Control Entries                         3072                52
Security Access Control Entries                    1536               190
Netflow ACEs                                        768                15
Input Microflow policer ACEs                        256                 7
Output Microflow policer ACEs                       256                 7
Flow SPAN ACEs                                      512                13
Control Plane Entries                               512               240
Policy Based Routing ACEs                          1024                 9
Tunnels                                             256                 9
Input Security Associations                         256                 4
Output Security Associations and Policies           256                 9
SGT_DGT                                            4096/512           0/0   
 CLIENT_LE                                          4096/64            0/0   
 INPUT_GROUP_LE                                     6144                 0
OUTPUT_GROUP_LE                                    6144                 0

Second switch in trunk:

CAM Utilization for ASIC# 0
Table                                              Max Values        Used Values
&#45;&#45;&#45;&#45;&#45;---------------------------------------------------------------------------
Unicast MAC addresses                              32768/512         165/22  
 Directly or indirectly connected routes            16384/7168       4229/145 
 L2 Multicast groups                                4096/512           0/7   
 L3 Multicast groups                                4096/512           0/9   
 QoS Access Control Entries                         3072                52
Security Access Control Entries                    1536               190
Netflow ACEs                                        768                15
Input Microflow policer ACEs                        256                 7
Output Microflow policer ACEs                       256                 7
Flow SPAN ACEs                                      512                13
Control Plane Entries                               512               240
Policy Based Routing ACEs                          1024                 9
Tunnels                                             256                 9
Input Security Associations                         256                 4
Output Security Associations and Policies           256                 9
SGT_DGT                                            4096/512           0/0   
 CLIENT_LE                                          4096/64            0/0   
 INPUT_GROUP_LE                                     6144                 0
OUTPUT_GROUP_LE                                    6144                 0

This is not right. Each switch should be allowed it’s full 24k routing policy.

ReneMolenaar · October 11, 2016, 4:18pm

Hi Bashed,

Hmm…what does your current SDM template look like for these switches?

SW1#show sdm prefer 
 The current template is &quot;desktop default&quot; template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 0 routed interfaces and 255 VLANs. 

  number of unicast mac addresses:                  8K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    10K
    number of directly-connected IPv4 hosts:        8K
    number of indirect IPv4 routes:                 2K
  number of IPv6 multicast groups:                  0
  number of directly-connected IPv6 addresses:      0
  number of indirect IPv6 unicast routes:           0
  number of IPv4 policy based routing aces:         0
  number of IPv4/MAC qos aces:                      0.5K
  number of IPv4/MAC security aces:                 0.875k
  number of IPv6 policy based routing aces:         0
  number of IPv6 qos aces:                          0
  number of IPv6 security aces:                     0

Rene