Monitoring and Troubleshooting
SUMMARY This section describes the network monitoring and troubleshooting features of Junos OS.
Ping Hosts
Purpose
Use the CLI ping command to verify that a host can be reached over the network.
This command is useful for diagnosing host and network connectivity problems. The
device sends a series of Internet Control Message Protocol (ICMP) echo (ping)
requests to a specified host and receives ICMP echo responses.
Action
To use the ping command to send four requests
(ping count) to host3:
ping host count number
Sample Output
command-name
ping host3 count 4 user@switch> ping host3 count 4 PING host3.site.net (192.0.2.111): 56 data bytes 64 bytes from 192.0.2.111: icmp_seq=0 ttl=122 time=0.661 ms 64 bytes from 192.0.2.111: icmp_seq=1 ttl=122 time=0.619 ms 64 bytes from 192.0.2.111: icmp_seq=2 ttl=122 time=0.621 ms 64 bytes from 192.0.2.111: icmp_seq=3 ttl=122 time=0.634 ms --- host3.site.net ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.619/0.634/0.661/0.017 ms
Meaning
The
pingresults show the following information:Size of the ping response packet (in bytes).
IP address of the host from which the response was sent.
Sequence number of the ping response packet. You can use this value to match the ping response to the corresponding ping request.
Time-to-live (ttl) hop-count value of the ping response packet.
Total time between the sending of the ping request packet and the receiving of the ping response packet, in milliseconds. This value is also called round-trip time.
Number of ping requests (probes) sent to the host.
Number of ping responses received from the host.
Packet loss percentage.
Round-trip time statistics: minimum, average, maximum, and standard deviation of the round-trip time.
Monitor Traffic Through the Router or Switch
For diagnosing a problem, display real-time statistics about the traffic passing through physical interfaces on the router or switch.
To display real-time statistics about physical interfaces, perform these tasks:
- Display Real-Time Statistics About All Interfaces on the Router or Switch
- Display Real-Time Statistics About an Interface on the Router or Switch
Display Real-Time Statistics About All Interfaces on the Router or Switch
Purpose
Display real-time statistics about traffic passing through all interfaces on the router or switch.
Action
To display real-time statistics about traffic passing through all interfaces on the router or switch:
user@host> monitor interface traffic
Sample Output
command-name
user@host> monitor interface traffic host name Seconds: 15 Time: 12:31:09 Interface Link Input packets (pps) Output packets (pps) so-1/0/0 Down 0 (0) 0 (0) so-1/1/0 Down 0 (0) 0 (0) so-1/1/1 Down 0 (0) 0 (0) so-1/1/2 Down 0 (0) 0 (0) so-1/1/3 Down 0 (0) 0 (0) t3-1/2/0 Down 0 (0) 0 (0) t3-1/2/1 Down 0 (0) 0 (0) t3-1/2/2 Down 0 (0) 0 (0) t3-1/2/3 Down 0 (0) 0 (0) so-2/0/0 Up 211035 (1) 36778 (0) so-2/0/1 Up 192753 (1) 36782 (0) so-2/0/2 Up 211020 (1) 36779 (0) so-2/0/3 Up 211029 (1) 36776 (0) so-2/1/0 Up 189378 (1) 36349 (0) so-2/1/1 Down 0 (0) 18747 (0) so-2/1/2 Down 0 (0) 16078 (0) so-2/1/3 Up 0 (0) 80338 (0) at-2/3/0 Up 0 (0) 0 (0) at-2/3/1 Down 0 (0) 0 (0) Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D
Meaning
The sample output displays traffic data for active
interfaces and the amount that each field has changed since the command
started or since the counters were cleared by using the C key. In this example, the monitor interface command has
been running for 15 seconds since the command was issued or since
the counters last returned to zero.
Display Real-Time Statistics About an Interface on the Router or Switch
Purpose
Display real-time statistics about traffic passing through an interface on the router or switch.
Action
To display traffic passing through an interface on the router or switch, use the following Junos OS CLI operational mode command:
user@host> monitor interface interface-name
Sample Output
command-name
user@host> monitor interface so-0/0/1 Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i' R1 Interface: so-0/0/1, Enabled, Link is Up Encapsulation: PPP, Keepalives, Speed: OC3 Traffic statistics: Input bytes: 5856541 (88 bps) Output bytes: 6271468 (96 bps) Input packets: 157629 (0 pps) Output packets: 157024 (0 pps) Encapsulation statistics: Input keepalives: 42353 Output keepalives: 42320 LCP state: Opened Error statistics: Input errors: 0 Input drops: 0 Input framing errors: 0 Input runts: 0 Input giants: 0 Policed discards: 0 L3 incompletes: 0 L2 channel errors: 0 L2 mismatch timeouts: 0 Carrier transitions: 1 Output errors: 0 Output drops: 0 Aged packets: 0 Active alarms : None Active defects: None SONET error counts/seconds: LOS count 1 LOF count 1 SEF count 1 ES-S 77 SES-S 77 SONET statistics: BIP-B1 0 BIP-B2 0 REI-L 0 BIP-B3 0 REI-P 0 Received SONET overhead: F1 : 0x00 J0 : 0xZ
Meaning
The sample output shows the input and output packets
for a particular SONET interface (so-0/0/1). The information
can include common interface failures, such as SONET/SDH and T3 alarms,
loopbacks detected, and increases in framing errors. For more information,
see Checklist for Tracking Error Conditions.
To control the output of the command while it is running, use the keys shown in Table 1.
Action |
Key |
|---|---|
Display information about the next interface. The |
|
Display information about a different interface. The command prompts you for the name of a specific interface. |
|
Freeze the display, halting the display of updated statistics. |
|
Thaw the display, resuming the display of updated statistics. |
|
Clear (zero) the current delta counters since |
|
Stop the |
|
See the CLI Explorer for details on
using match conditions with the monitor traffic command.
Dynamic Ternary Content Addressable Memory Overview
- Understanding Dynamic Ternary Content Addressable Memory
- Applications using Dynamic TCAM Infrastructure
- Features Using TCAM Resource
- Monitoring TCAM Resource Usage
- Example: Monitoring and Troubleshooting the TCAM Resource
- Monitoring and Troubleshooting TCAM Resource in ACX Series Routers
Understanding Dynamic Ternary Content Addressable Memory
In ACX Series routers, Ternary Content Addressable Memory (TCAM) is used by various applications like firewall, connectivity fault management, PTPoE, RFC 2544, etc. The Packet Forwarding Engine (PFE) in ACX Series routers uses TCAM with defined TCAM space limits. The allocation of TCAM resources for various filter applications are statically distributed. This static allocation leads to inefficient utilization of TCAM resources when all the filter applications might not use this TCAM resource simultaneously.
The dynamic allocation of TCAM space in ACX routers efficiently allocates the available TCAM resources for various filter applications. In the dynamic TCAM model, various filter applications (such as inet-firewall, bridge-firewall, cfm-filters, etc.) can optimally utilize the available TCAM resources as and when required. Dynamic TCAM resource allocation is usage driven and is dynamically allocated for filter applications on a need basis. When a filter application no longer uses the TCAM space, the resource is freed and available for use by other applications. This dynamic TCAM model caters to higher scale of TCAM resource utilization based on application’s demand.
Applications using Dynamic TCAM Infrastructure
The following filter application categories use the dynamic TCAM infrastructure:
Firewall filter—All the firewall configurations
Implicit filter—Routing Engine (RE) demons using filters to achieve its functionality. For example, connectivity fault management, IP MAC validation, etc.
Dynamic filters—Applications using filters to achieve the functionality at the PFE level. For example, logical interface level fixed classifier, RFC 2544, etc. RE demons will not know about these filters.
System-init filters—Filters that require entries at the system level or fixed set of entries at router's boot sequence. For example, Layer 2 and Layer 3 control protocol trap, default ARP policer, etc.
Note:The System-init filter which has the applications for Layer 2 and Layer 3 control protocols trap is essential for the overall system functionality. The applications in this control group consume a fixed and minimal TCAM space from the overall TCAM space. The system-init filter will not use the dynamic TCAM infrastructure and will be created when the router is initialized during the boot sequence.
Features Using TCAM Resource
Applications using the TCAM resource is termed tcam-app in this document. For example, inet-firewall, bridge-firewall, connectivity fault management, link fault management, etc., are all different tcam-apps.
Table 2 describes the list of tcam-apps that use TCAM resources.
TCAM Apps/TCAM Users |
Feature/Functionality |
TCAM Stage |
|---|---|---|
bd-dtag-validate |
Bridge domain dual-tagged validate Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Egress |
bd-tpid-swap |
Bridge domain vlan-map with swap tpid operation |
Egress |
cfm-bd-filter |
Connectivity fault management implicit bridge-domain filters |
Ingress |
cfm-filter |
Connectivity fault management implicit filters |
Ingress |
cfm-vpls-filter |
Connectivity fault management implicit vpls filters Note:
This feature is supported only on ACX5048 and ACX5096 routers. |
Ingress |
cfm-vpls-ifl-filter |
Connectivity fault management implicit vpls logical interface filters Note:
This feature is supported only on ACX5048 and ACX5096 routers. |
Ingress |
cos-fc |
Logical interface level fixed classifier |
Pre-ingress |
fw-ccc-in |
Circuit cross-connect family ingress firewall |
Ingress |
fw-family-out |
Family level egress firewall |
Egress |
fw-fbf |
Firewall filter-based forwarding |
Pre-ingress |
fw-fbf-inet6 |
Firewall filter-based forwarding for inet6 family |
Pre-ingress |
fw-ifl-in |
Logical interface level ingress firewall |
Ingress |
fw-ifl-out |
Logical interface level egress firewall |
Egress |
fw-inet-ftf |
Inet family ingress firewall on a forwarding-table |
Ingress |
fw-inet6-ftf |
Inet6 family ingress firewall on a forwarding-table |
Ingress |
fw-inet-in |
Inet family ingress firewall |
Ingress |
fw-inet-rpf |
Inet family ingress firewall on RPF fail check |
Ingress |
fw-inet6-in |
Inet6 family ingress firewall |
Ingress |
fw-inet6-family-out |
Inet6 Family level egress firewall |
Egress |
fw-inet6-rpf |
Inet6 family ingress firewall on a RPF fail check |
Ingress |
fw-inet-pm |
Inet family firewall with port-mirror action Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Ingress |
fw-l2-in |
Bridge family ingress firewall on Layer 2 interface |
Ingress |
fw-mpls-in |
MPLS family ingress firewall |
Ingress |
fw-semantics |
Firewall sharing semantics for CLI configured firewall |
Pre-ingress |
fw-vpls-in |
VPLS family ingress firewall on VPLS interface |
Ingress |
ifd-src-mac-fil |
Physical interface level source MAC filter |
Pre-ingress |
ifl-statistics-in |
Logical level interface statistics at ingress |
Ingress |
ifl-statistics-out |
Logical level interface statistics at egress |
Egress |
ing-out-iff |
Ingress application on behalf of egress family filter for log and syslog |
Ingress |
ip-mac-val |
IP MAC validation |
Pre-ingress |
ip-mac-val-bcast |
IP MAC validation for broadcast |
Pre-ingress |
ipsec-reverse-fil |
Reverse filters for IPsec service Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Ingress |
irb-cos-rw |
IRB CoS rewrite |
Egress |
lfm-802.3ah-in |
Link fault management (IEEE 802.3ah) at ingress Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Ingress |
lfm-802.3ah-out |
Link fault management (IEEE 802.3ah) at egress |
Egress |
lo0-inet-fil |
Looback interface inet filter |
Ingress |
lo0-inet6-fil |
Looback interface inet6 filter |
Ingress |
mac-drop-cnt |
Statistics for drops by MAC validate and source MAC filters |
Ingress |
mrouter-port-in |
Multicast router port for snooping |
Ingress |
napt-reverse-fil |
Reverse filters for network address port translation (NAPT) service Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Ingress |
no-local-switching |
Bridge no-local-switching |
Ingress |
ptpoe |
Point-to-Point-Over-the-Ethernet traps Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Ingress |
ptpoe-cos-rw |
CoS rewrite for PTPoE Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Egress |
rfc2544-layer2-in |
RFC2544 for Layer 2 service at ingress |
Pre-ingress |
rfc2544-layer2-out |
RFC2544 for Layer 2 service at egress Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Egress |
service-filter-in |
Service filter at ingress Note:
This feature is not supported on ACX5048 and ACX5096 routers. |
Ingress |
Monitoring TCAM Resource Usage
You can use the show and clear commands to monitor and troubleshoot dynamic TCAM resource usage.
Table 3 summarizes the command-line interface (CLI) commands you can use to monitor and troubleshoot dynamic TCAM resource usage.
Task |
Command |
|---|---|
Display the shared and the related applications for a particular application |
|
Display the TCAM resource usage for an application and stages (egress, ingress, and pre-ingress) |
(ACX5448) show pfe filter hw summary |
Display the TCAM resource usage errors for applications and stages (egress, ingress, and pre-ingress) |
|
Clears the TCAM resource usage error statistics for applications and stages (egress, ingress, and pre-ingress) |
Example: Monitoring and Troubleshooting the TCAM Resource
This section describes a use case where you can monitor and troubleshoot TCAM resources using show commands. In this use case scenario, you have configured Layer 2 services and the Layer 2 service-related applications are using TCAM resources. The dynamic approach, as shown in this example, gives you the complete flexibility to manage TCAM resources on a need basis.
The service requirement is as follows:
Each bridge domain has one UNI and one NNI interface
Each UNI interface has:
One logical interface level policer to police the traffic at 10 Mbps.
Multifield classifier with four terms to assign forwarding class and loss-priority.
Each UNI interface configures CFM UP MEP at the level 4.
Each NNI interface configures CFM DOWN MEP at the level 2
Let us consider a scenario where there are 100 services configured on the router. With this scale, all the applications are configured successfully and the status shows OK state.
-
Viewing TCAM resource usage for all stages.
To view the TCAM resource usage for all stages (egress, ingress, and pre-ingress), use the
show pfe tcam usage all-tcam-stages detailcommand. On ACX5448 routers, use theshow pfe filter hw summarycommand to view the TCAM resource usgae.user@host> show pfe tcam usage all-tcam-stages detail Slot 0 Tcam Resource Stage: Pre-Ingress -------------------------------- Free [hw-grps: 3 out of 3] No dynamic tcam usage Tcam Resource Stage: Ingress ---------------------------- Free [hw-grps: 2 out of 8] Group: 11, Mode: SINGLE, Hw grps used: 3, Tcam apps: 2 Used Allocated Available Errors Tcam-Entries 800 1024 224 0 Counters 800 1024 224 0 Policers 0 1024 1024 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- cfm-filter 500 500 0 3 OK cfm-bd-filter 300 300 0 2 OK Group: 8, Mode: DOUBLE, Hw grps used: 2, Tcam apps: 1 Used Allocated Available Errors Tcam-Entries 500 512 12 0 Counters 500 1024 524 0 Policers 0 1024 1024 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- fw-l2-in 500 500 0 2 OK fw-semantics 0 X X 1 OK Group: 14, Mode: SINGLE, Hw grps used: 1, Tcam apps: 1 Used Allocated Available Errors Tcam-Entries 200 512 312 0 Counters 200 512 312 0 Policers 100 512 412 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- fw-ifl-in 200 200 100 1 OK Tcam Resource Stage: Egress --------------------------- Free [hw-grps: 3 out of 3] No dynamic tcam usage Configure additional Layer 2 services on the router.
For example, add 20 more services on the router, thereby increasing the total number of services to 120. After adding more services, you can check the status of the configuration by verifying either the syslog message using the command
show log messages, or by running theshow pfe tcam errorscommand.The following is a sample syslog message output showing the TCAM resource shortage for Ethernet-switching family filters for newer configurations by running the
show log messagesCLI command.[Sat Jul 11 16:10:33.794 LOG: Err] ACX Error (dfw):acx_dfw_check_phy_slice_availability :Insufficient phy slices to accomodate grp:13/IN_IFF_BRIDGE mode:1/DOUBLE [Sat Jul 11 16:10:33.794 LOG: Err] ACX Error (dfw):acx_dfw_check_resource_availability :Could not write filter: f-bridge-ge-0/0/0.103-i, insufficient TCAM resources [Sat Jul 11 16:10:33.794 LOG: Err] ACX Error (dfw):acx_dfw_update_filter_in_hw :acx_dfw_check_resource_availability failed for filter:f-bridge-ge-0/0/0.103-i [Sat Jul 11 16:10:33.794 LOG: Err] ACX Error (dfw):acx_dfw_create_hw_instance :Status:1005 Could not program dfw(f-bridge-ge-0/0/0.103-i) type(IN_IFF_BRIDGE)! [1005] [Sat Jul 11 16:10:33.794 LOG: Err] ACX Error (dfw):acx_dfw_bind_shim :[1005] Could not create dfw(f-bridge-ge-0/0/0.103-i) type(IN_IFF_BRIDGE) [Sat Jul 11 16:10:33.794 LOG: Err] ACX Error (dfw):acx_dfw_bind :[1000] bind failed for filter f-bridge-ge-0/0/0.103-i
If you use the
show pfe tcam errors all-tcam-stages detailCLI command to verify the status of the configuration, the output will be as shown below:user@host> show pfe tcam errors all-tcam-stages detail Slot 0 Tcam Resource Stage: Pre-Ingress -------------------------------- Free [hw-grps: 3 out of 3] No dynamic tcam usage Tcam Resource Stage: Ingress ---------------------------- Free [hw-grps: 2 out of 8] Group: 11, Mode: SINGLE, Hw grps used: 3, Tcam apps: 2 Used Allocated Available Errors Tcam-Entries 960 1024 64 0 Counters 960 1024 64 0 Policers 0 1024 1024 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- cfm-filter 600 600 0 3 OK cfm-bd-filter 360 360 0 2 OK Group: 8, Mode: DOUBLE, Hw grps used: 2, Tcam apps: 1 Used Allocated Available Errors Tcam-Entries 510 512 2 18 Counters 510 1024 514 0 Policers 0 1024 1024 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- fw-l2-in 510 510 0 2 FAILED fw-semantics 0 X X 1 OK App error statistics: ---------------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- fw-l2-in 18 0 0 2 FAILED fw-semantics 0 X X 1 OK Group: 14, Mode: SINGLE, Hw grps used: 1, Tcam apps: 1 Used Allocated Available Errors Tcam-Entries 240 512 272 0 Counters 240 512 272 0 Policers 120 512 392 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- fw-ifl-in 240 240 120 1 OK Tcam Resource Stage: Egress --------------------------- Free [hw-grps: 3 out of 3] No dynamic tcam usageThe output indicates that the fw-l2-in application is running out of TCAM resources and moves into a FAILED state. Although there are two TCAM slices available at the ingress stage, the fw-l2-in application is not able to use the available TCAM space due to its mode (DOUBLE), resulting in resource shortage failure.
-
Fixing the applications that have failed due to the shortage of TCAM resouces.
The fw-l2-in application failed because of adding more number of services on the routers, which resulted in shortage of TCAM resources. Although other applications seems to work fine, it is recommended to deactivate or remove the newly added services so that the fw-l2-in application moves to an OK state. After removing or deactivating the newly added services, you need to run the
show pfe tcam usageandshow pfe tcam errorcommands to verify that there are no more applications in failed state.To view the TCAM resource usage for all stages (egress, ingress, and pre-ingress), use the
show pfe tcam usage all-tcam-stages detailcommand. For ACX5448 routers, use theshow pfe filter hw summarycommand to to view the TCAM resource usage.user@host> show pfe tcam usage all-tcam-stages detail Slot 0 Tcam Resource Stage: Pre-Ingress -------------------------------- Free [hw-grps: 3 out of 3] No dynamic tcam usage Tcam Resource Stage: Ingress ---------------------------- Free [hw-grps: 2 out of 8] Group: 11, Mode: SINGLE, Hw grps used: 3, Tcam apps: 2 Used Allocated Available Errors Tcam-Entries 800 1024 224 0 Counters 800 1024 224 0 Policers 0 1024 1024 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- cfm-filter 500 500 0 3 OK cfm-bd-filter 300 300 0 2 OK Group: 8, Mode: DOUBLE, Hw grps used: 2, Tcam apps: 1 Used Allocated Available Errors Tcam-Entries 500 512 12 18 Counters 500 1024 524 0 Policers 0 1024 1024 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- fw-l2-in 500 500 0 2 OK fw-semantics 0 X X 1 OK Group: 14, Mode: SINGLE, Hw grps used: 1, Tcam apps: 1 Used Allocated Available Errors Tcam-Entries 200 512 312 0 Counters 200 512 312 0 Policers 100 512 412 0 App tcam usage: ---------------- App-Name Entries Counters Policers Precedence State Related-App-Name .. ----------------------------------------------------------------- fw-ifl-in 200 200 100 1 OK Tcam Resource Stage: Egress --------------------------- Free [hw-grps: 3 out of 3] No dynamic tcam usageTo view TCAM resource usage errors for all stages (egress, ingress, and pre-ingress), use the
show pfe tcam errors all-tcam-stagescommand.user@host> show pfe tcam errors all-tcam-stages detail Slot 0 Tcam Resource Stage: Pre-Ingress -------------------------------- No tcam usage Tcam Resource Stage: Ingress ---------------------------- Group: 11, Mode: SINGLE, Hw grps used: 3, Tcam apps: 2 Errors Resource-Shortage Tcam-Entries 0 0 Counters 0 0 Policers 0 0 Group: 8, Mode: DOUBLE, Hw grps used: 2, Tcam apps: 1 Errors Resource-Shortage Tcam-Entries 18 0 Counters 0 0 Policers 0 0 Group: 14, Mode: SINGLE, Hw grps used: 1, Tcam apps: 1 Errors Resource-Shortage Tcam-Entries 0 0 Counters 0 0 Policers 0 0 Tcam Resource Stage: Egress --------------------------- No tcam usageYou can see that all the applications using the TCAM resources are in OK state and indicates that the hardware has been successfully configured.
As shown in the example, you will need to run the show pfe tcam errors and
show pfe tcam usage commands at each step to ensure that your
configurations are valid and that the applications using TCAM resource are in OK state.
For ACX5448 routers, use the show pfe filter hw summary command to view
the TCAM resource usage.
Monitoring and Troubleshooting TCAM Resource in ACX Series Routers
The dynamic allocation of Ternary Content Addressable Memory (TCAM) space in ACX Series efficiently allocates the available TCAM resources for various filter applications. In the dynamic TCAM model, various filter applications (such as inet-firewall, bridge-firewall, cfm-filters, etc.) can optimally utilize the available TCAM resources as and when required. Dynamic TCAM resource allocation is usage driven and is dynamically allocated for filter applications on a need basis. When a filter application no longer uses the TCAM space, the resource is freed and available for use by other applications. This dynamic TCAM model caters to higher scale of TCAM resource utilization based on application’s demand. You can use the show and clear commands to monitor and troubleshoot dynamic TCAM resource usage in ACX Series routers.
Applications using the TCAM resource is termed tcam-app in this document.
Dynamic Ternary Content Addressable Memory Overview shows the task and the commands to monitor and troubleshoot TCAM resources in ACX Series routers
|
How to |
Command |
|---|---|
|
View the shared and the related applications for a particular application. |
|
|
View the number of applications across all tcam stages. |
|
|
View the number of applications using the TCAM resource at a specified stage. |
|
|
View the TCAM resource used by an application in detail. |
|
|
View the TCAM resource used by an application at a specified stage. |
|
|
Know the number of TCAM resource consumed by a tcam-app |
|
|
View the TCAM resource usage errors for all stages. |
|
|
View the TCAM resource usage errors for a stage |
|
|
View the TCAM resource usage errors for an application. |
|
|
View the TCAM resource usage errors for an application along with its other shared application. |
|
|
Clear the TCAM resource usage error statistics for all stages. |
|
|
Clear the TCAM resource usage error statistics for a specified stage |
|
|
Clear the TCAM resource usage error statistics for an application. |
|
To know more about dynamic TCAM in ACX Series, see Dynamic Ternary Content Addressable Memory Overview.
Service Scaling on ACX5048 and ACX5096 Routers
On ACX5048 and ACX5096 routers, a typical service (such as ELINE, ELAN and IP VPN) that is deployed might require applications (such as policers, firewall filters, connectivity fault management IEEE 802.1ag, RFC2544) that uses the dynamic TCAM infrastructure.
Service applications that uses TCAM resources is limited by the TCAM resource availability. Therefore, the scale of the service depends upon the consumption of the TCAM resource by such applications.
A sample use case for monitoring and troubleshooting service scale in ACX5048 and ACX5096 routers can be found at the Dynamic Ternary Content Addressable Memory Overview section.
Understand and Configure the Unified Forwarding Table
- Use the Unified Forwarding Table to Optimize Address Storage
- Configure the Unified Forwarding Table to Optimize Address Storage Using Profiles
Use the Unified Forwarding Table to Optimize Address Storage
ACX5048 and ACX5096 routers support the use of a unified forwarding table to optimize address storage. This feature gives you the flexibility to configure your router to match the needs of your particular network environment. You can control the allocation of forwarding table memory available to store the following entries:
MAC addresses
Layer 3 host entries
Longest prefix match (LPM) table entries
You can use five predefined profiles (l2-profile-one, l2-profile-two, l2-profile-three, l3-profile, lpm-profile) to allocate the table memory space differently for each of these entries. The sizes of the Layer 2 MAC address table, Layer 3 host entry table, and Layer 3 LPM table are decided based on the selected profile. You can configure and select the profiles that best suits your network environment needs.
Table 5 illustrates the predefined profiles in the unified forwarding table and the respective table sizes.
Profile |
Layer 2 MAC Address Table |
Layer 3 Host Table |
Layer 3 LPM Table |
|---|---|---|---|
l2-profile-one |
288 K |
16 K |
16 K |
l2-profile-two |
224 K |
80 K |
16 K |
l2-profile-three (default) |
160 K |
144 K |
16 K |
l3-profile |
96 K |
208 K |
16 K |
lpm-profile |
32 K |
16 K |
128 K |
IPv4 unicast, IPv6 unicast, IPv4 multicast, and IPv6 multicast route addresses share the Layer 3 host entry table. If the host table stores the maximum number of entries for any given type, the entire table is full and is unable to accommodate any entries of any other type. The IPv4 multicast and IPv6 unicast addresses occupy double the space as that occupied by IPv4 unicast entries, and IPv6 multicast addresses occupy four times the space of the IPv4 unicast addresses. Table 6 shows the Layer 3 host table size for each profile.
Profile |
Layer 3 Host Table |
|||
|---|---|---|---|---|
IPv4 Unicast |
IPv4 Multicast |
IPv6 Unicast |
IPv6 Multicast |
|
l2-profile-one |
16 K |
8 K |
8 K |
4 K |
l2-profile-two |
80 K |
40 K |
40 K |
20 K |
l2-profile-three (default) |
144 K |
72 K |
72 K |
36 K |
l3-profile |
208 K |
104 K |
104 K |
52 K |
lpm-profile |
16 K |
8 K |
8 K |
4 K |
The Layer 3 LPM table is shared between IPv4 route prefixes and IPv6 route prefixes. Table 7 illustrates the size of the table for different profiles of the IPv4 and IPv4 addresses in the Layer 3 LPM table. When unicast reverse-path forwarding (unicast RPF) is enabled, the table size reduces to half.
Profile |
Layer 3 LPM Table |
||
|---|---|---|---|
IPv4 Unicast |
IPv6 Unicast (Prefix <= /64) |
IPv6 Unicast (Prefix > /64) |
|
l2-profile-one |
16 K |
8 K |
4 K |
l2-profile-two |
16 K |
8 K |
4 K |
l2-profile-three (default) |
16 K |
8 K |
4 K |
l3-profile |
16 K |
8 K |
4 K |
lpm-profile |
128 K |
40 K |
8 K |
By default, there is no space allocated for IPv6 prefix address longer than /64 in the LPM table. Therefore, prefix address longer than /64 are not allowed in the table by default. The entire table is available for IPv4 addresses and for IPv6 addresses that have prefixes shorter than /64. You can provide space in the table for addresses with prefixes longer than /64 by using CLI configuration. The number of entries reserved for these prefixes is configured in multiples of 16.
Configure the Unified Forwarding Table to Optimize Address Storage Using Profiles
You can use five predefined profiles (l2-profile-one, l2-profile-two, l2-profile-three, l3-profile, lpm-profile) to allocate the table memory space. The sizes of the Layer 2 MAC address table, Layer 3 host entry table, and Layer 3 LPM table are decided based on the selected profile. You can configure and select the profiles that best suits your network environment needs.
When you configure and commit a profile, the Packet Forwarding Engine (PFE) process restarts and all the data interfaces on the router go down and come back up.
The settings for l2-profile-three are configured
by default. That is, if you do not configure the forwarding–options
chassis profile-name statement, the l2-profile-three profile settings are configured.