交换机 : Cisco Catalyst 6500 系列交换机

EARL 8分类管理器:LOUs、L4Ops和Capmap表的一个性能上的考试

2016 年 10 月 27 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈

简介

分类管理器(CM)管理分类三重内容可编址存储器和相关的资源例如标签、逻辑运算单元(LOUs), capmap条目和其他。功能管理器(FM)和QoS管理器用于CM服务(QM)编程TCAM条目支持Cisco IOS访问控制表(ACL)和服务质量(QoS)功能。本文描述LOUs和Layer4操作(L4Ops)如何被编程到capmap表。它提供故障情景,在这些情况下您典型地遇到的这错误,并且什么您应该从这些错误推断。

贡献用Aninda Chatterjee, Cisco TAC工程师。

背景信息

LOUs和L4Ops - LOUs代表逻辑运算单元,是硬件寄存器使用存储{操作员,操作数}在ACL和VLAN访问控制列表指定的TCP/UDP端口号的元组(VACL)。这些元组也呼叫作为L4Ops。例如,如果匹配主机x到主机Y gt 1023,然后元组变为{gt, 1023}。

L4Ops - Layer4操作。

Capmap表-以前描述的L4Ops被编程到由条目参考在capmap表里的LOU寄存器。每个capmap表有限制10个(一个人为方向保留,减少限制到九)条目(L4Ops)。TCAM标签标注Capmap表。 

有两TCAMs、A和B;每TCAM有8K标签。对于每TCAM,有2K条目一个capmap表。因为每TCAM有8K标签,有4:1重叠在这里-四个标签地图对一个capmap条目。重叠是:1=2049=4097=6145

基本上,这意味着TCAM标签1, 2049, 4097和6145使用同一个capmap索引。TCAM标签分配的因此思科的传统implemenation导致问题交迭。思科分配了有差距的TCAM标签2K (是2048准确的)。这暗示分配将采取表1, 2049, 4097, 6145, 2, 2050, 4098, 6146,等等。

因此,从开始,此TCAM分配是这样capmap表交迭。这是展示此的示例(采取从Cisco Bug ID CSCuo02666)。这是两个ACL、a1和a2,定义和应用对interface VLAN 1和接口VLAN 2如显示此处:

Sup2T(config)#ip access-list extended a1
Sup2T(config-ext-nacl)# permit ip host 1.1.1.1 any dscp 1
Sup2T(config-ext-nacl)# permit ip host 1.1.1.1 any dscp 2
Sup2T(config-ext-nacl)# permit ip host 1.1.1.1 any dscp 3
Sup2T(config-ext-nacl)# permit ip host 1.1.1.1 any dscp 4
Sup2T(config-ext-nacl)# permit ip host 1.1.1.1 any dscp 5
Sup2T(config-ext-nacl)#exit

Sup2T(config)#int vlan 1
Sup2T(config-if)#ip access-group a1 in
Sup2T(config-if)#exit

Sup2T(config)#ip access-list extended a2
Sup2T(config-ext-nacl)# permit ip host 1.1.1.2 any dscp 6
Sup2T(config-ext-nacl)# permit ip host 1.1.1.2 any dscp 7
Sup2T(config-ext-nacl)# permit ip host 1.1.1.2 any dscp cs1
Sup2T(config-ext-nacl)# permit ip host 1.1.1.2 any dscp 9
Sup2T(config-ext-nacl)#exit

Sup2T(config)#int vlan 2
Sup2T(config-if)#ip access-group a2 in
Sup2T(config-if)#end

这当前是这些接口的TCAM :

Sup2T#show platform hardware acl entry interface vlan 1 security in ip detail 
mls_if_index:20000001 dir:0 feature:0 proto:0


pass#0 features
UAPRSF: U-urg, A-ack, P-psh, R-rst, S-syn, F-fin
MLGFI: M-mpls_plus_ip_pkt, L-L4_hdr_vld, G-gpid_present,F-global_fmt_match,
I-ife/ofe
's' means set; 'u' means unset; '-' means don't care
----------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
------
I     INDEX  LABEL FS ACOS    AS           IP_SA        SRC_PORT
IP_DA        DST_PORT F FF L4PROT TCP-F:UAPRSF MLGFI OtherL4OPs
RSLT                  CNT
---------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------
---------


fno:0

tcam:B, bank:0, prot:0    Aces

I  V  16366   2049  0    0     0         1.1.1.1               -         0.0.0.0
- 0  0      0      -       ----- dscp=5;                       0x0000000000000038
0
I  M  16366 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  16367   2049  0    0     0         1.1.1.1               -         0.0.0.0
- 0  0      0      -       ----- dscp=4;                       0x0000000000000038
0
I  M  16367 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  16368   2049  0    0     0         1.1.1.1               -         0.0.0.0
- 0  0      0      -       ----- dscp=3;                       0x0000000000000038
0
I  M  16368 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  16369   2049  0    0     0         1.1.1.1               -         0.0.0.0
- 0  0      0      -       ----- dscp=2;                       0x0000000000000038
0
I  M  16369 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  16370   2049  0    0     0         1.1.1.1               -         0.0.0.0
- 0  0      0      -       ----- dscp=1;                       0x0000000000000038
0
I  M  16370 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  16371   2049  0    0     0         0.0.0.0               -         0.0.0.0
- 0  0      0      -       -----          -                    0x0000000040000038
0
I  M  16371 0x1FFF  0 0x00 0x000         0.0.0.0               -         0.0.0.0
- 0  0    0x0



Sup2T#show platform hardware acl entry interface vlan 2 security in ip detail
mls_if_index:20000002 dir:0 feature:0 proto:0


pass#0 features
UAPRSF: U-urg, A-ack, P-psh, R-rst, S-syn, F-fin
MLGFI: M-mpls_plus_ip_pkt, L-L4_hdr_vld, G-gpid_present,F-global_fmt_match, I-ife/ofe
's' means set; 'u' means unset; '-' means don't care
----------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
------
I     INDEX  LABEL FS ACOS    AS           IP_SA        SRC_PORT
IP_DA        DST_PORT F FF L4PROT TCP-F:UAPRSF MLGFI OtherL4OPs
RSLT                  CNT
-----------------------------------------------------------------
-----------------------------------------------------------------
-----------------------------------------------------------------


fno:0

tcam:B, bank:1, prot:0    Aces

I  V  32738   4097  0    0     0         1.1.1.2               -         0.0.0.0
- 0  0      0      -       ----- dscp=9;                       0x0000000000000038
0
I  M  32738 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  32739   4097  0    0     0         1.1.1.2               -         0.0.0.0
- 0  0      0      -       ----- dscp=8;                       0x0000000000000038
0
I  M  32739 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  32740   4097  0    0     0         1.1.1.2               -         0.0.0.0
- 0  0      0      -       ----- dscp=7;                       0x0000000000000038
0
I  M  32740 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  32741   4097  0    0     0         1.1.1.2               -         0.0.0.0
- 0  0      0      -       ----- dscp=6;                       0x0000000000000038
0
I  M  32741 0x1FFF  0 0x00 0x000 255.255.255.255               -         0.0.0.0
- 0  0    0x0
I  V  32745   4097  0    0     0         0.0.0.0               -         0.0.0.0
- 0  0      0      -       -----          -                    0x0000000040000038
0
I  M  32745 0x1FFF  0 0x00 0x000         0.0.0.0               -         0.0.0.0
- 0  0    0x0

为interface VLAN 1分配的TCAM标签是2049,并且分配的TCAM标签建立接口VLAN 2是4097。这意味着这两个接口使用同一个capmap表为了参考他们L4Op编程的LOU寄存器。

您能用此命令确认此(在ACL a1的五ACE和在ACL a2的四ACE暗示您应该参见capmap表如全双工) :

Sup2T#show platform hardware acl capmap tcam B label 4097
Hardware Capmap Table Entry For TCAM B. Free items are not shown

Index   Loc[9]  [8]  [7]  [6]  [5]  [4]  [3]  [2]  [1]  [0]
-----   ------  ---  ---  ---  ---  ---  ---  ---  ---  ---
    1      212   10    9    8    7    6    5    4    3    2


Sup2T#show platform hardware acl capmap tcam B label 2049
Hardware Capmap Table Entry For TCAM B. Free items are not shown

Index   Loc[9]  [8]  [7]  [6]  [5]  [4]  [3]  [2]  [1]  [0]
-----   ------  ---  ---  ---  ---  ---  ---  ---  ---  ---
    1      212   10    9    8    7    6    5    4    3    2

那么当前,在此阶段,如果尝试安装另一个L4Op-based访问控制项(ACE),不是可扩展的,对于任何这些接口,您不会收到自由capmap条目联机错误。

Sup2T(config)#ip access-list extended a2
Sup2T(config-ext-nacl)#permit ip host 1.1.1.2 any dscp 10
Sup2T(config-ext-nacl)#end

*Sep 16 14:57:55.983: %EARL_CM-5-NOCAPMAP: No free capmap entry available
*Sep 16 14:57:55.991: %FMCORE-4-RACL_REDUCED: Interface Vlan2 routed traffic
will be software switched in ingress direction. L2 features may not be applied
at the interface

这导致桥接潜在将引起更加缓慢的交换、高CPU利用率和其他相关问题的整个接口的软件。

注意:Cisco Bug ID CSCuo02666被上升解决此问题。引入在逻辑上的最大的变化是如何分配TCAM标签。现在思科不断地分配TCAM标签(2,3,4,5,等等) 2048而不是在2K差距。这意味着capmap表从开始不再共享。

切记LOUs,类似其他硬件资源,被限制。有总共104 LOUs联机为使用:

Sup2T#show platform software acl lou 
LOUs Registers (shadow copies)

Index      Type  A_Op  A_Val  A_Cnt  B_Op  B_Val  B_Cnt
-----  --------  ----  -----  -----  ----  -----  -----
    0PKT_QOS_GI A is free.            NEQ      0      1
    1  DST_PORT    LT     81      2 B is free.         
    2  B & A are free
    3  B & A are free
    4  B & A are free
    5  B & A are free
    6  B & A are free
    7  B & A are free
    8  B & A are free
    9  B & A are free
   10  B & A are free
   11  B & A are free
   12  B & A are free
   13  B & A are free
   14  B & A are free
   15  B & A are free

*snip*
 
   95  B & A are free
   96  B & A are free
   97  B & A are free
   98  B & A are free
   99  B & A are free
  100  B & A are free
  101  B & A are free
  102  B & A are free
  103  B & A are free

程序Capmap表和LOU寄存器

Capmap表,只有当L4必须考虑到时,使用操作。注意匹配在差分服务代码点/业务类别(CoS)值也考虑作为L4Op。这是简单的示例(使用包括CSCuo02666修正)本文递增构件的编码版本:

Sup2T#show ip access-lists a3
Extended IP access list a3
    10 permit ip host 192.168.1.1 host 192.168.1.2

I have this applied to interface VLAN 1.

Sup2T#show run int vlan 1
Building configuration...

Current configuration : 84 bytes
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 ip access-group a3 in
end

这正确地被编程到TCAM :

Sup2T#show platform hardware acl entry interface vlan 1 security in ip
mls_if_index:20000001 dir:0 feature:0 proto:0


pass#0 features


fno:0

tcam:B, bank:1, prot:0    Aces


Permit                ip host 192.168.1.1 host 192.168.1.2  
L3_Deny               ip any any

Sup2t-MA1.7#show platform hardware acl entry interface vlan 1 security in ip detail   
mls_if_index:20000001 dir:0 feature:0 proto:0


pass#0 features
UAPRSF: U-urg, A-ack, P-psh, R-rst, S-syn, F-fin
MLGFI: M-mpls_plus_ip_pkt, L-L4_hdr_vld, G-gpid_present,F-global_fmt_match, I-ife/ofe
's' means set; 'u' means unset; '-' means don't care
----------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
------
I     INDEX  LABEL FS ACOS    AS           IP_SA        SRC_PORT
IP_DA        DST_PORT F FF L4PROT TCP-F:UAPRSF MLGFI OtherL4OPs
RSLT                  CNT
----------------------------------------------------------------
----------------------------------------------------------------
-----------------------------------------------------------------
-----


fno:0

tcam:B, bank:1, prot:0    Aces

I  V  32741   2  0    0     0        192.168.1.1               -     192.168.1.2
- 0  0      0      -       -----          -                    0x0000000000000038
0
I  M  32741 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
- 0  0    0x0
I  V  32745   2  0    0     0            0.0.0.0               -         0.0.0.0
- 0  0      0      -       -----          -                    0x0000000040000038
0
I  M  32745 0x1FFF  0 0x00 0x000         0.0.0.0               -         0.0.0.0
- 0  0    0x0

Capmap表通过TCAM标签被参考。您在显示平台软件[hardware] ACL capmap TCAM <>标签<>命令能使用TCAM标签为了查看对应的表(软件或硬件)此TCAM标签的。

Sup2T#show platform hardware acl capmap tcam B label 2
Hardware Capmap Table Entry For TCAM B. Free items are not shown

Index   Loc[9]  [8]  [7]  [6]  [5]  [4]  [3]  [2]  [1]  [0]
-----   ------  ---  ---  ---  ---  ---  ---  ---  ---  ---
    1      212    0    0    0    0    0    0    0    0    0

什么都在此标签的capmap表里没有分配。定义ACL没有L4Ops;没有需求安装一个条目在capmap表里。

更改此ACE对此:

Sup2T#show ip access-lists a3
Extended IP access list a3
    10 permit tcp host 192.168.1.1 host 192.168.1.2 eq www

再查看capmap表。

Sup2T#show platform software acl capmap tcam B label 2
Shadow Capmap Table Entry For TCAM B

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]              [1]
[0]       
----- ----- ---------------- ---------------- ---------------- ---------
------- ---------------- ---------------- ---------------- -------------
--- ---------------- ----------------
    1     9         Reserved             Free             Free             Free
Free             Free             Free             Free             Free
Free

如果直接地等同于对port-number,不算作是L4Op。

更改它对此:

Sup2T#show ip access-lists a3
Extended IP access list a3
    10 permit tcp host 192.168.1.1 host 192.168.1.2 gt www

更加检查capmap表:

Sup2T#show platform software acl capmap tcam B label 2
Shadow Capmap Table Entry For TCAM B

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]              [1]
[0]       
----- ----- ---------------- ---------------- ---------------- ---------
------- ---------------- ---------------- ---------------- ------------
---- ---------------- ----------------
    2     8 212/0/1                      Free             Free             Free
Free             Free             Free             Free             Free   3/1/1 

当前有一个条目在capmap表里。ACE翻译到一3/1/1在capmap表里。 这是格式RST/INV/CNT。LOU寄存器此L4Op安装此处的RST指定,并且CNT描述此LOU的(关于此以后的更多信息聚集的计数)。查看此输出为了知道如何标注RST值:

Sup2T#show platform software acl capmap mapping 
        L4op_sel value      Reference   
        ==============      =========
        0      ------         LOU0 B register
        1     ------         LOU0 A register
        2     ------         LOU1 B register
        3     ------         LOU1 A register
       .....                 ..............
       .....                 ..............
       206     -----         LOU103 B register
       207     -----         LOU103 A register
       208     -----         Global format match for global acl
       209     -----         Group id present
       210     -----         L4_hdr_vld
       211     -----         Mpls_plus_ip_pkt
       212     -----         ife/ofe for direction
      (213-223)     ----      Reserved
      (224-239)     ----      16 TCP flags map
      (240-255)     ----      16 IPv6 ext header map

您能看到L4op_sel值为0指向LOU0变址寄存器,值为1指向LOU0 A寄存器,值对LOU1变址寄存器的2点,值对LOU1变址寄存器的3点,等等。A寄存器首先总是被编程。即然您看到此,输出的3/1/1有更多意义。

在此输出中, 3意味着L4Op被编程了到LOU1 A寄存器。您能也验证L4Op被编程的地方,如果直接地调查LOU寄存器的内容:

Sup2T#show platform software acl lou
LOUs Registers (shadow copies)

Index      Type  A_Op  A_Val  A_Cnt  B_Op  B_Val  B_Cnt
-----  --------  ----  -----  -----  ----  -----  -----
    0PKT_QOS_GI A is free.            NEQ      0      1
    1  DST_PORT    LT     81      1 B is free.         
    2  B & A are free
    3  B & A are free
    4  B & A are free

*snip*

Sup2T#show platform hardware acl lou
Dumping h/w lou values

Index  lou_mux_sel  A_Opcode  A_Value  B_Opcode  B_Value
-----  -----------  --------  -------  --------  -------
    0            7       NEQ        0       NEQ        0
    1            1        LT       81       NEQ        0
    2            0       NEQ        0       NEQ        0
    3            0       NEQ        0       NEQ        0

*snip*

正如你看到的a (gt, X)元组获得被编程作为(LT, X+1)在LOU寄存器。

注意:只有当他们应用对接口时, L4Ops获得编程到LOU寄存器。如果ACL创建与L4Ops (没有实际上应用对接口)的ACL,不编程可适用的L4Ops到LOU寄存器。

从interface VLAN 1删除ACL并且再查看LOU寄存器:

Sup2T(config)#int vlan 1
Sup2T(config-if)#no ip access-group a3 in

Sup2T#show platform software acl lou
LOUs Registers (shadow copies)

Index      Type  A_Op  A_Val  A_Cnt  B_Op  B_Val  B_Cnt
-----  --------  ----  -----  -----  ----  -----  -----
    0PKT_QOS_GI A is free.            NEQ      0      1
    1  B & A are free
    2  B & A are free
    3  B & A are free
    4  B & A are free


*snip*

Sup2T#show platform hardware acl lou
Dumping h/w lou values

Index  lou_mux_sel  A_Opcode  A_Value  B_Opcode  B_Value
-----  -----------  --------  -------  --------  -------
    0            7       NEQ        0       NEQ        0
    1            1       NEQ        0       NEQ        0
    2            0       NEQ        0       NEQ        0
    3            0       NEQ        0       NEQ        0

*snip*

案例研究#1 - ACL用TCP标志

TCP标志有在LOU寄存器范围内分配的特殊的寄存器。您能通过显示平台软件ACL capmap映射命令查看此范围如显示此处:

Sup2T#show platform software acl capmap mapping
        L4op_sel value      Reference   
        ==============      =========
        0      ------         LOU0 B register
        1     ------         LOU0 A register
        2     ------         LOU1 B register
        3     ------         LOU1 A register
       .....                 ..............
       .....                 ..............
       206     -----         LOU103 B register
       207     -----         LOU103 A register
       208     -----         Global format match for global acl
       209     -----         Group id present
       210     -----         L4_hdr_vld
       211     -----         Mpls_plus_ip_pkt
       212     -----         ife/ofe for direction
      (213-223)     ----      Reserved
      (224-239)     ----      16 TCP flags map
      (240-255)     ----      16 IPv6 ext header map

L4op_sel值224-239是可用使用TCP标志,给您一套16个登记使用。这是简单的示例对demostrate这。此ACL定义:

Sup2T(config)#ip access-list extended a13 
Sup2T(config-ext-nacl)#permit tcp host 192.168.13.10 host 192.168.13.20 syn
Sup2T(config-ext-nacl)#exit

应用此入站在接口VLAN 13 :

Sup2T(config)#int vlan 13
Sup2T(config-if)#ip access-group a13 in
Sup2T(config-if)#end


Sup2T#show platform hardware acl entry interface vlan 13 security in ip detail   
mls_if_index:2000000D dir:0 feature:0 proto:0


pass#0 features
UAPRSF: U-urg, A-ack, P-psh, R-rst, S-syn, F-fin
MLGFI: M-mpls_plus_ip_pkt, L-L4_hdr_vld, G-gpid_present,F-global_fmt_match, I-ife/ofe
's' means set; 'u' means unset; '-' means don't care
----------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------
--------
I     INDEX  LABEL FS ACOS    AS           IP_SA        SRC_PORT
IP_DA        DST_PORT F FF L4PROT TCP-F:UAPRSF MLGFI OtherL4OPs
RSLT                  CNT
----------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
------


fno:0

tcam:B, bank:1, prot:0    Aces

I  V  32545     13  0    0     0   192.168.13.10               -   192.168.13.20
- 0  0      1   ANY:----s- -----          -                    0x0000000000000038
0
I  M  32545 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
- 0  0    0xF
I  V  32546     13  0    0     0   192.168.13.10               -   192.168.13.20
- 1  0      1      -       -----          -                    0x0000000000000038
0
I  M  32546 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
- 1  0    0xF
I  V  32547     13  0    0     0         0.0.0.0               -         0.0.0.0
- 0  0      0      -       -----          -                    0x0000000040000038
0
I  M  32547 0x1FFF  0 0x00 0x000         0.0.0.0               -         0.0.0.0
- 0  0    0x0
Sup2T#show platform software acl capmap tcam B label 13
Shadow Capmap Table Entry For TCAM B

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]              [1]
[0]       
----- ----- ---------------- ---------------- ---------------- ----------------
---------------- ---------------- ---------------- ---------------- -----------
----- ----------------
   13     8 212/0/1                      Free             Free             Free
Free             Free             Free             Free             Free 224/0/1

在本例中, TCP标志在寄存器224被编程(这对应于第一个可用的登记TCP标志)。此的聚集计数对应于数量TCP流(读的ACE)用同一TCP标志。

添加另一个ACE到当前ACL a13。这应该有一不同的TCP标志:

Sup2T(config)#ip access-list extended a13
Sup2T(config-ext-nacl)#permit tcp host 192.168.1.1 host 192.168.1.2 ack
Sup2T(config-ext-nacl)#exit

如果再查看capmap表,您看到使用另一个TCP寄存器:

Sup2T#show platform software acl capmap tcam b label 13
Shadow Capmap Table Entry For TCAM B

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]              [1]
[0]       
----- ----- ---------------- ---------------- ---------------- ----------------
---------------- ---------------- ---------------- ---------------- -----------
----- ----------------
   13     7 212/0/1                      Free             Free             Free
Free             Free             Free             Free 225/0/1          224/0/1 

至于您能看到,编程每标志执行;对于每标志,使用一个独立TCP寄存器,并且您维护计数那。这意味着,对于每标志,您也使用一个capmap条目。此更加进一步暗示您不可以实际上技术上超出在您的ACL的九标志范围或您将达到capmap限制,在16标志TCP限制前。 

按比例提高您的TCP标志,以便您达到TCP寄存器限制为了发现发生了什么。此示例显示配置并且应用对不同的接口VLAN为了到达100% TCP寄存器利用率如显示此处的几个ACL :

Sup2T#show platform hardware capacity acl
Classification Mgr Tcam Resources
  Key: Ttlent - Total TCAM entries, QoSent - QoS TCAM entries, LOU - LOUs,
       RBLent - RBACL TCAM entries, Lbl - Labels, TCP - TCP Flags,
       Dstbl  - Destinfo Table, Ethcam  - Ethertype Cam Table,
       ACTtbl - Accounting Table, V6ext - V6 Extn Hdr Table

  Module Ttlent QoSent RBLent Lbl   LOU  TCP  Dstbl Ethcam ACTtbl V6ext
  1       3%     7%     0%     1%   96%  100%   1%    0%     0%     0%
  3       3%     7%     0%     1%   96%  100%   1%    0%     0%     0%
  4       3%     7%     0%     1%   96%  100%   1%    0%     0%     0%
  6       3%     7%     0%     1%   96%  100%   2%    0%     0%     0%

在此阶段,如果决定配置另一个ACL用一唯一TCP标志(或独创) TCP标志的组合和应用此到接口,然后您必须编程一新的TCP标志(或标志的组合)到TCP寄存器。然而,没有可用的硬件寄存器。在这种情况下,您桥接整个接口。

Sup2T(config)#ip access-list extended a29
Sup2T(config-ext-nacl)#permit tcp host 192.168.1.1 host 192.168.1.2 psh rst

Sup2T(config-if)#int vlan 29
Sup2T(config-if)#ip access-group a29 in

 *Oct  6 13:57:47.612: %FMCORE-4-RACL_REDUCED: Interface Vlan29 routed traffic
will be software switched in ingress direction. L2 features may not be applied
at the interface


Sup2T#show platform hardware acl entry interface vlan 29 security in ip
mls_if_index:2000001D dir:0 feature:0 proto:0


pass#0 features


fno:0

tcam:B, bank:1, prot:0    Aces


Bridge                ip any any  

案例研究#2 - 100% LOU寄存器使用情况

切记LOUs是一种有限的资源-您能用尽那些的空间。您能监控LOU使用方法用此命令:

Sup2T#show platform hardware capacity acl 
Classification Mgr Tcam Resources
  Key: Ttlent - Total TCAM entries, QoSent - QoS TCAM entries, LOU - LOUs,
       RBLent - RBACL TCAM entries, Lbl - Labels, TCP - TCP Flags,
       Dstbl  - Destinfo Table, Ethcam  - Ethertype Cam Table,
       ACTtbl - Accounting Table, V6ext - V6 Extn Hdr Table

  Module Ttlent QoSent RBLent Lbl   LOU  TCP  Dstbl Ethcam ACTtbl V6ext
  1       2%     7%     0%     1%    1%   0%   1%    0%     0%     0%
  3       2%     7%     0%     1%    1%   0%   1%    0%     0%     0%
  4       2%     7%     0%     1%    1%   0%   1%    0%     0%     0%
  6       2%     7%     0%     1%    1%   0%   2%    0%     0%     0%

扩展ACL为了使用更多LOUs。在采取两LOU寄存器, A和B)几个ACL的安装以后(用range命令,此示例显示96% LOU使用方法:

Sup2T#show platform hardware capacity acl
Classification Mgr Tcam Resources
  Key: Ttlent - Total TCAM entries, QoSent - QoS TCAM entries, LOU - LOUs,
       RBLent - RBACL TCAM entries, Lbl - Labels, TCP - TCP Flags,
       Dstbl  - Destinfo Table, Ethcam  - Ethertype Cam Table,
       ACTtbl - Accounting Table, V6ext - V6 Extn Hdr Table

  Module Ttlent QoSent RBLent Lbl   LOU  TCP  Dstbl Ethcam ACTtbl V6ext
  1       3%     7%     0%     1%   96%   0%   1%    0%     0%     0%
  3       3%     7%     0%     1%   96%   0%   1%    0%     0%     0%
  4       3%     7%     0%     1%   96%   0%   1%    0%     0%     0%
  6       3%     7%     0%     1%   96%   0%   2%    0%     0%     0%

创建另一个ACL并且应用那对将造成LOU使用方法超出100%范围的接口。

Sup2T(config)#ip access-list extended a12
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1401 1410      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1411 1420      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1421 1430      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1431 1440      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1441 1450      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1451 1460      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1461 1470      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1471 1480      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1481 1490      
Sup2T(config-ext-nacl)#$68.14.1 host 192.168.14.2 range 1491 1500

Sup2T(config-ext-nacl)#exit
Sup2T(config)#int vlan 12
Sup2T(config-if)#ip access-group a12 in

示例到达了100% LOU使用方法;然而,请注意错误消息未接收。

Sup2T#show platform hardware capacity acl
Classification Mgr Tcam Resources
  Key: Ttlent - Total TCAM entries, QoSent - QoS TCAM entries, LOU - LOUs,
       RBLent - RBACL TCAM entries, Lbl - Labels, TCP - TCP Flags,
       Dstbl  - Destinfo Table, Ethcam  - Ethertype Cam Table,
       ACTtbl - Accounting Table, V6ext - V6 Extn Hdr Table

  Module Ttlent QoSent RBLent Lbl   LOU  TCP  Dstbl Ethcam ACTtbl V6ext
  1       3%     7%     0%     1%   100%   0%   1%    0%     0%     0%
  3       3%     7%     0%     1%   100%   0%   1%    0%     0%     0%
  4       3%     7%     0%     1%   100%   0%   1%    0%     0%     0%
  6       3%     7%     0%     1%   100%   0%   2%    0%     0%     0%

这是另一测验。即然LOU在100%,请采取一非常简单L4Op并且设法为接口安装那。配置此ACL :

Sup2T#show ip access-lists a13
Extended IP access list a13
    10 permit tcp host 192.168.14.1 host 192.168.14.2 range 1600 1650

应用入站的此建立接口VLAN 13。

Sup2T#show run int vlan 13
Building configuration...

Current configuration : 87 bytes
!
interface Vlan13
 ip address 192.168.13.1 255.255.255.0
 ip access-group a13 in
end

当前查看TCAM为此VLAN :

Sup2T#show platform hardware acl entry interface vlan 13 sec in ip
mls_if_index:2000000D dir:0 feature:0 proto:0


pass#0 features


fno:0

tcam:B, bank:0, prot:0    Aces


Permit                tcp host 192.168.14.1 host 192.168.14.2 eq 1650  
Permit                tcp host 192.168.14.1 host 192.168.14.2 range 1648 1649  
Permit                tcp host 192.168.14.1 host 192.168.14.2 range 1632 1647  
Permit                tcp host 192.168.14.1 host 192.168.14.2 range 1600 1631  
Permit                tcp host 192.168.14.1 host 192.168.14.2  fragments
L3_Deny               ip any any  

L4Ops展开。如果查看capmap表为此TCAM标签,您看到什么都没有安装。

Sup2T#show platform hardware acl entry interface vlan 13 sec in ip detail
mls_if_index:2000000D dir:0 feature:0 proto:0


pass#0 features
UAPRSF: U-urg, A-ack, P-psh, R-rst, S-syn, F-fin
MLGFI: M-mpls_plus_ip_pkt, L-L4_hdr_vld, G-gpid_present,F-global_fmt_match, I-ife/ofe
's' means set; 'u' means unset; '-' means don't care
---------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------
---------
I     INDEX  LABEL FS ACOS    AS           IP_SA        SRC_PORT
IP_DA        DST_PORT F FF L4PROT TCP-F:UAPRSF MLGFI OtherL4OPs
RSLT                  CNT
----------------------------------------------------------------
----------------------------------------------------------------
----------------------------------------------------------------
------


fno:0

tcam:B, bank:0, prot:0    Aces

I  V  16136     14  0    0     0    192.168.14.1               -    192.168.14.2
1650 0  0      1      -       -----          -                    0x0000000000000038
0
I  M  16136 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
0xFFFF 0  0    0xF
I  V  16137     14  0    0     0    192.168.14.1               -    192.168.14.2
1648 0  0      1      -       -----          -                    0x0000000000000038
0
I  M  16137 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
0xFFFE 0  0    0xF
I  V  16138     14  0    0     0    192.168.14.1               -    192.168.14.2
1632 0  0      1      -       -----          -                    0x0000000000000038
0
I  M  16138 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
0xFFF0 0  0    0xF
I  V  16139     14  0    0     0    192.168.14.1               -    192.168.14.2
1600 0  0      1      -       -----          -                    0x0000000000000038
0
I  M  16139 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
0xF
I  V  16140     14  0    0     0    192.168.14.1               -    192.168.14.2
- 1  0      1      -       -----          -                    0x0000000000000038
0


Sup2T#show platform software acl capmap tcam B label 14
Shadow Capmap Table Entry For TCAM B

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]              [1]
[0]       
----- ----- ---------------- ---------------- ---------------- ----------------
---------------- ---------------- ---------------- ---------------- -----------
----- ----------------
   14     9 212/0/1                      Free             Free             Free
Free             Free             Free             Free             Free
Free

这是发生什么的说明。由于LOU寄存器全双工,您能不再安装其中任一新建的L4Ops那里,并且什么都在capmap表里不可以被参考。在此阶段,您仍然尝试通过展开他们安装在TCAM的L4Ops。如果L4Ops是非可扩展的,然后您软件交换机在给的方向的整个接口。

100% LOU寄存器使用情况暗示什么?您的TCAM开始迅速填装(由于L4Op扩展)。如果尝试安装非可扩展的L4Ops,然后与当前实施,您的整个接口获得软件桥接。

按照现在情况,当您尝试安装一非可扩展的L4Op在这种情况下时,当前,错误只生成。应用建立接口VLAN 13增加一非可扩展的L4Op的此示例修改了当前ACL a13。

Sup2T(config)#ip access-list extended a13
Sup2T(config-ext-nacl)#permit tcp host 192.168.14.1 host 192.168.14.2 dscp 40

Oct  5 04:50:13.104: %FMCORE-4-RACL_REDUCED: Interface Vlan13 routed traffic will
be software switched in ingress direction. L2 features may not be applied at the
interface

Oct  5 04:50:13.096: %EARL_CM-DFC3-5-NOLOU: No free LOU entry available on the EARL
Oct  5 04:50:13.096: %EARL_CM-DFC1-5-NOLOU: No free LOU entry available on the EARL
Oct  5 04:50:13.096: %EARL_CM-DFC4-5-NOLOU: No free LOU entry available on the EARL

Sup2T#show platform hardware acl entry interface vlan 13 security in ip         
mls_if_index:2000000D dir:0 feature:0 proto:0


pass#0 features


fno:0

tcam:B, bank:0, prot:0    Aces


Bridge                ip any any

案例研究#3 -编程与L4Ops的QoS

QoS策略也许也参考L4Ops;必须安装这些L4Ops类似所有其他L4Op。这暗示每个接口,为您的QoS策略,您由capmap表和LOUs固有地有的限制限制。这是小规模地说明此的示例:

Sup2T#show ip access-lists a1
Extended IP access list a1
    10 permit tcp host 192.168.1.10 host 192.168.2.10 dscp ef

Sup2T#show class-map a1-class
 Class Map match-all a1-class (id 37)
   Match access-group name a1

Sup2T#show policy-map a1-policy
  Policy Map a1-policy
    Class a1-class
     police cir 80000 bc 2500
       conform-action transmit
       exceed-action drop

此示例有匹配呼叫access-list a1匹配从192.168.1.10的流量到192.168.2.10用紧急转发(EF)标记的类映射的一策略映射。匹配在DSCP值是一非可扩展的L4Op;这要求被编程到LOU寄存器和通过条目被参考在capmap表里。此策略映射当前安装的入站对gig3/23。

Sup2T#show run int gig3/23
Building configuration...

Current configuration : 176 bytes
!
interface GigabitEthernet3/23
 switchport
 switchport trunk allowed vlan 1-30
 switchport mode trunk
 service-policy input a1-policy
end

为了查看编程的QoS为接口,请使用此命令:

Sup2T#show platform hardware acl entry interface gig3/23 qos in ip module 3
mls_if_index:8096000 dir:0 feature:1 proto:0


pass#0 features


fno:0

tcam:A, bank:0, prot:0    Aces


0x0000E0100000D00B    tcp host 192.168.1.10 host 192.168.2.10 dscp eq 46  
0x000000000080D00B    ip any any 

选派此命令给您什么TCAM标签使用在此接口。

Sup2T#show platform hardware acl entry interface gig3/23 qos in ip detail module 3
mls_if_index:8096000 dir:0 feature:1 proto:0


pass#0 features
UAPRSF: U-urg, A-ack, P-psh, R-rst, S-syn, F-fin
MLGFI: M-mpls_plus_ip_pkt, L-L4_hdr_vld, G-gpid_present,F-global_fmt_match, I-ife/ofe
's' means set; 'u' means unset; '-' means don't care
-----------------------------------------------------------------------
-----------------------------------------------------------------------
--------------------------------------------------------
I     INDEX  LABEL FS ACOS    AS           IP_SA        SRC_PORT
IP_DA        DST_PORT F FF L4PROT TCP-F:UAPRSF MLGFI OtherL4OPs
RSLT                  CNT
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
------------------------------


fno:0

tcam:A, bank:0, prot:0    Aces
          
I  V  16238      2  0    0     0    192.168.1.10               -    192.168.2.10
- 0  0      1      -       ----- dscp=46;                      0x0000E0100000D00B
0
I  M  16238 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
- 0  0    0xF
I  V  16239      2  0    0     0         0.0.0.0               -         0.0.0.0
- 0  0      0      -       -----          -                    0x000000000080D00B
0
I  M  16239 0x1FFF  0 0x00 0x000         0.0.0.0               -         0.0.0.0
- 0  0    0x0

使用的TCAM标签当前是2.查看在此的capmap表:

Sup2T#show platform software acl capmap tcam A label 2 module 3
Shadow Capmap Table Entry For TCAM A

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]              [1]
[0]       
----- ----- ---------------- ---------------- ---------------- ----------------
---------------- ---------------- ---------------- ---------------- -----------
----- ----------------
    2     8 212/0/1                      Free             Free             Free
Free             Free             Free             Free             Free   2/1/1  

注意:对于QoS TCAM,您必须指定模块号。没有此,输出不产生任何结果。

Sup2T#show platform software acl capmap mapping 
        L4op_sel value      Reference   
        ==============      =========
        0      ------         LOU0 B register
        1     ------         LOU0 A register
        2     ------         LOU1 B register
        3     ------         LOU1 A register

*snip*

LOU值对LOU1的2点,寄存器B。您能确认编程用此命令的此:

Sup2T#show platform hardware acl lou 
Dumping h/w lou values

Index  lou_mux_sel  A_Opcode  A_Value  B_Opcode  B_Value
-----  -----------  --------  -------  --------  -------
    0            7       NEQ        0       NEQ        0
    1            4       NEQ        0       NEQ       46
    2            1       NEQ        0       NEQ        0
*snip*

按比例提高配置。

Sup2T#show ip access-lists a1
Extended IP access list a1
    10 permit tcp host 192.168.1.10 host 192.168.2.10 dscp ef
    20 permit tcp host 192.168.2.11 host 192.168.2.11 dscp ef
    30 permit tcp host 192.168.3.11 host 192.168.3.11 dscp ef
    40 permit tcp host 192.168.4.11 host 192.168.4.11 dscp ef
    50 permit tcp host 192.168.5.11 host 192.168.5.11 dscp ef
    60 permit tcp host 192.168.6.11 host 192.168.6.11 dscp ef
    70 permit tcp host 192.168.7.11 host 192.168.7.11 dscp ef
    80 permit tcp host 192.168.8.11 host 192.168.8.11 dscp ef


Sup2T#show platform software acl capmap tcam A label 2 module 3
Shadow Capmap Table Entry For TCAM A

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]              [1]
[0]       
----- ----- ---------------- ---------------- ----------------
---------------- ---------------- ---------------- ----------
------ ---------------- ---------------- ----------------
    2     8 212/0/1                      Free             Free             Free
Free             Free             Free             Free             Free   2/1/8

这不使用条目;反而,它增加聚集参考计数首先进入,有意义。从capmap表和LOU寄存器方面,没有关于来源和目的地的不安。这存储L4Op信息。因为它配比在所有ACE的同一个DSCP值,您只需要该DSCP值的一个条目。

修改此,以便您使用九个不同的DSCP值。

Sup2T#show ip access-lists a1
Extended IP access list a1
    10 permit tcp host 192.168.1.10 host 192.168.2.10 dscp af11
    20 permit tcp host 192.168.2.11 host 192.168.2.11 dscp af12
    30 permit tcp host 192.168.3.11 host 192.168.3.11 dscp af13
    40 permit tcp host 192.168.4.11 host 192.168.4.11 dscp af21
    50 permit tcp host 192.168.5.11 host 192.168.5.11 dscp af22
    60 permit tcp host 192.168.6.11 host 192.168.6.11 dscp af23
    70 permit tcp host 192.168.7.11 host 192.168.7.11 dscp af31
    80 permit tcp host 192.168.8.11 host 192.168.8.11 dscp af32
    90 permit tcp host 192.168.9.11 host 192.168.9.11 dscp af33

现在,如果查看capmap表,您看到全双工:

Sup2T#show platform software acl capmap tcam A label 2 module 3
Shadow Capmap Table Entry For TCAM A

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]
[1]              [0]       
----- ----- ---------------- ---------------- ---------------- -----------
----- ---------------- ---------------- ---------------- ----------------
---------------- ----------------
    2     0 212/0/1           10/1/1            9/1/1            8/1/1
7/1/1            6/1/1            5/1/1            4/1/1            3/1/1
2/1/1         

这是发生了什么,如果尝试并且安装另一个非可扩展的L4Op-based条目:

Sup2T(config-ext-nacl)#permit tcp host 192.168.10.11 host 192.168.10.11 dscp 2
Sup2T(config-ext-nacl)#end


%QM-4-TCAM_ENTRY: Hardware TCAM entry programming failed for slot 3 intf Gi3/23
dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
%QM-4-TCAM_ENTRY: Hardware TCAM entry programming failed for slot 3 intf Gi3/23
dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
%QM-4-TCAM_ENTRY: Hardware TCAM entry programming failed for slot 3 intf Gi3/23
dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
%QM-4-TCAM_ENTRY: Hardware TCAM entry programming failed for slot 3 intf Gi3/23
dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
%QM-4-TCAM_ENTRY: Hardware TCAM entry programming failed for slot 3 intf Gi3/23
dir IN: <CONFIG_UPDATE_REQ> TCAM Req Error: FAIL (4): Low TCAM Entries (1)
%FMCORE-6-RACL_ENABLED: Interface GigabitEthernet3/23 routed traffic is hardware
switched in ingress direction
Oct 20 17:12:54.304: %EARL_CM-DFC3-5-NOCAPMAP: No free capmap entry available

当前查看TCAM为此接口:

Sup2T#show platform hardware acl entry interface gig3/23 qos in ip module 3

mls_if_index:8096000 dir:0 feature:1 proto:0

 Couldnt find feature for mls_if_index 0x8096000, dir 0

QoS功能都在此接口的TCAM不再安装。

注意标记不消耗任何L4Ops。因此,如果不让L4Ops和您设置在匹配的一个DSCP值的有简单ACL, LOU寄存器没有使用此。示例如下:

Sup2T#show policy-map a1-policy
  Policy Map a1-policy
    Class a1-class
      set dscp ef

Sup2T#show class-map a1-class
 Class Map match-all a1-class (id 37)
   Match access-group name a1

Sup2T#show ip access-lists a1
Extended IP access list a1
    10 permit tcp host 192.168.1.1 host 192.168.2.1

这应用建立接口gig3/23 :

Sup2T#show run interface gig3/23
Building configuration...

Current configuration : 176 bytes
!
interface GigabitEthernet3/23
 switchport
 switchport trunk allowed vlan 1-30
 switchport mode trunk
 service-policy input a1-policy
end


Sup2T#show platform hardware acl entry interface gig3/23 qos in ip  detail module 3

mls_if_index:8096000 dir:0 feature:1 proto:0


pass#0 features
UAPRSF: U-urg, A-ack, P-psh, R-rst, S-syn, F-fin
MLGFI: M-mpls_plus_ip_pkt, L-L4_hdr_vld, G-gpid_present,F-global_fmt_match, I-ife/ofe
's' means set; 'u' means unset; '-' means don't care
----------------------------------------------------------------
----------------------------------------------------------------
---------------------------------------------------------------
-------
I     INDEX  LABEL FS ACOS    AS           IP_SA        SRC_PORT
IP_DA        DST_PORT F FF L4PROT TCP-F:UAPRSF MLGFI OtherL4OPs
RSLT                  CNT
---------------------------------------------------------------
---------------------------------------------------------------
---------------------------------------------------------------
---------


fno:0

tcam:A, bank:0, prot:0    Aces
          
I  V  16238      3  0    0     0     192.168.1.1               -     192.168.2.1
- 0  0      1      -       -----          -                    0x0000E010005D100B
0
I  M  16238 0x1FFF  0 0x00 0x000 255.255.255.255               - 255.255.255.255
- 0  0    0xF
I  V  16239      3  0    0     0         0.0.0.0               -         0.0.0.0
- 0  0      0      -       -----          -                    0x000000000080D00B
0
I  M  16239 0x1FFF  0 0x00 0x000         0.0.0.0               -         0.0.0.0
- 0  0    0x0

Sup2T#show platform software acl capmap tcam A label 3 module 3
Shadow Capmap Table Entry For TCAM A

-----------------------------------------------------------------------
Output in a RST/INV/CNT format: RST - result value; INV - inverted;
                                CNT - aggregated reference account;

CBF - number of free cap bits (one per entry);
Free items are not shown
-----------------------------------------------------------------------

Index   CBF       [9]              [8]              [7]              [6]
[5]              [4]              [3]              [2]              [1]
[0]       
----- ----- ---------------- ---------------- ---------------- ----------------
---------------- ---------------- ---------------- ---------------- -----------
----- ----------------
    3     9 212/0/1                      Free             Free             Free
Free             Free             Free             Free             Free
Free


Document ID: 118649