Configuring SDM Templates

Restrictions for Switch Device Manager Template

  • The Customizable SDM Template feature isn’t supported on the C9500-12Q, C9500-16X, C9500-24Q, C9500-40X models of the Cisco Catalyst 9500 Series Switches.

  • If the device is operating with NAT template, Switch Device Manager (SDM) templates can’t be customized.

  • In a customizable SDM template the combined limit for multicast entries for layer 2 and layer 3 is 48K (K = 1024 entries).

  • It's mandatory to assign a priority value to each of the features when customizing an SDM template. The priority value decides the resource allocation for the features, when the total number of all the resources specified in the customizable SDM template exceeds the total number of system resources assigned to a customizable SDM Template.

  • The priority value of each feature should be unique. You can’t assign the same priority value to different features.

  • In case of RMA or Supervisor replacement, restoring the backup configuration doesn’t restore the customized template. You’ll have to reconfigure the customized template.

  • You can enable the 4K VLAN feature only through a Customizable SDM Template for 4K VLAN. Support for this feature was introduced only on the C9500-32C, C9500-32QC, C9500-48Y4C, and C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches.

  • A Customizable SDM Template for 4K VLAN supports only the 4K VLAN feature. You cannot customize any other FIB or ACL related features in the custom VLAN template.

  • In a Customizable SDM Template for 4K VLAN, you can only increase the scale of VLAN from 1K to 4K. You cannot have custom VLAN values between 1K and 4K. Scales of other features that are limited due to limitations of the 1K VLAN table will remain the same.

Information About SDM Templates

You can use SDM templates to configure system resources to optimize support for specific features, depending on how your device is used in the network. You can select a standard template to provide maximum system usage for some functions.

Cisco Catalyst 9500 Series Switches support the following standard templates:

  • Core

  • NAT

  • Distribution

It is recommended that you reload the system as soon as you make a change to the SDM template. After you change the template and the system reloads, you can use the show sdm prefer privileged EXEC command to verify the new template configuration. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.


Note


The default standard SDM template is the Core template.



Note


The NAT template cannot be used to create a customizable SDM template.


Customizable SDM Template

Overview of Customizable SDM Template

Switch Device Manager (SDM) templates can be used to configure system resources and optimize support for specific features. However standard SDM templates are defined based on how the device is deployed in the network.

A custom SDM template will allow you to configure the features of the template based on your requirements and not the location of the device in the network. Starting with the Cisco IOS XE Amsterdam 17.3.1 release, you can configure a custom SDM template for Forwarding Information Base (FIB) using the sdm prefer custom fib command.

Starting with the Cisco IOS XE Bengaluru 17.4.1 release, you can configure a custom SDM template for Access Control List (ACL) features using the sdm prefer custom acl command.

Starting with the Cisco IOS XE Bengaluru 17.5.1 release, you can configure a custom SDM template for 4k VLAN using the sdm prefer custom vlan command.

A Customizable SDM template supports the following FIB features:

  • Unicast MAC addresses

  • Layer 3 Unicast forwarding

  • Layer 2 Multicast forwarding

  • Layer 3 Multicast forwarding

  • Ingress Netflow

  • Egress Netflow

  • SGT/DGT Index / MPLS VPN Label

A Customizable SDM template supports the following ACL features:

  • Ingress Access Control List (ACL)

  • Egress ACL

  • Ingress Quality of Service (QoS)

  • Egress QoS

  • Netflow ACL

  • Policy Based Routing (PBR)/ Network Address Translation (NAT)

  • Locator/ID Separation Protocol (LISP)

  • Tunnels

A Customizable SDM template for 4k VLAN supports only the 4K VLAN feature. You can increase the scale of VLAN from 1k to 4k.

A Customizable SDM template for 4k VLAN increases the number of supported Switch Virtual Interfaces (SVI) to 4000.

The following table shows the minimum and maximum scale values that can be configured for each of the FIB features, the step units and the default values that will be applied when no custom values are chosen for a feature.

Table 1. Scale values and Default values for FIB features

Feature name

Scale Values (Min-Max)

Step Units

Default Values

MAC addresses

32768 - 131072

16384

32768

Unicast routes

65536 - 262144

16384

65536

Layer 2 Multicast

0, 16384 - 32768

16384

16384

Layer 3 Multicast

0, 16384 - 32768

16384

16384

SG Hash/MPLS

0, 32768 - 65536

32768

32768

Ingress Netflow

0, 32768 - 65536

32768

32768

Egress NetFlow

0, 32768 - 65536

32768

0

The following table shows the minimum and maximum scale values that can be configured for each of the ACL features, the step units and the default values that will be applied when no custom values are chosen for a feature.

Table 2. Scale values and Default values for ACL features

Feature name

Scale Values (Min-Max)

Step Units

Default Values

Ingress ACL

4096 - 26624, 27648

2048

4096

Egress ACL

4096 - 26624, 27648

2048

4096

Ingress QoS

1024, 2048 - 16384

2048

1024

Egress QoS

1024, 2048 - 16384

2048

1024

Netflow ACL

1024 - 2048

1024

1024

PBR/ NAT

1024, 2048 - 16384

2048

1024

LISP

1024 - 2048

1024

1024

Tunnels

1024 - 3072

1024

1024

You can determine which features are allocated the resources first by assigning them a priority using the priority keyword.The lower the priority-value assigned to a feature the higher its priority in resource allocation. The total value that is assigned to all the features can exceed the maximum supported resource value of 416K for FIB features or 52 K for ACL features, where K is equal to 1024 entries. The resource allocation algorithm will use the priority-values to determine the number of resources assigned to each feature.

Once you have configured a customized template the device will have to be reloaded for the template to take effect.


Note


  • NetFlow FIB entries consume twice as many hardware entries as configured, and SG Hash FIB entries consume half as many hardware entries as configured when NetFlow allocation is less than the allowed maximum value of 128K.

  • For features where the scale value can be set to zero, you need to specify the scale value as zero. If not, the default value will be assigned as the scale value.


System resource allocation for Customizable SDM Template

The total number of system resources assigned to a Customizable SDM Template is 416K for FIB features and 52K for ACL features. If the total number of all the resources specified exceeds 416K for FIB features or 52K for ACL features, the system starts to lower the number of allotted resources starting with the feature assigned the highest number. A higher priority value or number assigned to a feature indicates a lower priority.

When the total number of resources assigned in the Customizable SDM Template is less than 416K for FIB features or less than 52K for ACL features:

  • All the features specified in the template are allotted resources as customized in the template. Any features not specified in the template are allotted the default number of resources.

  • If the total number of resources assigned to the FIB features multicast layer 2 and layer 3 exceeds 48K, then the scale of the multicast feature assigned the lower priority is reduced until the total number of resources assigned is equal to 48K.

  • Resources that aren't allotted won’t be distributed.

When the total number of resources assigned in the Customizable SDM Template is more than 416K for FIB features and more than 52K for ACL features:

  • All the features for which a custom scale isn’t specified are allotted the default values.

  • If the total number of resources assigned to FIB features multicast layer 2 and layer 3 exceeds 48K, then the scale of the multicast feature that is assigned the lower priority is reduced until the total number of resources assigned is less than or equal to 48K.

  • The number of resources allotted to the feature with the highest priority value are decreased by the step value.

  • If the total number of resources still exceeds 416K for FIB features or 52K for ACL features, the resources allotted to the next feature with the highest priority value are decreased by the step value.

  • While lowering the resources allotted to a feature, the scale is lowered only until the default value for that feature. If further adjustment is required, the resources allotted to the next feature on the priority list are reduced.


Note


The custom value entered by you for any feature is rounded up to the next step value. For example, if you enter a value of 40K for SGT it’s rounded up to 64K.


Customizable SDM Template and High Availability

On a device which supports High Availability, when a Customizable SDM Template is configured on the active Supervisor it also takes effect on the standby Supervisor.

If the standby Supervisor is configured with a different custom template than the active Supervisor, the Customizable SDM Template of the active Supervisor is configured on the standby Supervisor during initialization.

Customizable SDM Template and StackWise Virtual

On a device which supports StackWise Virtual, when an SDM Template is configured on the active Supervisor it also takes effect on the standby chassis.

If the standby chassis is configured with a different custom template than the active Supervisor, the SDM Template of the active Supervisor is configured on the standby chassis during initialization. The standby chassis undergoes an extra reload for the template to take effect.

Customizable SDM Template and ISSU

When a device undergoes an In-Service Software Upgrade (ISSU) to a higher release and there’s a change in the resource allocation algorithm, this upgrade can result in a different scale for the same user input. The change in scale is detected and notified via a syslog message. The system continues to operate with the earlier scale.

You can view the change in scale by using the show sdm prefer custom scale-change command. You can apply this change in scale by using the sdm prefer custom commit command. The device has to be reloaded for the change to take effect.

When a device with a customizable SDM template for FIB features undergoes a downgrade to a release earlier than the Cisco IOS XE Amsterdam 17.3.1 release, you need to change the SDM template to a static SDM template before the downgrade. You can change the template using the sdm prefer template name command. Reload the system for the change to take effect before proceeding with the downgrade.

When a device with a customizable SDM template for ACL features undergoes a downgrade to a release earlier than the Cisco IOS XE Bengaluru 17.4.1 release, you need to change the SDM template to a static SDM template before the downgrade.

When a device has customizable SDM templates for both FIB and ACL features customized in the Cisco IOS XE Bengaluru 17.4.1 release and it downgrades to the Cisco IOS XE Amsterdam 17.3.1 release, the device will be restored with the customizations for the FIB features. The scale numbers for the ACL features will be alloted based on the scale values of the standard SDM template. The information about the customization of the ACL features will be preserved. The device will be restored with the customizations for the ACL features when it upgrades to the Cisco IOS XE Bengaluru 17.4.1 release.

How to Configure SDM Templates

Setting the SDM Template

Follow these steps to use the SDM template to maximize feature usage:

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

sdm prefer { core | nat | distribution | custom }

Example:


Device(config)# sdm prefer distribution

Specifies the SDM template to be used on the switch. The keywords have these meanings:

  • core —Sets the Core template.

  • nat —Maximizes the NAT configuration on the switch.

  • distribution —Sets the Distribution template.

  • custom —Sets the Custom template for FIB, ACL features or for VLAN.The custom templates allow you to configure the values of certain FIB features, ACL features or the VLAN feature.

Note

 

The no sdm prefer command and a default template is not supported.

Step 4

end

Example:


Device(config)# end

Returns to privileged EXEC mode.

Step 5

reload

Example:


Device# reload 

Reloads the operating system.

After the system reboots, you can use the show sdm prefer privileged EXEC command to verify the new template configuration. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.

Configuring a Customizable SDM Template for FIB Features

To create a customizable SDM Template for FIB features, perform this procedure:

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

sdm prefer custom fib

Example:

Device(config)#sdm prefer custom fib

Creates a customizable SDM template for FIB features. Enters a sub-mode for customizing features.

Step 4

mac-address number-of-entries priority priority-value

Example:

Device(config-sdm-fib)#mac-address 128 priority 1

Specifies the number of entries allotted for MAC addresses. The value ranges from 32K to 128K. The value is rounded up to the next 16K unit. The priority values range 1–7.

Step 5

ipv4_and_ipv6 unicast number-of-entries priority priority-value

Example:

Device(config-sdm-fib)#ipv4_and_ipv6 unicast 256 priority 2

Specifies the number of entries allotted for IPv4 and IPv6 Unicast. The value ranges from 64K to 256K.The priority values range 1–7.

Step 6

ipv4_and_ipv6 multicast l3 number-of-entries priority priority-value

Example:

Device(config-sdm-fib)#ipv4_and_ipv6 multicast l3 32 priority 3

Specifies the number of entries allotted for layer 3 IPv4 and IPv6 Multicast. The value ranges from 16 to 32, 0 (zero) can also be entered as the value. The priority values range 1–7.

Step 7

ipv4_and_ipv6 multicast l2 number-of-entries priority priority-value

Example:

Device(config-sdm-fib)#ipv4_and_ipv6 multicast l2 32 priority 4

Specifies the number of entries allotted for layer 2 IPv4 and IPv6 Multicast. The value ranges from 16 to 32, 0 (zero) can also be entered as the value.The priority values range 1–7.

Step 8

netflow_out number-of-entries priority priority-value

Example:

Device(config-sdm-fib)#netflow_out 64 priority 5

Specifies the number of entries allotted for Netflow egress. The value ranges from 32K to 64K, 0 (zero) can also be entered as the value.The priority values range 1–7.

Step 9

netflow-in number-of-entries priority priority-value

Example:

Device(config-sdm-fib)# netflow_in 64 priority 6

Specifies the number of entries allotted for Netflow ingress. The value ranges from 32K to 64K, 0 (zero) can also be entered as the value.The priority values range 1–7.

Step 10

sgt_or_mpls_vpn number-of-entries priority priority-value

Example:

Device(config-sdm-fib)# sgt_or_mpls_vpn 64 priority 7

Specifies the number of entries allotted for SGT or MPLS VPN. The value ranges from 32K to 64K, 0 (zero) can also be entered as the value.The priority values range 1–7.

Step 11

end

Example:


Device(config-sdm-fib)# end

Returns to privileged EXEC mode.

Step 12

show sdm prefer custom

Example:


Device# show sdm prefer custom

Displays the custom values that will be applied to the features in the customizable SDM template.

Step 13

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 14

sdm prefer custom commit

Example:


Device(config)# sdm prefer custom commit

Changes the running SDM preferences to the values in the customized template. The new template takes effect on the next reload.

Step 15

end

Example:


Device(config)# end

Returns to privileged EXEC mode.

Step 16

reload

Example:

Device# reload

Reloads the device and applies the customized SDM template.

What to do next

Once you view the custom values that will be applied to the features in the customizable SDM template using the show sdm prefer custom command, if required you can make changes to the values. To clear all the custom values that you have assigned to the features in the customized SDM template use the sdm prefer custom fib clear command.

If you want to change the custom value assigned to a feature without changing its priority value, you can simply overwrite the custom value assigned to the feature. For example, if you have assigned mac-address 128 priority 1 you can overwrite this to mac-address 32 priority 1. If you want to change the priority value assigned to a feature, and if that priority value is already assigned to another feature you’ll have to clear the custom value assigned to the other feature by using the no form of the command for that feature. You can then assign the priority value to the first feature. You’ll have to reconfigure the other feature for it to have a non-default value.

The current customization context is valid only until sdm prefer custom commit command is issued. If you want to change any value after the commit CLI is issued, it will be considered as a new customization context. You will need to re-enter all the required feature values.

Configuring a Customizable SDM Template for ACL Features

To create a customizable SDM Template for ACL features, perform this procedure:

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

sdm prefer custom acl

Example:

Device(config)#sdm prefer custom acl

Creates a customizable SDM template for ACL features. Enters a sub-mode for customizing features.

Step 4

acl-ingress number-of-entries priority priority-value

Example:

Device(config-sdm-acl)#acl-ingress 26 priority 1

Specifies the number of entries allotted for Ingress ACL. The value ranges from 4K to 27K. The value is rounded up to the next 2K unit. The priority values range 1–8.

Step 5

acl-egress number-of-entries priority priority-value

Example:

Device(config-sdm-acl)#acl-engress 20 priority 2

Specifies the number of entries allotted for Engress ACL. The value ranges from 4K to 27K. The value is rounded up to the next 2K unit. The priority values range 1–8.

Step 6

qos-ingress number-of-entries priority priority-value

Example:

Device(config-sdm-acl)#qos-ingress 2 priority 3

Specifies the number of entries allotted for Ingress QoS. The value ranges from 2K to 16K. The value is rounded up to the next 2K unit. The priority values range 1–8.

Step 7

qos-egress number-of-entries priority priority-value

Example:

Device(config-sdm-acl)#qos-egress 2 priority 4

Specifies the number of entries allotted for Egress QoS. The value ranges from 2K to 16K. The value is rounded up to the next 2K unit. The priority values range 1–8.

Step 8

nfl number-of-entries priority priority-value

Example:

Device(config-sdm-acl)#nfl 2 priority 5

Specifies the number of entries allotted for Netflow ACL. The value ranges from 1K to 2K. The priority values range 1–8. The entries alloted for Netflow ACL are divided equally between ingress and egress entries.

Step 9

pbr number-of-entries priority priority-value

Example:

Device(config-sdm-acl)#pbr 2 priority 6

Specifies the number of entries allotted for PBR/NAT. The value ranges from 2K to 16K. The value is rounded up to the next 2K unit. The priority values range 1–8.

Step 10

lisp number-of-entries priority priority-value

Example:

Device(config-sdm-acl)#lisp 2 priority 7

Specifies the number of entries allotted for LISP. The value ranges from 1K to 2K. The priority values range 1–8.

Step 11

tunnels number-of-entries priority priority-value

Example:

Device(config-sdm-acl)#tunnels 1 priority 8

Specifies the number of entries allotted for Tunnel Termination Entries. The value ranges from 1K to 3K. The specified value will be lowered by 256 entries. 1K, 2K, 3K tunnel scale will be mapped to 0.75K, 1.75K, 2.75K respectively.The priority values range 1–8.

Step 12

end

Example:

Device(config-sdm-acl)# end

Returns to privileged EXEC mode.

Step 13

show sdm prefer custom

Example:


Device# show sdm prefer custom

Displays the custom values that will be applied to the features in the customizable SDM template.

Step 14

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 15

sdm prefer custom commit

Example:


Device(config)# sdm prefer custom commit

Changes the running SDM preferences to the values in the customized template. The new template takes effect on the next reload.

Step 16

end

Example:


Device(config)# end

Returns to privileged EXEC mode.

Step 17

reload

Example:

Device# reload

Reloads the device and applies the customized SDM template.

What to do next

Once you view the custom values that will be applied to the features in the customizable SDM template using the show sdm prefer custom command, if required you can make changes to the values. To clear all the custom values that you have assigned to the features in the customized SDM template use the sdm prefer custom acl clear command.

If you want to change the custom value assigned to a feature without changing its priority value, you can simply overwrite the custom value assigned to the feature. For example, if you have assigned acl-ingress 26 priority 1 you can overwrite this to acl-ingress 24 priority 1. If you want to change the priority value assigned to a feature, and if that priority value is already assigned to another feature you’ll have to clear the custom value assigned to the other feature by using the no form of the command for that feature. You can then assign the priority value to the first feature. You’ll have to reconfigure the other feature for it to have a non-default value.

The current customization context is valid only until sdm prefer custom commit command is issued. If you want to change any value after the commit CLI is issued, it will be considered as a new customization context. You will need to re-enter all the required feature values.

Configuring a Customizable SDM Template for 4k VLAN

To create a customizable SDM Template for 4k VLAN, perform this procedure:

Procedure

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

sdm prefer custom vlan

Example:

Device(config)#sdm prefer custom vlan

Creates a customizable SDM template for 4k VLAN.

Step 4

end

Example:

Device(config-sdm-vlan)# end

Returns to privileged EXEC mode.

Step 5

show sdm prefer custom

Example:

Device# show sdm prefer custom

Displays the custom values that will be applied to the features in the customizable SDM template.

Step 6

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 7

sdm prefer custom commit

Example:

Device(config)# sdm prefer custom commit

Changes the running SDM preferences to the values in the customized template. The new template takes effect on the next reload.

Step 8

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Step 9

reload

Example:

Device# reload

Reloads the device and applies the customized SDM template.

Clearing the customized values of the SDM Template

To clear the custom values that have been assigned to the features in the customized SDM template use the sdm prefer custom fib clear command or the sdm prefer custom acl clear command.

This command will clear the customization configuration that is not committed yet.

Once you issue this command, all the custom values for the features have to be reconfigured.

Monitoring and Maintaining SDM Templates

Verifying SDM Templates

Use the following commands to monitor and maintain SDM templates.

Command Purpose

show sdm prefer

Displays the SDM template in use.


Note


The SDM templates contain only those commands that are defined as part of the templates. If a template enables another related command that is not defined in the template, then this other command will be visible when the show running config command is entered. For example, if the SDM template enables the switchport voice vlan command, then the spanning-tree portfast edge command may also be enabled (although it is not defined on the SDM template).

If the SDM template is removed, then other such related commands are also removed and have to be reconfigured explicitly.


Verifying Customizable SDM Templates

Use the following commands to verify the customizable SDM Template that will be applied.

Table 3. Commands to verify the customizable SDM template

Command

Description

show sdm prefer custom

Displays the custom values that will be applied to the features in the customizable SDM template.

show sdm prefer custom user-input

Displays the values that were entered by the user in the customizable SDM template.

show sdm prefer

Displays the customized SDM template that is currently active.

If any feature in the Customizable SDM template has been assigned a scale value of zero, the feature will not be listed in the output of the show sdm prefer custom command after the device is reloaded.

Configuration Examples for SDM Templates

Examples: Displaying SDM Templates

The following example output shows the core template information on Cisco Catalyst 9500 Series Switches:

Device# show sdm prefer core
This is the Core template.
  Security Ingress IPv4 Access Control Entries*:       7168  (current) - 7168  (proposed)
  Security Ingress Non-IPv4 Access Control Entries*:   5120  (current) - 5120  (proposed)
  Security Egress IPv4 Access Control Entries*:        7168  (current) - 7168  (proposed)
  Security Egress Non-IPv4 Access Control Entries*:    8192  (current) - 8192  (proposed)
  QoS Ingress IPv4 Access Control Entries*:            4096  (current) - 4096  (proposed)
  QoS Ingress Non-IPv4 Access Control Entries*:        4096  (current) - 4096  (proposed)
  QoS Egress IPv4 Access Control Entries*:             4096  (current) - 4096  (proposed)
  QoS Egress Non-IPv4 Access Control Entries*:         4096  (current) - 4096  (proposed)
  Netflow Input Access Control Entries*:                512  (current) -  512  (proposed)
  Netflow Output Access Control Entries*:               512  (current) -  512  (proposed)
  Flow SPAN Input Access Control Entries*:              512  (current) -  512  (proposed)
  Flow SPAN Output Access Control Entries*:             512  (current) -  512  (proposed)
  Number of VLANs:                                     4094
  Unicast MAC addresses:                               32768
  Overflow Unicast MAC addresses:                      768
  Overflow L2 Multicast entries:                       2304
  L3 Multicast entries:                                32768
  Overflow L3 Multicast entries:                       768
  Ipv4/Ipv6 shared unicast routes:                     212992
  Overflow shared unicast routes:                      1536
  Policy Based Routing ACEs / NAT ACEs:                3072
  Tunnels:                                             2816
  LISP Instance Mapping Entries:                       2048
  Control Plane Entries:                                512
  Input Netflow flows:                                 32768
  Output Netflow flows:                                32768
  SGT/DGT (or) MPLS VPN entries:                       32768
  SGT/DGT (or) MPLS VPN Overflow entries:              768
  Wired clients:                                       2048
  MACSec SPD Entries:                                  256
  MPLS L3 VPN VRF:                                     1024
  MPLS Labels:                                         45056
  MPLS L3 VPN Routes VRF Mode:                         209920
  MPLS L3 VPN Routes Prefix Mode:                      32768
  MVPN MDT Tunnels:                                    1024
  L2 VPN EOMPLS Attachment Circuit:                    1024
  MAX VPLS Bridge Domains :                            1000
  MAX VPLS Peers Per Bridge Domain:                    128
  MAX VPLS/VPWS Pseudowires :                          16384
Ipv4/Ipv6 Direct and Indirect unicast routes share same space
* values can be modified by sdm cl
These values can vary depending on device and version.

The following example output shows the NAT template information on Cisco Catalyst 9500 Series Switches:

Device# show sdm prefer nat
This is the NAT template.
  Security Ingress IPv4 Access Control Entries*:       7168  (current) - 7168  (proposed)
  Security Ingress Non-IPv4 Access Control Entries*:   5120  (current) - 5120  (proposed)
  Security Egress IPv4 Access Control Entries*:        3072  (current) - 3072  (proposed)
  Security Egress Non-IPv4 Access Control Entries*:    5120  (current) - 5120  (proposed)
  QoS Ingress IPv4 Access Control Entries*:            2560  (current) - 2560  (proposed)
  QoS Ingress Non-IPv4 Access Control Entries*:        1536  (current) - 1536  (proposed)
  QoS Egress IPv4 Access Control Entries*:             3072  (current) - 3072  (proposed)
  QoS Egress Non-IPv4 Access Control Entries*:         1024  (current) - 1024  (proposed)
  Netflow Input Access Control Entries*:               1024  (current) - 1024  (proposed)
  Netflow Output Access Control Entries*:              1024  (current) - 1024  (proposed)
  Flow SPAN Input Access Control Entries*:             512   (current) - 512   (proposed)
  Flow SPAN Output Access Control Entries*:            512   (current) - 512   (proposed)
  Number of VLANs:                                     4094
  Unicast MAC addresses:                               32768
  Overflow Unicast MAC addresses:                      768
  Overflow L2 Multicast entries:                       2304
  L3 Multicast entries:                                32768
  Overflow L3 Multicast entries:                       768
  Ipv4/Ipv6 shared unicast routes:                     212992
  Overflow shared unicast routes:                      1536
  Policy Based Routing ACEs / NAT ACEs:                15872
  Tunnels:                                             1792
  LISP Instance Mapping Entries:                       1024
  Control Plane Entries:                               1024
  Input Netflow flows:                                 32768
  Output Netflow flows:                                32768
  SGT/DGT (or) MPLS VPN entries:                       32768
  SGT/DGT (or) MPLS VPN Overflow entries:              768
  Wired clients:                                       2048
  MACSec SPD Entries:                                  256
  MPLS L3 VPN VRF:                                     1024
  MPLS Labels:                                         45056
  MPLS L3 VPN Routes VRF Mode:                         209920
  MPLS L3 VPN Routes Prefix Mode:                      32768
  MVPN MDT Tunnels:                                    1024
  L2 VPN EOMPLS Attachment Circuit:                    1024
  MAX VPLS Bridge Domains :                            1000
  MAX VPLS Peers Per Bridge Domain:                    128
  MAX VPLS/VPWS Pseudowires :                          16384
Ipv4/Ipv6 Direct and Indirect unicast routes share same space
* values can be modified by sdm cli

The following example output shows the distribution template information on Cisco Catalyst 9500 Series Switches:

Device# show sdm prefer distribution 
This is the Distribution template.
  Security Ingress IPv4 Access Control Entries*:       7168  (current) - 7168  (proposed)
  Security Ingress Non-IPv4 Access Control Entries*:   5120  (current) - 5120  (proposed)
  Security Egress IPv4 Access Control Entries*:        7168  (current) - 7168  (proposed)
  Security Egress Non-IPv4 Access Control Entries*:    8192  (current) - 8192  (proposed)
  QoS Ingress IPv4 Access Control Entries*:            5632  (current) - 5632  (proposed)
  QoS Ingress Non-IPv4 Access Control Entries*:        2560  (current) - 2560  (proposed)
  QoS Egress IPv4 Access Control Entries*:             6144  (current) - 6144  (proposed)
  QoS Egress Non-IPv4 Access Control Entries*:         2048  (current) - 2048  (proposed)
  Netflow Input Access Control Entries*:               1024  (current) - 1024  (proposed)
  Netflow Output Access Control Entries*:              1024  (current) - 1024  (proposed)
  Flow SPAN Input Access Control Entries*:             512   (current) - 512   (proposed)
  Flow SPAN Output Access Control Entries*:            512   (current) - 512   (proposed)
  Number of VLANs:                                     4094
  Unicast MAC addresses:                               81920
  Overflow Unicast MAC addresses:                      768
  Overflow L2 Multicast entries:                       2304
  L3 Multicast entries:                                16384
  Overflow L3 Multicast entries:                       768
  Ipv4/Ipv6 shared unicast routes:                     114688
  Overflow shared unicast routes:                      1536
  Policy Based Routing ACEs / NAT ACEs:                3072
  Tunnels:                                             2816
  LISP Instance Mapping Entries:                       1024
  Control Plane Entries:                               1024
  Input Netflow flows:                                 49152
  Output Netflow flows:                                49152
  SGT/DGT (or) MPLS VPN entries:                       32768
  SGT/DGT (or) MPLS VPN Overflow entries:              768
  Wired clients:                                       2048
  MACSec SPD Entries:                                  256
  MPLS L3 VPN VRF:                                     1024
  MPLS Labels:                                         45056
  MPLS L3 VPN Routes VRF Mode:                         112640
  MPLS L3 VPN Routes Prefix Mode:                      32768
  MVPN MDT Tunnels:                                    1024
  L2 VPN EOMPLS Attachment Circuit:                    1024
  MAX VPLS Bridge Domains :                            1000
  MAX VPLS Peers Per Bridge Domain:                    128
  MAX VPLS/VPWS Pseudowires :                          16384
Ipv4/Ipv6 Direct and Indirect unicast routes share same space
* values can be modified by sdm cli

Examples: Configuring SDM Templates


		
Device(config)# sdm prefer distribution 
Device(config)# exit
Device# reload
		Proceed with reload? [confirm]
		
		

Example: Configuring a customized SDM template

The following example output shows how to configure a customized SDM template for FIB features. In this example, as the SG Hash/MPLS and Ingress Netflow features haven’t been assigned any resources in the customized template they are allotted resources according to their default values.

Device(config)# sdm prefer custom fib 
Device(config-sdm-fib)# mac-address 128 priority 1
Device(config-sdm-fib)# ipv4_and_ipv6 unicast 256 priority 2
Device(config-sdm-fib)# ipv4_and_ipv6 multicast l3 32 priority 3
Device(config-sdm-fib)# ipv4_and_ipv6 multicast l2 32 priority 4
Device(config-sdm-fib)# netflow_out 64 priority 5
Device(config-sdm-fib)# end

In the following examples as the SGT/ MPLS VPN features are assigned zero resources, no resources will be allotted to these features.

Device(config)# sdm prefer custom fib 
Device(config-sdm-fib)# ipv4_and_ipv6 unicast 164 priority 1
Device(config-sdm-fib)# mac-address 80 priority 2
Device(config-sdm-fib)# ipv4_and_ipv6 multicast l2 16 priority 4
Device(config-sdm-fib)# ipv4_and_ipv6 multicast l3 16 priority 3
Device(config-sdm-fib)# sgt_or_mpls_vpn 0
Device(config-sdm-fib)# netflow_in 32 priority 5
Device(config-sdm-fib)# netflow_out 32 priority 6
Device(config-sdm-fib)# end

The following example output shows how to configure a customized SDM template for ACL features. In this example, as the Tunnels feature hasn’t been assigned any resources in the customized template it is allotted resources according to the default values.

Device(config)# sdm prefer custom acl
Device(config-sdm-acl)# acl-ingress 26 priority 1
Device(config-sdm-acl)# acl-engress 20 priority 2
Device(config-sdm-acl)# lisp 2 priority 3
Device(config-sdm-acl)# nfl 2 priority 4
Device(config-sdm-acl)# pbr 2 priority 5
Device(config-sdm-acl)# qos-ingress 2 priority 6
Device(config-sdm-acl)# qos-egress 2 priority 7
Device(config-sdm-acl)# end

The following example output shows how to configure a customized SDM template for 4k VLAN.

Device(config)# sdm prefer custom VLAN
Device(config-sdm-vlan)# end

Example: Displaying the customized SDM template

The following example output shows the proposed values in the customized SDM template for FIB and ACL features.


Device# show sdm prefer custom 
Showing SDM Template Info

This is the Custom template
<SNIP>
  Number of VLANs:                                     4094
  Unicast MAC addresses*:                              32768  (current) - 131072 (proposed)
  Overflow Unicast MAC addresses*:                     768    (current) - 1536   (proposed)
  L2 Multicast entries*:                               0      (current) - 16384  (proposed)
  Overflow L2 Multicast entries*:                      2304   (current) - 768    (proposed)
  L3 Multicast entries*:                               32768  (current) - 16384  (proposed)
  Overflow L3 Multicast entries*:                      768    (current) - 768    (proposed)
  Ipv4/Ipv6 shared unicast routes*:                    212992 (current) - 180224 (proposed)
  Overflow shared unicast routes*:                     1536   (current) - 2304   (proposed)
  Ingress Security Access Control Entries*:            24576  (current) - 26624  (proposed)
  Egress Security Access Control Entries*:             3072   (current) - 20480  (proposed)
  Ingress QoS Access Control Entries*:                 8192   (current) - 1024   (proposed)
  Egress QoS Access Control Entries*:                  8192   (current) - 1024   (proposed)
  Policy Based Routing ACEs / NAT ACEs*:               3072   (current) - 1024   (proposed)
  Netflow Input ACEs*:                                 256    (current) - 512    (proposed)
  Netflow Output ACEs*:                                768    (current) - 512    (proposed)
  Flow SPAN ACEs*:                                     256    (current) - 512    (proposed)
  Output Flow SPAN ACEs*:                              256    (current) - 512    (proposed)
  Tunnels*:                                            2816   (current) - 768    (proposed)
  LISP Instance Mapping Entries*:                      2048   (current) - 1024   (proposed)
  Control Plane Entries*:                              512    (current) - 512    (proposed)
  Input Netflow flows*:                                32768  (current) - 32768  (proposed)
  Output Netflow flows*:                               32768  (current) - 0      (proposed)
  SGT/DGT (or) MPLS VPN entries*:                      32768  (current) - 32768  (proposed)
  SGT/DGT (or) MPLS VPN Overflow entries*:             768    (current) - 768    (proposed)
  Wired clients:                                       2048
  MACSec SPD Entries*:                                 256    (current) - 256    (proposed)
  VRF:                                                 1024
  MPLS Labels:                                         45056
  MPLS L3 VPN Routes VRF Mode*:                        209920 (current) - 180224 (proposed)
  MPLS L3 VPN Routes Prefix Mode*:                     32768  (current) - 32768  (proposed)
  MVPN MDT Tunnels:                                    1024
  L2 VPN EOMPLS Attachment Circuit:                    1024
  MAX VPLS Bridge Domains :                            1000
  MAX VPLS Peers Per Bridge Domain:                    128
  MAX VPLS/VPWS Pseudowires :                          16384

Ipv4/Ipv6 Direct and Indirect unicast routes share same space
(*) values can be modified by sdm cli
The proposed values will take effect post reload.

The following example output shows the values and priorities specified by the user in the custom template. As the SG Hash/MPLS, Ingress Netflow and Tunnels features haven’t been assigned any resources in the customized template, they will be allotted resources according to their default values.

Device# show sdm prefer custom user-input
FIB FEATURE USER INPUT 
User Input values 
==========================

  FEATURE NAME                                         PRIORITY   SCALE     
--------------------------------------------------------------------------
  Unicast MAC addresses:                                1          128*1024
  L2 Multicast entries:                                 4          32*1024
  L3 Multicast entries:                                 3          32*1024
  Ipv4/Ipv6 shared unicast routes:                      2          256*1024
  Output Netflow flows:                                 5          64*1024


System Default values 
==========================

  FEATURE NAME                                         PRIORITY   SCALE     
--------------------------------------------------------------------------
  Input Netflow flows:                                 NA         32768     
  SGT/DGT (or) MPLS VPN entries:                       NA         32768     

ACL FEATURE USER INPUT
User Input values
==========================

  FEATURE NAME                                         PRIORITY   SCALE
--------------------------------------------------------------------------
  Security Access Control Entries:                     1          26*1024
  Egress Security Access Control Entries:              2          20*1024
  QoS Access Control Entries:                          3          2*1024
  Egress QoS Access Control Entries:                   4          2*1024
  Policy Based Routing ACEs / NAT ACEs:                5          2*1024
  Netflow ACEs:                                        6          2*1024
  LISP Instance Mapping Entries:                       7          2*1024


System Default values 
==========================

  FEATURE NAME                                         PRIORITY   SCALE     
--------------------------------------------------------------------------
  Tunnels:                                              NA         1024

The following example output shows the proposed values in the customized SDM template. As the SGT/ MPLS VPN features are assigned zero resources, no resources will be allotted to these features.

Device#show sdm prefer custom                                       
Showing SDM Template Info

This is the Custom template
<SNIP>
  Unicast MAC addresses*:                           32768  (current) - 81920  (proposed)
  Overflow Unicast MAC addresses*:                  768    (current) - 1536   (proposed)
  L2 Multicast entries*:                            0      (current) - 16384  (proposed)
  Overflow L2 Multicast entries*:                   2304   (current) - 768    (proposed)
  L3 Multicast entries*:                            32768  (current) - 16384  (proposed)
  Overflow L3 Multicast entries*:                   768    (current) - 768    (proposed)
  Ipv4/Ipv6 shared unicast routes*:                 212992 (current) - 180224 (proposed)
  Overflow shared unicast routes*:                  1536   (current) - 2304   (proposed)
  Ingress Security Access Control Entries*:         24576  (current) - 26624  (proposed)
  Egress Security Access Control Entries*:          3072   (current) - 20480  (proposed)
  Ingress QoS Access Control Entries*:              8192   (current) - 1024   (proposed)
  Egress QoS Access Control Entries*:               8192   (current) - 1024   (proposed)
  Policy Based Routing ACEs / NAT ACEs*:            3072   (current) - 1024   (proposed)
  Netflow Input ACEs*:                              256    (current) - 512    (proposed)
  Netflow Output ACEs*:                             768    (current) - 512    (proposed)
  Flow SPAN ACEs*:                                  256    (current) - 512    (proposed)
  Output Flow SPAN ACEs*:                           256    (current) - 512    (proposed)
  Tunnels*:                                         2816   (current) - 768    (proposed)
  LISP Instance Mapping Entries*:                   2048   (current) - 1024   
  Input Netflow flows*:                             32768  (current) - 32768  (proposed)
  Output Netflow flows*:                            32768  (current) - 32768  (proposed)
  SGT/DGT (or) MPLS VPN entries*:                   32768  (current) - 0      (proposed)
  SGT/DGT (or) MPLS VPN Overflow entries*:          768    (current) - 768    (proposed)
  Wired clients:                                    2048
  MACSec SPD Entries*:                              256    (current) - 256    (proposed)
  VRF:                                              1024
  MPLS Labels:                                      45056
  MPLS L3 VPN Routes VRF Mode*:                     209920 (current) - 180224 (proposed)
  MPLS L3 VPN Routes Prefix Mode*:                  32768  (current) - 32768  (proposed)
  MVPN MDT Tunnels:                                 1024
  L2 VPN EOMPLS Attachment Circuit:                 1024
  MAX VPLS Bridge Domains :                         1000
  MAX VPLS Peers Per Bridge Domain:                 128
  MAX VPLS/VPWS Pseudowires :                       16384

The following example output shows the values and priorities specified by the user in the custom template. No resources have been alloted to SGT/MPLS VPN features.

Device#show sdm prefer custom user-input
FIB FEATURE USER INPUT 
User Input values 
========================== 
  FEATURE NAME                                         PRIORITY       SCALE     
-----------------------------------------------------------------------------
Unicast MAC addresses:                                     2          80*1024
L2 Multicast entries:                                      4          16*1024
L3 Multicast entries:                                      3          16*1024
Ipv4/Ipv6 shared unicast routes:                           1          164*1024
Input Netflow flows:                                       5          32*1024
Output Netflow flows:                                      6          32*1024
SGT/DGT (or) MPLS VPN entries:                             NA         0

ACL FEATURE USER INPUT
User Input values
==========================
  FEATURE NAME                                         PRIORITY   SCALE
--------------------------------------------------------------------------
  Security Access Control Entries:                     1          26*1024
  Egress Security Access Control Entries:              2          20*1024
  QoS Access Control Entries:                          3          2*1024
  Egress QoS Access Control Entries:                   4          2*1024
  Policy Based Routing ACEs / NAT ACEs:                5          2*1024
  Netflow ACEs:                                        6          2*1024
  LISP Instance Mapping Entries:                       7          2*1024


System Default values 
==========================

  FEATURE NAME                                         PRIORITY   SCALE     
--------------------------------------------------------------------------
  Tunnels:                                              NA         1024

The following example output shows the proposed values in the customized SDM template for 4k VLAN.

Device#show sdm prefer custom
Showing SDM Template Info

This is the Custom template.
Security Ingress IPv4 Access Control Entries*:          7168 (current) - 7168 (proposed)
Security Ingress Non-IPv4 Access Control Entries*:      5120 (current) - 5120 (proposed)
Security Egress IPv4 Access Control Entries*:           7168 (current) - 7168 (proposed)
Security Egress Non-IPv4 Access Control Entries*:       8192 (current) - 8192 (proposed)
QoS Ingress IPv4 Access Control Entries*:               5632 (current) - 5632 (proposed)
QoS Ingress Non-IPv4 Access Control Entries*:           2560 (current) - 2560 (proposed)
QoS Egress IPv4 Access Control Entries*:                6144 (current) - 6144 (proposed)
QoS Egress Non-IPv4 Access Control Entries*:            2048 (current) - 2048 (proposed)
Netflow Input Access Control Entries*:                  512  (current) - 512  (proposed)
Netflow Output Access Control Entries*:                 512  (current) - 512  (proposed)
Flow SPAN Input Access Control Entries*:                512  (current) - 512  (proposed)
Flow SPAN Output Access Control Entries*:               512  (current) - 512  (proposed)
Number of VLANs:                                        4094
Unicast MAC addresses*:                                 98304
Overflow Unicast MAC addresses*:                        768
Overflow L2 Multicast entries*:                         2048
L3 Multicast entries*:                                  16384
Overflow L3 Multicast entries*:                         768
Ipv4/Ipv6 shared unicast routes*:                       81920
Overflow shared unicast routes*:                        1536
Policy Based Routing ACEs / NAT ACEs*:                  3072
Tunnels*:                                               2816
LISP Instance Mapping Entries*:                         2048
Control Plane Entries*:                                 512
Input Netflow flows*:                                   49152
Output Netflow flows*:                                  49152
SGT/DGT (or) MPLS VPN entries*:                         32768
SGT/DGT (or) MPLS VPN Overflow entries*:                768
Wired clients:                                          2048
MACSec SPD Entries*:                                    256
VRF:                                                    1024
MPLS Labels:                                            45056
MPLS L3 VPN Routes VRF Mode*:                           81920
MPLS L3 VPN Routes Prefix Mode*:                        32768
MVPN MDT Tunnels:                                       1024
L2 VPN EOMPLS Attachment Circuit:                       1024
MAX VPLS Bridge Domains :                               1000
MAX VPLS Peers Per Bridge Domain:                       128
MAX VPLS/VPWS Pseudowires :                             16384
VLAN Filter Entries:                                    16384

Example: Applying the customized SDM template

The following example output shows how to apply a customized SDM template:

Device(config)# sdm prefer custom commit
Changes to the running SDM preferences have been stored and will take effect on the next reload.
Device(config)# exit
Device# reload

Example: Clearing the customized values of the SDM template

The following example output shows how to clear a customized SDM template for FIB features after which the template can be recustomized:

Device(config)# sdm prefer custom fib clear
FIB customization changes, not yet committed will be cleared
Device(config-sdm-fib)# end

The following example output shows how to clear a customized SDM template for ACL features after which the template can be recustomized:

Device(config)# sdm prefer custom acl clear
ACL customization changes, not yet committed will be cleared
Device(config-sdm-fib)# end

Additional References for SDM Templates

Related Documents

Related Topic Document Title

For complete syntax and usage information for the commands used in this chapter.

Command Reference (Catalyst 9500 Series Switches)

Feature History for SDM Templates

This table provides release and related information for features explained in this module.

These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.

Release

Feature

Feature Information

Cisco IOS XE Everest 16.5.1a

SDM Template

Standard SDM templates can be used to configure system resources to optimize support for specific features.

Support for this feature was introduced only on the C9500-12Q, C9500-16X, C9500-24Q, C9500-40X models of the Cisco Catalyst 9500 Series Switches.

Cisco IOS XE Fuji 16.8.1a

SDM Template

Support for this feature was introduced only on the C9500-32C, C9500-32QC, C9500-48Y4C, and C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches.

Cisco IOS XE Amsterdam 17.3.1

Customizable SDM Template for FIB Features

Support for customizable SDM templates for FIB features was introduced. Customizable SDM templates can be used to configure the features of the template as per the user's requirements.

Support for this feature was introduced only on the C9500-32C, C9500-32QC, C9500-48Y4C, and C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches.

Cisco IOS XE Bengaluru 17.4.1

Customizable SDM Template for ACL Features

Support for customizable SDM templates for ACL features was introduced. Customizable SDM templates can be used to configure the features of the template as per the user's requirements.

Support for this feature was introduced only on the C9500-32C, C9500-32QC, C9500-48Y4C, and C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches.

Cisco IOS XE Bengaluru 17.5.1

Customizable SDM template for 4k VLAN

Support for customizable SDM templates for 4k VLAN was introduced.

Support for this feature was introduced only on the C9500-32C, C9500-32QC, C9500-48Y4C, and C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.