我有Cisco Nexus C9396PX L3交换机,我在它上面配置了一堆 ACL(入站)来拒绝/允许流量。现在,如果我尝试添加更多 ACL,则会收到 TCAM 表已满的错误消息。这是 tcam 的输出
如果您注意到一行Ingress IPv4 RACL 259 253 50.59It is for L3 ACL 并且达到了 50% 的利用率,但我仍然有50%空闲,那么为什么我无法添加更多规则?有一件事我注意到它的入口,所以可能我用完了所有入口条目,现在还有其他任何用于出口的东西..我说得对吗?
假设我没有在交换机上使用任何 L2 功能,并且想要给VACLtcam 大小,RACL这可能吗?
swt-c9396PX# show hardware access-list resource utilization
slot 1
=======
INSTANCE 0x0
-------------
ACL Hardware Resource Utilization (Mod 1)
----------------------------------------------------------
Used Free Percent
Utilization
-------------------------------------------------------------------
Ingress IPv4 PACL 3 509 0.59
Ingress IPv4 Port QoS 4 252 1.56
Ingress IPv4 VACL 2 510 0.39
Ingress IPv4 RACL 259 253 50.59
Egress IPv4 VACL 3 509 0.59
Egress IPv4 RACL 3 253 1.17
SUP COPP 205 51 80.08
SUP COPP Reason Code TCAM 6 122 4.69
Redirect 2 510 0.39
VPC Convergence 1 255 0.39
sFlow Northstar ACL 0 256 0.00
LOU 2 22 8.33
Both LOU Operands 2
Single LOU Operands 0
LOU L4 src port: 1
LOU L4 dst port: 1
LOU L3 packet len: 0
LOU IP tos: 0
LOU IP dscp: 0
LOU ip precedence: 0
LOU ip TTL: 0
TCP Flags 0 16 0.00
Protocol CAM 2 244 0.81
Mac Etype/Proto CAM 0 14 0.00
L4 op labels, Tcam 0 0 1023 0.00
L4 op labels, Tcam 2 1 62 1.58
L4 op labels, Tcam 6 0 2047 0.00
Ingress Dest info table 0 512 0.00
Egress Dest info table 0 512 0.00
INSTANCE 0x1
-------------
ACL Hardware Resource Utilization (Mod 1)
----------------------------------------------------------
Used Free Percent
Utilization
-------------------------------------------------------------------
Ingress NS IPv4 Port QoS 1 255 0.39
Ingress NS IPv4 L3 QoS 1 255 0.39
Ingress NS IPv4 VLAN QoS 1 255 0.39
LOU 0 24 0.00
Both LOU Operands 0
Single LOU Operands 0
LOU L4 src port: 0
LOU L4 dst port: 0
LOU L3 packet len: 0
LOU IP tos: 0
LOU IP dscp: 0
LOU ip precedence: 0
LOU ip TTL: 0
TCP Flags 0 16 0.00
Protocol CAM 0 246 0.00
Mac Etype/Proto CAM 0 14 0.00