Guest

Preview Tool

Cisco Bug: CSCvs50014 - ACL and Netflow on subinterface occupy double TCAM entries

Last Modified

Jan 09, 2020

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

7.3(1)D1(1) 8.3(2)

Description (partial)

Symptom:
When we apply ACL and Netflow to subinterfaces:

 version 7.3(1)D1(1)
 
interface Ethernet11/1
  ip address 1.1.1.1/24
  no shutdown
 
interface Ethernet11/1.300
  ip address 2.2.2.2/24
  no shutdown
 
interface Ethernet11/1.301
  ip address 3.3.3.3/24
  no shutdown
 
interface Ethernet11/1.302
  ip address 5.5.5.5/24
  no shutdown
 
interface Ethernet11/1.303
  ip address 4.4.4.4/24
  no shutdown
 
Initial Utilisation:
N7718-TT2-TEST# sh system internal access-list resource utilization mod 11 | in
Tcam 1, Bank 0           28      32740   0.09<<<<<<<<<<
Tcam 1, Bank 1           475     32293   1.45
Tcam 1, Bank 0           28      32740   0.09<<<<<<<<<<
Tcam 1, Bank 1           475     32293   1.45
 

In this case, when ACL was applied to each of the subinterfaces one by one, we saw the utilization increase to 6.69% as soon as we applied it to the first sub-interface and remained to be at 6.69% when the ACL was allowed on all subinterfaces 
 
 
N7718-TT2-TEST(config)# sh system internal access-list resource utilization mod 11 | in "Tcam 1, Bank"
Tcam 1, Bank 0           2193    30575   6.69
Tcam 1, Bank 1           475     32293   1.45
Tcam 1, Bank 0           2193    30575   6.69
Tcam 1, Bank 1           475     32293   1.45
              
              As soon as we applied Netflow config to one sub-interface, our utilization immediately doubled:
 
 
N7718-TT2-TEST# sh system internal access-list resource utilization mod 11 | in "Tcam 1, Bank"
Tcam 1, Bank 0           4358    28410   13.30<<<<<<<<<<<<<<<<<<<<<<
Tcam 1, Bank 1           476     32292   1.45
Tcam 1, Bank 0           4358    28410   13.30
Tcam 1, Bank 1           476     32292   1.45
 
              After we applied the Netflow config to all the sub-interfaces, we were back at the original utilization
 
N7718-TT2-TEST(config-if)# sh system internal access-list resource utilization mod 11 | in "Tcam 1, Bank"
Tcam 1, Bank 0           2193    30575   6.69
Tcam 1, Bank 1           476     32292   1.45
Tcam 1, Bank 0           2193    30575   6.69
Tcam 1, Bank 1           476     32292   1.45
 
 
When tested with other feature combinations, we did not see the doubling behavior as seen with ACL and Netflow

Conditions:
Nexus 7000 device with multiple sub interface on one parent interface, with netflow and ACL not applied to all the subinterfaces under one parent
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.