Dell 9.7(0.0) Plumbing Product User Manual


  Open as PDF
of 1039
 
CAM Optimization
User-Configurable CAM Allocation
User-configurable content-addressable memory (CAM) allows you to specify the amount of memory
space that you want to allocate for ACLs.
To allocate ACL CAM, use the cam-acl command in CONFIGURATION mode. For information about
how to allocate CAM for ACL VLANs, see
Allocating ACL VLAN CAM.
The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 13 FP
blocks. (There are 16 FP blocks, but System Flow requires three blocks that cannot be reallocated.)
Enter the allocation as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd
numbered ranges.
Save the new CAM settings to the startup-config (use write-mem or copy run start) then reload the
system for the new settings to take effect.
Test CAM Usage
The test cam-usage command is supported on the Z9500.
This command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS
optimization for IPv6 ACLs.
To determine whether sufficient ACL CAM space is available to enable a service-policy, use this
command. To verify the actual CAM space required, create a class map with all the required ACL rules,
then execute the test cam-usage command in Privilege mode. The following example shows the
output when executing this command. The status column indicates whether you can enable the policy.
Example of the test cam-usage Command
Dell#test cam-usage service-policy input TestPolicy linecard all
Linecard|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status
--------------------------------------------------------------------------
2| 1| IPv4Flow| 232| 0|Allowed
2| 1| IPv6Flow| 0| 0|Allowed
4| 0| IPv4Flow| 232| 0|Allowed
4| 0| IPv6Flow| 0| 0|Allowed
Dell#
Implementing ACLs
You can assign one IP ACL per physical or VLAN interface. If you do not assign an IP ACL to an interface,
it is not used by the software in any other capacity.
The number of entries allowed per ACL is hardware-dependent.
If you enable counters on IP ACL rules that are already configured, those counters are reset when a new
rule is inserted or prepended. If a rule is appended, the existing counters are not affected. This is
applicable to the following features:
L2 Ingress Access list
L2 Egress Access list
94
Access Control Lists (ACLs)