How to calculate the TCAM space, when QoS and ACL are applied to one interface.
When QoS and ACL are applied to one interface, the actual number of rules in TCAM is:
Ingress:
No. of QoS classifiers rules + No. of input ACL rules + (No. of QoS classifiers rules * No. of input ACL rules)
Egress:
No. of QoS rewrite rules + No. of output ACL rules + (No. of QoS rewrite rule * No. of output ACL rules)
For example:
Only the firewall filter is applied to an interface input:
set firewall family inet filter acl-test term 1 from protocol tcp set firewall family inet filter acl-test term 1 then discard set firewall family inet filter acl-test term 2 then accept set interfaces ge-0/0/22 unit 0 family inet filter input acl-test PFEM0(vty)# show tcam vendor 1 rules 2 Ingress RACL rules HW-index Page_id Entry_id rule_size fw_id fmt Rule -------------------------------------------------- 7288 1822 0 2 8 4 1.ext.0 7290 1822 2 2 8 4 2.ext.0 TCAM utilization: 2(used), 7038(free), 7040(total) > 2 rules used in tcam
Only QoS classifiers are applied to an interface:
set class-of-service classifiers dscp qos-test forwarding-class high loss-priority low code-points ef set class-of-service classifiers dscp qos-test forwarding-class low loss-priority high code-points beset class-of-service interfaces ge-0/0/22 unit 0 classifiers dscp qos-test PFEM0(vty)# show tcam vendor 1 rules 3 Ingress RACL rules HW-index Page_id Entry_id rule_size fw_id fmt Rule ------------------------------------------------------------ 7288 1822 0 2 10 4 cos-dyn-term-27837-0-0-non_ipv6.ext.0 7290 1822 2 2 10 4 cos-dyn-term-27837-46-46-non_ipv6.ext.0 10808 2702 0 2 10 4 cos-dyn-term-27837-default.ext.0 TCAM utilization: 3(used), 7037(free), 7040(total)> 3 rules used in tcam
Merged QoS and ACL on the same interface:
PFEM0(vty)# show filter -------- ---------- ------ 1 Classic acl-test 46137360 Classic pfe-dyn-cos-88 46137361 Classic pfe-dyn-cos-88-MERGE-acl-test > merge QoS and firewall filter PFEM0(vty)# show tcam vendor 1 rules 11 Ingress RACL rules HW-index Page_id Entry_id rule_size fw_id fmt Rule -------------------------------------------------------------------------------- 2008 502 0 2 10 4 cos-dyn-term-27837-0-0-non_ipv61.ext.0 2010 502 2 2 10 4 cos-dyn-term-27837-0-0-non_ipv62.ext.0 3768 942 0 2 10 4 cos-dyn-term-27837-46-46-non_ipv61.ext.0 3770 942 2 2 10 4 cos-dyn-term-27837-46-46-non_ipv62.ext.0 5528 1382 0 2 10 4 cos-dyn-term-27837-default1.ext.0 5530 1382 2 2 10 4 cos-dyn-term-27837-default2.ext.0 7288 1822 0 2 10 4 cos-dyn-term-27837-0-0-non_ipv6_1.ext.0 7290 1822 2 2 10 4 cos-dyn-term-27837-46-46-non_ipv6_1.ext.0 10808 2702 0 2 10 4 cos-dyn-term-27837-default_1.ext.0 10810 2702 2 2 10 4 1_2.ext.0 12568 3142 0 2 10 4 2_2.ext.0 TCAM utilization: 11(used), 7029(free), 7040(total) > 11 rules used in tcam No.11 == No. of qos classifiers rules + No. of input acl rules + ( No. of qos classifiers rules * No. of input acl rules ) = 2+3+(2*3)