This article is intended to explain the procedure to find the number of TCAM entries by firewall filter terms used on the QFX3500 Switch.
How do I find the number of TCAM entries used by filter terms?
In QFX3500 switches, the user can find the number of TCAM entries used by terms used in firewall filter applied to interfaces or VLAN.
Procedure:
1. Access the shell prompt of the switch using:
juniper@host# run start shell % su root password: root@host%
2. Login to PFE manager of the switch using:
root@host% vty fpc0 TOR platform (1200000000Mhz XLR processor, 89MB memory, 0KB flash) TFXPC0(vty)#
3. Display number of filters created in the switch with their index numbers:
TFXPC0(vty)# show filter Program Filters: --------------- Index Dir Cnt Text Bss Name -------- ------ ------ ------ ------ -------- Term Filters: ------------ Index Semantic Name -------- ---------- ------ 1 Classic NET01-1000-DC3 50331649 Classic fc_filter_xe-0/0/32 50331650 Classic fc_filter_xe-0/0/12 Resolve Filters: --------------- Index --------
4. Check number of entries on TCAM used by filter terms:
TFXPC0(vty)# show filter hw 1 show_term_info ====================== Filter index : 1 ====================== - Filter name : Test + Hardware Instance : 1 + Hardware key (struct brcm_dfw_hw_key_t): - Type : IPACL - Vlan id : 0 - Direction : ingress - Protocol : 35 - Port class id : 0 - Class id : 0 - Loopback : 0 - Port : 0(xe-17) - Vlan tag : 0 + FP usage info (struct brcm_dfw_fp_t): - Group : IFP iPACL group (12) - List of tcam entries : [ total: 0; ] - List of ranges : [ total: 0; ] - List of interface match entries : [ total: 0; ] - List of dot1q-tag match entries : [ total: 0; ] + Misc info (struct brcm_dfw_misc_info_t): - List of <anlz_id, entry_id> : [ total: 0; ] + Bind point info (union brcm_dfw_bind_point_info_t): - Port bitmap :[ 25(xe8) ] + Programmed: NO + Term Expansion: - Term 1: will expand to 4 terms: "MDP-1" - Term 2: will expand to 1 term: "MDP-2" - Term 3: will expand to 4 terms: "MDP-3" - Term 4: will expand to 72 terms: "MDP-4" - Term 5: will expand to 96 terms: "iLink-1" - Term 6: will expand to 4 terms: "BGP-1" - Term 7: will expand to 1 term: "icmp-1" - Term 8: will expand to 15 terms: "icmp-2" - Term 9: will expand to 1 term: "icmp-3" - Term 10: will expand to 1 term: "icmp-4" - Term 11: will expand to 30 terms: "icmp-5" - Term 12: will expand to 1 term: "icmp-6" - Term 13: will expand to 1 term: "icmp-7" - Term 14: will expand to 13 terms: "icmp-8" - Term 15: will expand to 1 term: "icmp-9" - Term 16: will expand to 34 terms: "FIX-Fast-FTP-1" - Term 17: will expand to 34 terms: "FIX-Fast-FTP-2" - Term 18: will expand to 51 terms: "FIX-Fast-FTP-3" - Term 19: will expand to 32 terms: "FIX-Fast-FTP-4" - Term 20: will expand to 10 terms: "NTP-1" - Term 21: will expand to 1 term: "internal-1" + Term TCAM entry requirement: - Term 1: needs 4 TCAM entries: "MDP-1" - Term 2: needs 1 TCAM entry: "MDP-2" - Term 3: needs 4 TCAM entries: "MDP-3" - Term 4: needs 72 TCAM entries: "MDP-4" - Term 5: needs 96 TCAM entries: "iLink-1" - Term 6: needs 4 TCAM entries: "BGP-1" - Term 7: needs 1 TCAM entry: "icmp-1" - Term 8: needs 15 TCAM entries: "icmp-2" - Term 9: needs 1 TCAM entry: "icmp-3" - Term 10: needs 1 TCAM entry: "icmp-4" - Term 11: needs 30 TCAM entries: "icmp-5" - Term 12: needs 1 TCAM entry: "icmp-6" - Term 13: needs 1 TCAM entry: "icmp-7" - Term 14: needs 13 TCAM entries: "icmp-8" - Term 15: needs 1 TCAM entry: "icmp-9" - Term 16: needs 34 TCAM entries: "FIX-Fast-FTP-1" - Term 17: needs 34 TCAM entries: "FIX-Fast-FTP-2" - Term 18: needs 51 TCAM entries: "FIX-Fast-FTP-3" - Term 19: needs 32 TCAM entries: "FIX-Fast-FTP-4" - Term 20: needs 10 TCAM entries: "NTP-1" - Term 21: needs 1 TCAM entry: "internal-1" + Total TCAM entries needed: 407
5. Display TCAM statistics:
TFXPC0(vty)# show filter hw groups Unit:0 Group Information: > VFP groups: Dynamic group id: 1. Entries: 11 Max Entries: 1024 Priority: 0 > IFP groups: BA classifier dynamic group id: 11. Entries: 18 Max Entries: 128 Priority: 0 iRACL group id: 14. Entries: 1 Max Entries: 256 Priority: 1 iVACL group id: 13. Entries: 0 Max Entries: 256 Priority: 2 iPACL group id: 12. Entries: 0 Max Entries: 256 Priority: 3 Dynamic group id: 10. Entries: 14 Max Entries: 128 Priority: 4 > EFP groups: ePACL group id: 20. Entries: 1 Max Entries: 256 Priority: 0 eVACL group id: 21. Entries: 1 Max Entries: 256 Priority: 1 eRACL group id: 22. Entries: 1 Max Entries: 256 Priority: 2 Dynamic group id: 23. Entries: 0 Max Entries: 256 Priority: 3
NOTE: The command “show filter hw 1 show_term_info” will be introduced in 11.3 and all later software releases.