Wonderful, thanks! On 18 May 2011, at 18:42, Richard A Steenbergen wrote: > On Wed, May 18, 2011 at 05:10:54PM +0100, William J Hulley wrote: >> Hi, >> >> I'm using some EX3200s running 10.0S6.1 and developing a configuration >> using filter based forwarding to policy route traffic between routing >> instances. >> >> It's all working fine in the lab but I'm concerned about the potential >> growth of the firewall policy and utilisation of the TCAM in >> production and would obviously like to model the usage and monitor it. >> >> Are there any known supported/un-supported ways of getting useful >> stats out of the box beyond just relying on syslog messages saying >> there isn't enough cam? > > Drop into the fpc shell from root, like so: > > RE:0% vty fpc0 > > BSD platform (MPC 8544 processor, 48MB memory, 0KB flash) > > PFEM0(vty)# > > > Next you need to find the vendor ID for the platform, like so: > > PFEM0(vty)# show tcam vendor > Vendor = internal_ch3_tcam Vendor_id = 1 > > For EX8200 it's vendor id 6, for EX3200 it seems to be vendor id 1. > > Then you need to find the instance ID for the hardware you're looking > for. On EX8200 I know instance 2 is used for GE cards, instance 4 is > used for XE cards. On EX3200 there only seems to be instance 2 (as > you'd expect): > > PFEM0(vty)# show tcam vendor 1 instances > > Vendor Instance Page Size > -------------------------------------------- > internal_ch3_tcam 2 4 > > > So then to view the usage info for this vendor/instance: > > PFEM0(vty)# show tcam vendor 1 instance 2 rules > Number of rules as Ingress PACL: 0 > Number of rules as Ingress VACL: 0 > Number of rules as Ingress RACL: 528 > Number of rules as Egress PCL: 135 > > 528 Ingress RACL rules > > HW-index Page_id Entry_id rule_size fw_id Rule > -------------------------------------------------------------------------------- > 6296 1574 0 2 27 > AUTOFW-INVALID-PROTOCOLS.ext.0 > 6298 1574 2 2 27 > AUTOFW-INVALID-PROTOCOLS.ext.1 > 6496 1624 0 2 27 > AUTOFW-BORDER-FILTERED-PROTOCOLS.ext.0 > 6498 1624 2 2 27 > AUTOFW-BORDER-FILTERED-PROTOCOLS.ext.1 > 6708 1677 0 2 27 > AUTOFW-BORDER-LIMIT-IP-OPTIONS.ext.0 > 6710 1677 2 2 27 > AUTOFW-BORDER-LIMIT-IP-OPTIONS.ext.1 > 6960 1740 0 2 27 > AUTOFW-LIMIT-ICMP-ECHO.ext.0 > ... > > TCAM utilization: 1326(used), 12938(free), 14264(total) > > And there is your total tcam utilization above. Depending on code and > platform it may show you a slightly different view, for example here is > the utilization on an EX8200 running older 10.1 code: > > PFEM15(vty)# show tcam vendor 6 instance 4 rules > Instance 4 > DB 0 Ingr PACL: 0/ 996 (current/max) rules. Util. 0.000% > DB 1 Ingr VACL: 0/ 12288 (current/max) rules. Util. 0.000% > DB 2 Ingr RACL: 410/ 32768 (current/max) rules. Util. 1.251% > DB 3 Egr PACL: 0/ 1024 (current/max) rules. Util. 0.000% > DB 4 Egr PCL1: 103/ 8188 (current/max) rules. Util. 1.258% > > But you get the gist. :) > > -- > Richard A Steenbergen <r...@e-gerbil.net> http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp