Optimizing System Resources on a Catalyst Switch via SDM

By using Switch Database Management (SDM) templates, you can configure memory resources in the switch to optimize support for specific features, depending on how the switch is used in your network. You can select one of four templates to specify how system resources are allocated. You can then approximate the maximum number of unicast MAC addresses, Internet Group Management Protocol (IGMP) groups, quality of service (QoS) access control entries (ACEs), security ACEs, unicast routes, multicast routes, subnet VLANs (routed interfaces), and Layer 2 VLANs that can be configured on the switch.

The four templates prioritize system memory to optimize support for these types of features:

  • QoS and security ACEs—The access template might typically be used in an access switch at the network edge where the route table sizes might not be substantial. Filtering and QoS might be more important because an access switch is the entry to the whole network.
  • Routing—The routing template maximizes system resources for unicast routing, typically required for a router or aggregator in the center of a network.
  • VLANs—The VLAN template disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a switch used as a Layer 2 switch.
  • Default—The default template gives balance to all functionalities (QoS, ACLs, unicast routing, multicast routing, VLANs and MAC addresses).

You can also enable the switch to support 144-bit Layer 3 TCAM, allowing extra fields in the stored routing tables, by reformatting the routing table memory allocation. Using the extended-match keyword with the default, access, or routing templates reformats the allocated TCAM by reducing the number of allowed unicast routes, and storing extra routing information in the lower 72 bits of the Layer 3 TCAM. The 144-bit Layer 3 TCAM is required when running the Web Cache Communication Protocol (WCCP) or multiple VPN routing/forwarding (multi-VRF) instances in customer edge (CE) devices (multi-VRF CE) on the switch.

Table 6-5 lists the approximate number of each resource supported in each of the four templates for Catalyst 3550 Gigabit Ethernet switches. Table 6-6 compares the four templates for a Catalyst 3550 switch with primarily Fast Ethernet ports.

The first six rows in the tables (unicast MAC addresses through multicast routes) represent approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance.

The last two rows, the total number of routed ports and SVIs and the number of Layer 2 VLANs, are guidelines used to calculate hardware resource consumption related to the other resource parameters.

The number of subnet VLANs (routed ports and SVIs) are not limited by software and can be set to a number higher than indicated in the tables. If the number of subnet VLANs configured is lower or equal to the number in the tables, the number of entries in each category (unicast addresses, IGMP groups, and so on) for each template will be as shown. As the number of subnet VLANs increases, CPU utilization typically increases. If the number of subnet VLANs increases beyond the number shown in the tables, the number of supported entries in each category could decrease depending on features that are enabled. For example, if PIM-DVMRP is enabled with more than 16 subnet VLANs, the number of entries for multicast routes will be in the range of 1K-5K entries for the access template.

Table 6-5 Approximate Resources Allowed in Each Template for Gigabit Ethernet Switches  

Resource

Default Template

Access Template

Routing Template

VLAN Template

Unicast MAC addresses

6 K

2 K

6 K

12 K

IGMP groups (managed by Layer 2 multicast features such as MVR or IGMP snooping)

6 K

8 K

6 K

6 K

QoS classification ACEs

2 K

2 K

1 K

2 K

Security ACEs

2 K

4 K

1 K

2 K

Unicast routes

12 K or 6 K1

4 K or 2 K1

24 K or 12 K1

0

Multicast routes

6 K

8 K

6 K

0

Subnet VLANs (routed ports and SVIs)

16

16

16

16

Layer 2 VLANs

1 K

1 K

1 K

1 K

1 When the extended-match keyword is used with the listed template. This keyword affects only the number of unicast routes allowed.

 

 

 

Table 6-6 Approximate Resources Allowed in Each Template for Fast Ethernet Switches 

Resource

Default Template

Access Template

Routing Template

VLAN Template

Unicast MAC addresses

5 K

1 K

5 K

8 K

IGMP groups (managed by Layer 2 multicast features such as MVR and IGMP snooping)

1 K

2 K

1 K

1 K

QoS classification ACEs

1 K

1K

512

1 K

Security ACEs

1 K

2 K

512

1 K

Unicast routes

8 K or 4 K1

2 K or 1 K1

16 K or 8 K1

0

Multicast routes

1 K

2 K

1 K

0

Subnet VLANs (routed ports and SVIs)

8

8

8

8

Layer 2 VLANs

1 K

1 K

1 K

1 K

1 When the extended-match keyword is used with the listed template. This keyword affects only the number of unicast routes allowed.

 Using the Templates

Follow these guidelines when using the SDM templates:

The maximum number of resources allowed in each template is an approximation and depends upon the actual number of other features configured. For example, in the default template for the Catalyst 3550-12T, if your switch has more than 16 routed interfaces configured, the number of multicast or unicast routes that can be accommodated by hardware might be fewer than shown.

Using the sdm prefer vlan global configuration command disables routing capability in the switch. Any routing configurations are rejected after the reload, and previously configured routing options might be lost. Use the sdm prefer vlan global configuration command only on switches intended for Layer 2 switching with no routing.

Do not use the routing template if you are not enabling routing on your switch. Entering the sdm prefer routing global configuration command on a switch does not enable routing, but it would prevent other features from using the memory allocated to unicast and multicast routing in the routing template, which could be up to 30 K in Gigabit Ethernet switches and 17 K in Fast Ethernet switches.

You must use the extended-match keyword to support 144-bit Layer 3 TCAM when WCCP or multi-VRF CE is enabled on the switch. This keyword is not supported on the VLAN template.

This procedure shows how to change the SDM template from the default. The switch must reload before the configuration takes effect. If you use the show sdm prefer privileged EXEC command before the switch reloads, the previous configuration (in this case, the default) appears.

Beginning in privileged EXEC mode, follow these steps to use the SDM template to maximize feature usage:

 

 

Command

Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

sdm prefer {access [extended-match] | extended-match | routing [extended-match] | vlan}

Specify the SDM template to be used on the switch:

The keywords have these meanings:

access—Maximizes the use of QoS classification ACEs and security ACEs on the switch.

routing—Maximizes routing on the switch.

vlan—Maximizes VLAN configuration on the switch with no routing allowed.

extended-match—Reformats routing memory space to allow 144-bit Layer 3 TCAM support in the default, access, or routing template to support WCCP or multi-VRF CE.

The default template (if none of these is configured) balances the use of unicast MAC addresses, IGMP groups, QoS ACEs, security ACEs, unicast and multicast routes, routed interfaces, and Layer 2 VLANs.

Step 3 

end

Return to privileged EXEC mode.

Step 4 

reload

Reload the operating system.

 After the system reboots, you can use the show sdm prefer privileged EXEC command to verify the new template configuration. If you use the show sdm prefer command before the reload privileged EXEC command, the previous template appears instead of the new one.

To return to the default template, use the no sdm prefer global configuration command.

This example shows how to configure a switch with the routing template and verify the configuration:

Switch(config)# sdm prefer routing

Switch(config)# end

Switch# reload

Proceed with reload? [confirm]

About CCIETalk

An Experienced Unified Communications Engineer Specializing in Cisco, Riverbed, VMware and Relevant Technologies. CCIE Voice, CCNA, CCDA, CCNP, CCDP, CCIP, RCSA.

Speak Your Mind