In the last post, we examined TCAM utilization for the following access list:
ip access-list v4-NETWORK-MGMT 10 permit tcp any any range 721 1035
Expansion of this range gave us 8 TCAM entries:
switch-9k-1# show system internal access-list input entries detail ... [0x0000:0x0000:0x0600] permit tcp 0.0.0.0/0 0.0.0.0/0 range 1032 1035 [0] [0x0001:0x0001:0x0601] permit tcp 0.0.0.0/0 0.0.0.0/0 range 1024 1031 [0] [0x0002:0x0002:0x0602] permit tcp 0.0.0.0/0 0.0.0.0/0 eq 721 [0] [0x0003:0x0003:0x0603] permit tcp 0.0.0.0/0 0.0.0.0/0 range 722 723 [0] [0x0004:0x0004:0x0604] permit tcp 0.0.0.0/0 0.0.0.0/0 range 724 727 [0] [0x0005:0x0005:0x0605] permit tcp 0.0.0.0/0 0.0.0.0/0 range 728 735 [0] [0x0006:0x0006:0x0606] permit tcp 0.0.0.0/0 0.0.0.0/0 range 736 767 [0] [0x0007:0x0007:0x0607] permit tcp 0.0.0.0/0 0.0.0.0/0 range 768 1023 [0]
We know that TCAM operates on masks for rapid lookups, and we have seen how quickly our limited TCAM can be consumed. What happens if we add source or destination addresses into the mix?