Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

Shared Table Memory (STM), is a feature designed to allow sharing a common resource across several table memories. This provides a large number of shared resources that can be allocated depending on the intended user application. It allows allocating resources to tables as needed instead of in fixed proportions, enabling large tables to receive more resources.

As shown in Figure 1, STM resource space includes two parts: TCAM and FIB. TCAM and FIB resources were separate entities of fixed size. If a given system application did not utilize one of these resources, then the entries remained unused and could not be reclaimed for other purpose. This document describes an example of how to configure TCAM and FIB resource allocation.

Figure 1. Shared Table Memory


The TCAM resource is used to configure ACL entries and OpenFlow entries which contain the following parts:

  • User defined firewall tables including ingress and egress tables, which occupy the TCAM resource.
  • Resources reserved for the ACL entries for the Control Plane Policing (CoPP) and MAC Authentication Bypass (MAB).
  • OpenFlow flow table resources.

You can use the CLI command to configure the maximum number of entries in the user-defined firewall tables that are allocated in TCAM. The remaining TCAM system resources are used for OpenFlow flow tables and the system reserved TCAM resource for ACL entries of COPP. In the result of this is that after the resources reserved by the system for the COPP and MAB are exhausted, it will go onto to allocate more memory resource from the free OpenFlow resources. But the space allocated through CLI for the user-defined firewall tables remains unaffected even if there is free space in it in case space runs out for CoPP and MAB or the OpenFlow tables.


CoPP firewall table occupies the egress firewall table resource.

In CrossFlow mode, by default, the system allocates all TCAM resources to the L2/L3 firewall tables except the resources reserved for COPP and the MAB. Take AS5812_54T switch (ASIC is Trident2+) as an example.

admin@Xorplus# set interface stm firewall-table egress
Possible completions:
  [0..512]                        Max Egress ACL Counter
admin@Xorplus# set interface stm firewall-table ingress
Possible completions:
  [0..768]                        Max Ingress ACL Counter

We can see that the total number of TCAM resource is 512+768=1280 entries (which do not include the resources reserved for CoPP and MAB), are all allocated to L2/L3 firewall tables by default. In this case, there is no resource left to configure OpenFlow flow tables. If you want to configure OpenFlow flow tables, you need to modify the number of resources allocated to the firewall tables. For example, we can commit the following configurations:

admin@Xorplus# set interface stm firewall-table ingress 100
admin@Xorplus# set interface stm firewall-table egress 300
admin@Xorplus# commit

The above configurations have allocated up to 100 ingress ACL entries and 300 egress ACL entries in TCAM. The remaining system resources in TCAM are 1280-100-300=880, which is the maximum resource that can be used for OpenFlow flow entries.

FIB Table Resources

The L2/L3 entry tables are allocated in the FIB of the dedicated memory space in STM. The MAC table occupies the FDB resource; the IPv4 route table and IPv6 route table occupy the routing table resource. The STM share mode, can be set by using set interface stm share-mode command. It determines the fixed resource size for these L2/L3 entry tables in the FIB.

Taking the Trident2+ switch as an example, we can see that under different share modes, the dedicated resource allocation of each L2/host-route/route entries in the STM is different.

admin@Xorplus# set interface stm share-mode
Possible completions:
  0                               l2-size 294912, host-route 12000, route 12000
  1                               l2-size 229376, host-route 44800, route 12000
  2                               l2-size 163840, host-route 70400, route 12000
  3                               l2-size 98304,  host-route 96000, route 12000
  4                               l2-size 32768,  host-route 12000, route 115200
  5                               l2-size 32768,  host-route 12000, route 12000

In CrossFlow mode, user can enable L2/L3 mode as a PICOS OVS multi-table function. If the L2/L3 mode is enabled, the FIB table resource will be shared by legacy ports and CrossFlow ports (see description in Crossflow Mode Introduction), in a way that will prevent mixing of data traffic between the different types of ports.

User can allocate the FIB resource for special ports as the following command shows.

admin@Xorplus# set interface stm share-mode 3
admin@Xorplus# set interface stm mac-table 20000
admin@Xorplus# set interface stm ipv4-route 6000
admin@Xorplus# set interface stm ipv6-route 1000
admin@Xorplus# commit

The second command, set interface stm mac-table 20000, allocates the FDB table resource for legacy ports, and the rest of the resource for CrossFlow ports and OpenFlow ports.

The last two commands, set interface stm ipv4-route 6000, and set interface stm ipv6-route 1000, allocates the route table resource for legacy ports, and the rest of resources for CrossFlow ports and OpenFlow ports.

After the configurations are committed, we can use the run show interface stm command line to view the STM resource allocation:

admin@Xorplus# run show interface stm
Total stm resource:
  Share-mode: 3
  number of host routes: 96000
  number of mac unicast addresses: 20000
  number of firewall ingress tables: 100
  number of firewall egress tables: 300
  number of IPv4 unicast routes: 6000
  number of IPv6 unicast routes: 1000
Stm resource in use:
  number of firewall ingress tables: 0
  number of firewall egress tables: 21

The item number of firewall egress tables is used for describing STM resources for CoPP. By default, the value of number of firewall egress tables in STM resource in use: is 21 as have been used by the default CoPP configurations.

  • No labels