Shared Table Memory (STM), is a feature designed to allow sharing a common resource across several table memories. This provides a large number of shared resources that can be allocated depending on the intended user application. It allows allocating resources to tables as needed instead of in fixed proportions, enabling large tables to receive more resources.
As shown in Figure 1, STM resource space includes two parts: TCAM and FIB. TCAM and FIB resources were separate entities of fixed size. If a given system application did not utilize one of these resources, then the entries remained unused and could not be reclaimed for other purpose. This document describes an example of how to configure TCAM and FIB resource allocation.
Figure 1. Shared Table Memory
The TCAM resource is used to configure ACL entries and OpenFlow entries which contain the following parts:
- User defined firewall tables including ingress and egress tables, which occupy the TCAM resource.
- Resources reserved for the ACL entries for the Control Plane Policing (CoPP) and MAC Authentication Bypass (MAB).
- OpenFlow flow table resources.
You can use the CLI command to configure the maximum number of entries in the user-defined firewall tables that are allocated in TCAM. The remaining TCAM system resources are used for OpenFlow flow tables and the system reserved TCAM resource for ACL entries of COPP. In the result of this is that after the resources reserved by the system for the COPP and MAB are exhausted, it will go onto to allocate more memory resource from the free OpenFlow resources. But the space allocated through CLI for the user-defined firewall tables remains unaffected even if there is free space in it in case space runs out for CoPP and MAB or the OpenFlow tables.
CoPP firewall table occupies the egress firewall table resource.
In CrossFlow mode, by default, the system allocates all TCAM resources to the L2/L3 firewall tables except the resources reserved for COPP and the MAB. Take AS5812_54T switch (ASIC is Trident2+) as an example.
We can see that the total number of TCAM resource is 512+768=1280 entries (which do not include the resources reserved for CoPP and MAB), are all allocated to L2/L3 firewall tables by default. In this case, there is no resource left to configure OpenFlow flow tables. If you want to configure OpenFlow flow tables, you need to modify the number of resources allocated to the firewall tables. For example, we can commit the following configurations:
The above configurations have allocated up to 100 ingress ACL entries and 300 egress ACL entries in TCAM. The remaining system resources in TCAM are 1280-100-300=880, which is the maximum resource that can be used for OpenFlow flow entries.
FIB Table Resources
The L2/L3 entry tables are allocated in the FIB of the dedicated memory space in STM. The MAC table occupies the FDB resource; the IPv4 route table and IPv6 route table occupy the routing table resource. The STM share mode, can be set by using set interface stm share-mode command. It determines the fixed resource size for these L2/L3 entry tables in the FIB.
Taking the Trident2+ switch as an example, we can see that under different share modes, the dedicated resource allocation of each L2/host-route/route entries in the STM is different.
In CrossFlow mode, user can enable L2/L3 mode as a PICOS OVS multi-table function. If the L2/L3 mode is enabled, the FIB table resource will be shared by legacy ports and CrossFlow ports (see description in Crossflow Mode Introduction), in a way that will prevent mixing of data traffic between the different types of ports.
User can allocate the FIB resource for special ports as the following command shows.
The second command, set interface stm mac-table 20000, allocates the FDB table resource for legacy ports, and the rest of the resource for CrossFlow ports and OpenFlow ports.
The last two commands, set interface stm ipv4-route 6000, and set interface stm ipv6-route 1000, allocates the route table resource for legacy ports, and the rest of resources for CrossFlow ports and OpenFlow ports.
After the configurations are committed, we can use the run show interface stm command line to view the STM resource allocation:
The item number of firewall egress tables is used for describing STM resources for CoPP. By default, the value of number of firewall egress tables in STM resource in use: is 21 as have been used by the default CoPP configurations.