If you’ve ever read the CCNP SWITCH books or similar materials, you’ve seen the terms CAM and TCAM. If you haven’t, here’s a brief explanation: a Content Addressable Memory contains the MAC addresses mapped to their ports and VLANs for efficient switching, and the Ternary Content Addressable Memory contains layer 3 forwarding and access-list information for efficient routing (multilayer switching). Switches normally have a set number of CAM and TCAM entries. If the CAM capacity is reached, frames with new destination MAC addresses are flooded. If the TCAM capacity is reached, new entries are processed in software and will put a strain on the device’s cpu. The TCAM is often further divided into smaller parts, each doing a specific function (routing, QoS, access-lists,…).

The Cisco 3560 and 3750 switches have something extra in this regard: their CAM and TCAM table sizes can be modified. You can check the current table sizes with the ‘show sdm prefer’ command:

WS-C3560-24PS#show sdm prefer
The current template is “desktop default” template.  The selected template optimizes the resources in  the switch to support this level of features for 8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                            6K
number of IPv4 IGMP groups + multicast routes:      1K
number of IPv4 unicast routes:                                  8K
number of directly-connected IPv4 hosts:                 6K
number of indirect IPv4 routes:                                 2K
number of IPv4 policy based routing aces:                0
number of IPv4/MAC qos aces:                               0.5K
number of IPv4/MAC security aces:                           1K

To change the table sizes, you have to change the sdm template:

WS-C3560-24PS-S(config)#sdm prefer ?
access                        Access bias
default                       Default bias
dual-ipv4-and-ipv6   Support both IPv4 and IPv6
routing                       Unicast bias
vlan                            VLAN bias

Yes, you’ve read that right. ‘dual-ipv4-and-ipv6’ activates IPv6, which cannot be configured by default. So if you have a 3560 or 3750 switch model and the command ‘ipv6 unicast-routing’ isn’t supported, this is the solution. For the other templates, a brief explanation below:

  • Access: optimized for a few routed interfaces and many VLANs. Less unicasts (layer 2 and layer 3), more space for security and policy-based routing (PBR). This is one of the only templates to support hardware-assisted policy-based routing.
  • Default: the default template. A mix of unicast routes, connected and host routes.
  • Dual-ipv4-and-ipv6: further divided in default, routing and vlan. Default reserves less space for layer 2 unicast and allocates this to IPv6 routing and security entries. Where default still has a roughly 50-50 balance between IPv4 and IPv6, routing allocates even more space to IPv6 routing. Vlan assumes a dual-stack environment with end-hosts connected on many VLANs.
  • Routing: allocated most of the table space to IPv4 unicast routing entries. This template can hold enough routes to forward in hardware to support a non-BGP core switch in a large network, and perhaps even a partial BGP table.
  • Vlan: allocates most table space to layer 2 unicasts, while still leaving enough space for IPv4 inter-vlan routing in hardware. Ideal for large subnets, or virtualized environments with many MAC addresses.

I also tested if there was a difference between an 8-port and a 24-port 3560, but the table sizes where exactly the same in all templates. Using these templates increases flexibility and allows you to choose what should be treated in hardware the most, depending on where in the network a switch is deployed.

Update 07/12/2011: someone gave me a very useful command to check the TCAM usage: ‘show platform tcam utilization’.