Cisco Nexus 7000 Series NX-OS System Management Configuration Guide
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This table lists the release history for this feature.
Table 1. Feature
History for iCAM
Feature Name
Releases
Feature Information
Scale Monitoring
8.4(1)
Scale monitoring has been expanded to cover the following technology groups: BFD, FEX, FabricPath, Interfaces, Layer 2 Switching,
Multicast Routing, NetFlow, OTV, PTP, PVLAN, QoS, Security, SPAN, System Management, Unicast Routing, VXLAN EVPN.
Remote Integrated Services Engine (RISE)
8.4(1)
Support for the RISE feature has been deprecated.
iCAM Scale Monitoring
8.3(1)
This feature was introduced.
iCAM TCAM Monitoring
8.2(1)
Added the functionality to enable iCAM monitoring, viewing the history of traffic analytics, and predicting the traffic analytics.
iCAM
8.0(1)
This feature was introduced. The following commands were
introduced:
feature icam
show icam {entries | resource} modulemodule-numberinstinstance-number
Information About
iCAM
From Cisco NX-OS Release 8.0(1), the Intelligent CAM (iCAM) analytics and machine-learning feature is supported on Cisco Nexus
7000 Series Switches and Cisco Nexus 7700 Switches. The iCAM feature enables you to view the traffic analytics per feature,
Ternary Content-Addressable Memory (TCAM) resources and ability to monitor network scale parameters..Before the iCAM feature,
it was difficult to get information about the traffic flow through various subnets and applications and an overall view of
how many TCAM or Static Random Access Memory (SRAM) resource entries were used or free with various features.
For example, the resource entries utilized in the ACL Classification TCAM per feature, like Router-ACL (RACL), Vlan-ACL (VACL),
Port-ACL (PACL), Policy Based Routing (PBR), QoS (Quality of Service), NAT, Intelligent Traffic Director (ITD), Web Cache
Communication Protocol (WCCP), or Remote Integrated Services Engine (RISE), could not be determined. Some features might use
bulk of the TCAM resources, and some of those TCAM entries might not be in use.
To overcome these limitations, the iCAM feature provides analytics related to network traffic, TCAM usage per feature, detailed
analysis per TCAM bank. This helps in effectively utilizing the available TCAM space.
An iCAM process runs on the Supervisor module. It interacts with various components on the line card and collects the hardware
resource utilization statistics, performs data processing, and presents a summarized output. It also provides insights about
the top hitters and bottom hitters for each feature, like ACL and PBR entries. Using iCAM, you can get packet counts per TCAM
entry, sort and search through these entries, and get the top or bottom specified percentage of entries. The traffic analytics
helps in better utilization of TCAM space, and better understanding of network traffic.
The iCAM is a VDC global process; it can be enabled only on the default VDC.
The iCAM does not require additional hardware or software. It provides useful traffic telemetry and analytics.
iCAM enables you to perform the following:
View traffic and usage analytics per supported function, Ternary Content-Addressable Memory (TCAM) resources, and TCAM entries.
Allows you to plan better by understanding the Ternary Content-Addressable Memory (TCAM) usage per feature, enabling you to
use TCAM space effectively.
Verify, detect, plan, and predict your environment against Cisco-verified scale numbers for the different supported functions
(Layer 2 switching, unicast routing, multicast routing, and VXLAN).
Maintain historical usage, functional scale analytics of different supported functions, including entries and resource usage
of FIB and ACL TCAM.
Predict scale (usage level) monitoring for different supported functions in addition to predicted scale for ACL and FIB TCAM
entries.
View health monitoring data (such as CPU, memory, power supply) and information on Intelligent Traffic Director (ITD) services.
Overview of iCAM Monitoring
From Cisco NX-OS Release 8.2(1), you can use iCAM in an IPv4 network to view the traffic analytics based on the type of TCAM
entries and the type of TCAM resources. You can set a global monitoring interval to determine how often iCAM should collect
data for statistics. You can also set a global interval history, which determines the number of intervals for which iCAM should
store statistics.
Based on a default or user-configured scale level threshold on a per-function basis, iCAM generates alerts through system
logging messages generation to notify network administrators.
You can obtain traffic and scale (usage level) monitoring for the following resources and functions:
ACL TCAM entries
IPv4 multicast TCAM entries
ACL TCAM resource utilization
Forward information base (FIB) TCAM resource utilization
BFD
FEX
FabricPath
Interfaces
Layer 2 Switching
Multicast Routing
NetFlow
OTV
PTP
PVLAN
QoS
Security
SPAN
System Management
Unicast Routing
VXLAN
Overview of Scale Monitoring
iCAM scale monitoring provides you the ability to verify, detect, plan, and predict your environment against Cisco verified
scale numbers. You can configure all scale monitoring features with default limits and thresholds or customize the threshold
values to your specific needs.
Scale monitoring capabilities include:
Track system scale limits in comparison to Cisco verified limits.
Two-hour polling interval by default, configurable to one-hour.
Track average and peak utilizations, along with timestamps for peak utilizations.
User-configurable scale limits and alert thresholds.
JSON/XML compatible for off box Orchestrator interaction.
Per-ASIC instance and Per-VDC Awareness.
Event-history support.
Scale predictability - Planning via a centralized data base for historical data.
From Cisco NX-OS Release 8.4(1), Scale Monitoring supports the following features:
Layer 2 Switching—Layer 2 infrastructure, Spanning Tree Protocol
Multicast Routing
OTV
PVLAN
QoS
Security—ACLs, DHCP, UDP Relay
System Management—SPAN, ERSPAN, PTP, NetFlow
Unicast Routing—OSPF
VXLAN
Historical Analytics Using iCAM
From Cisco NX-OS Release 8.2(1), you can use iCAM to obtain the historical traffic analytics of entries and resources. When
iCAM monitoring is enabled for resources and entries, the traffic data is periodically polled and stored in the iCAM database.
The history option for iCAM entries displays the cumulative traffic stats and average packets per second. The history option
for TCAM resources displays the snapshots of TCAM statistics of the past.
The following figure shows the historical traffic data:
The following figure shows the historical resource utilization:
Predicting Traffic Analytics Using iCAM
From Cisco NX-OS Release 8.2(1), you can use iCAM to predict the traffic on entries and resources for a future date. The predictions
are based on the data history collected by iCAM. When iCAM monitoring is enabled for resources and entries, the traffic data
is periodically polled and stored in the iCAM database. The iCAM feature uses machine-learning algorithms to analyze the historical
data and predicts the TCAM usage for a future date and time.
The following figure shows the predicted traffic data:
The following figure shows the predicted resource utilization:
Benefits of
iCAM
Allows users to obtain application traffic analytics, like the HTTP traffic and the traffic consumed by an IP or subnet.
Does not require additional hardware or software.
Users can get the iCAM analytics and machine-learning feature by upgrading the Cisco NX-OS software.
Allows users to plan better by understanding the Ternary
Content-Addressable Memory (TCAM) usage per feature.
Default Settings for iCAM
This table lists the default settings for iCAM.
Table 2. Default iCAM Settings
Parameter
Default
iCAM
Disabled
iCAM monitor interval
1
iCAM interval duration
7200 sec
Number of intervals in iCAM monitor history
168 (2 weeks)
Filter
All the features are displayed
Sort order
Descending
Percentage of entries displayed
1
Enabling iCAM
Procedure
Step 1
Enter global configuration mode:
switch# configure terminal
Step 2
Enable the iCAM feature on the device:
switch(config)# feature icam
The no form of this command disables the iCAM feature.
Step 3
Exit the global configuration mode:
switch(config)# exit
Example: Configuring iCAM
This running configuration example shows how to configure the iCAM feature.
configure terminal
feature icam
exit
Enabling iCAM Monitoring on Resources and Traffic
Before you begin
Ensure that you have enabled the iCAM feature on the device.
Procedure
Step 1
Enter global configuration mode:
switch# configure terminal
Step 2
Enable monitoring on the required entries and resources:
Use the no form of these commands to disable monitoring on the corresponding resources or entries.
Step 3
Exit the global configuration mode:
switch(config)# exit
Example: Enabling iCAM Monitoring on Resources and Entries
This running configuration example shows how to enable iCAM monitoring on the TCAM entries. Replace the <placeholders> with relevant values for your setup.
This running configuration example shows how to enable iCAM monitoring for the multicast entries. Replace the <placeholders> with relevant values for your setup.
This running configuration example shows how to enable iCAM monitoring on the ACL TCAM resources. Replace the <placeholders> with relevant values for your setup.
This running configuration example shows how to enable iCAM monitoring on the FIB TCAM resources. Replace the <placeholders> with relevant values for your setup.
Use the no form of this command to reset to the default values. The default value of the global monitoring interval is 2 hours and the
default value of the interval history is 168. The default values might change when more data is collected on the accuracy
of machine-learning.
Step 3
Exit the global configuration mode:
switch(config)# exit
Example: Configuring iCAM Monitor Interval
This running configuration example shows how to set the iCAM monitor interval and the global interval history. Replace the
<placeholders> with relevant values for your setup.
Enable the iCAM feature. The no form of this command disables the iCAM feature.
switch(config)# featureicam
You must enable iCAM monitoring if you want to configure and record history and predict TCAM entries or resources.
Step 3
Enable all features with default limits and thresholds.
switch(config)# [no]icammonitorscale
Step 4
Enables you to customize the limit for a specific BFD feature to override its default limit. Feature limit range is 1 to 4294967295
for this step and for the following 4-18 steps with icam monitor scale feature form.
Note: The icam monitor scale<technology> <feature>limit val command does not enable scale monitoring for this feature but only configures scale limit for the feature.
info—Configures the info threshold. The range is 1 to 100 percent, default value is 80 percent.
warning—Configures the warning threshold. The range is 1 to 100 percent, default value is 90 percent.
critical—Configures the critical threshold. The range is 1 to 100 percent, default value is 100 percent.
Step 21
(Optional) Exits the global configuration mode.
switch(config)# exit
Step 22
(Optional) Display data from the default scale monitoring thresholds.
switch# showicamscale
Verified Scale—CCO QA verified scale numbers that are based on software version and hardware.
Customer Configured Scale—Displays the difference between configured and verified.
Threshold Exceeded —Displays the highest threshold level exceeded.
Step 23
(Optional) Display the utilization data including average and peak utilization data, peak timestamp, 7-day totals, and total
counts.
switch# showicamscaleutilization
Step 24
(Optional) Display the hit count and the last timestamp of the exceeding configured scale for each configured threshold. Use
the hit count for each threshold to determine if the event is an anomaly or frequently occuring. The Last Info Exceeded Timestamp
displays the last timestamp of the exceeding configured scale.
switch# showicamscalethresholds
Step 25
(Optional) Display the scale history and sort the history records by the current scale value or by the polled time stamp.
Display the BFD data. You can customize the display of BFD data. Use ? to display a list of supported BFD keywords.
switch# show icam scale bfd
Step 27
Display the fabricpath data. You can customize the display of fabricpath data. Use ? to display a list of supported fabricpath
keywords.
switch# show icam scale fabricpath
Step 28
Display the fabric extender data. You can customize the display of FEX data. Use ? to display a list of supported FEX keywords.
switch# show icam scale fex
Step 29
Display the interface data. You can customize the display of interface data. Use ? to display a list of supported interface
keywords.
switch# show icam scale interface
Step 30
Display the Layer 2 switching data. You can customize the display of Layer 2 switching data. Use ? to display a list of
supported Layer 2 switching keywords.
switch# show icam scale l2-switching
Step 31
Display the multicast routing data. You can customize the display of multicast routing data. Use ? to display a list of supported
multicast routing keywords.
switch# show icam scale multicast-routing
Step 32
Display the netflow data. You can customize the display of netflow data. Use ? to display a list of supported netflow keywords.
switch# show icam scale netflow
Step 33
Display the OTV data. You can customize the display of OTV data. Use ? to display a list of supported OTV keywords.
switch# show icam scale otv
Step 34
Display the PTP data. You can customize the display of PTP data. Use ? to display a list of supported PTP keywords.
switch# show icam scale ptp
Step 35
Display the PVLAN data. Use ? to display a list of supported PVLAN keywords.
switch# show icam scale pvlan
Step 36
Display the QoS data. Use ? to display a list of supported QoS keywords.
switch# show icam scale qos
Step 37
Display the security data. Use ? to display a list of supported security keywords.
switch# show icam scale security
Step 38
Display the SPAN data. Use ? to display a list of supported SPAN keywords.
switch# show icam scale span
Step 39
Display the unicast routing data. Use ? to display a list of supported unicast routing keywords.
switch# show icam scale unicast-routing
Step 40
Display the VXLAN data. Use ? to display a list of supported VXLAN keywords.
switch# show icam scale vxlan
Step 41
Displays the traffic prediction of scale monitoring.
switch# show icam prediction scale year month day time
year—Specifies the year in the YYYY format. The values range from 1970 to 2030.
month—Specifies the month as Jan, Feb, or so on. The values are case sensitive.
day—Specifies the day of the month in the DD format. The values range from 1 to 31.
time—Specifies the time in the HH:MM:SS format.
Example: Verifying Scale Monitoring
The following examples display sample data from PVLAN scale monitoring with the associated keywords.
Displaying Current, Historical, and Predictive Traffic Analytics of TCAM Entries
The TCAM entries and traffic analytics are listed per module and per TCAM instance. To display the current, historical, or
predictive traffic analytics of TCAM entries, use the following commands:
history—Displays the traffic history of entries for the specified number of intervals.
sort—Specifies how to filter or sort the list of TCAM entries. You must use at least one option if you filter TCAM entries using
the sort keyword.
filterfeature-name—Filters the TCAM entries based on the feature name.
Note
By default, all the features are displayed. Enclose the feature name in quotation marks if it contains more than one word,
like QoS COPP.
exact—Filters the TCAM entries based on the exact feature name.
Note
This keyword can be used only when filtering the TCAM entries by feature names.
sort-order—Sorts the entries in either ascending or descending order.
Note
The valid values are 1 and 2. 1 displays the list in ascending order and 2 displays the list in descending order. The entries
are sorted in descending order by default.
toptop-percentage—Displays the top TCAM entries, sorted by packet count, based on the specified percentage.
Note
The valid values are from 1 to 100. The default value is 1%.
Displays the traffic prediction of the multicast entries.
Note
The history and prediction can be displayed only for resources and entries that have monitoring enabled.
The entries and resources are sorted based on the packet count.
You can use the output of the above commands to generate a chord diagram. A chord diagram provides a simple view of complex
traffic flows. You can identify an anomalous traffic flow using a chord diagram.
This example shows how to view the top 2% traffic flow of the TCAM entries for a current date.
You can use the output in this example to generate a chord diagram. The following figure shows the traffic flow, which is
generated using the output in this example:
Every arc in the chord diagram represents the traffic flow from a source address to a destination address. The thick end of
the chord represents the source address and the thin end represents the destination address. The thickness of the arc represents
the percentage of the traffic. The Stats column in the output of the show icam entries command gives the information about the number of packets or traffic hitting a TCAM entry. The traffic from a single source
to multiple destinations and from multiple sources to single destination can be visualized using the chord diagram.
The following figure shows the anomaly visualization of the traffic flow:
In the figure, the arcs with traffic from 209.165.201.0 to 209.165.202.10 can be easily identified as an anomalous traffic
pattern.
Displaying Current, Historical, and Predictive TCAM Resource Usage per Feature
To display the current, historical, or predictive TCAM usage, use the following commands:
Displays the traffic prediction of the FIB TCAM resources.
You can generate a donut chart or a bar graph using the output of the above commands. The following figure shows the TCAM
resource usage per feature:
Explanation of the Display Outputs
When you enable iCAM monitoring for an entry or a resource, the corresponding traffic statistics or resources usage snapshot
is stored in the database once in every interval.
This example shows the historical view of the TCAM entries monitored by iCAM. The Stats column shows the total amount of packets hitting the entry in the last five intervals. The Rate column shows the average traffic rate in packets per second in the last five intervals.
switch# show icam entries acl module 5 inst 0 history 5
============================================================================================================================
TCAM Entries (Mod 5,Inst 0): Cumulative stats for last 5 intervals
----------------------------------------------------------------------------------------------------------------------------
Feature Pkt_Type Source IP/Mask Dest IP/Mask Action ifindex Stats Rate(pps)
----------------------------------------------------------------------------------------------------------------------------
FEX IPv4 ip 0.0.0.0/0 0.0.0.0/0 Redirect 0x15090000 0 0
FEX IPv6 ip 0x00000000000000000000000000000000/0 0x000000000000000000000 Redirect 0x15090000 0 0
FEX MAC 0000.0000.0000 0000.0000.0000 0000.0000.0000 0000.0000.0000 Redirect 0x15090000 0 0
FEX ARP arp-rarp/all ip 0.0.0.0/0 0.0.0.0/0 0000.0000.0000 0000.0000.00 Redirect 0x15090000 0 0
RACL IPv4 ip 209.165.201.1/27 0.0.0.0/0 Permit 0x1a200000 23423 945
RACL IPv4 ip 209.165.201.2/27 0.0.0.0/0 Permit 0x1a200000 23946237 718353
RACL IPv4 ip 209.165.201.3/27 0.0.0.0/0 Permit 0x1a200000 83675 585
RACL IPv4 ip 209.165.201.4/27 0.0.0.0/0 Permit 0x1a200000 0 0
RACL IPv4 ip 209.165.201.5/27 0.0.0.0/0 Permit 0x1a200000 9693487 45986
RACL IPv4 ip 209.165.201.6/27 0.0.0.0/0 Permit 0x1a200000 9693487 45986
RACL IPv4 ip 0.0.0.0/0 0.0.0.0/0 Deny 0x1a200000 9693487 45986
QoS COPP IPv4 tcp 0.0.0.0/0 0.0.0.0/0 QoS 0x0 0 0
QoS COPP IPv4 udp 0.0.0.0/0 ip 209.165.201.7/27 0.0.0.0/0 QoS 0x0 0 0
This example shows the historical view of the TCAM resource utilization as snapshots. Each snapshot displays the state of
TCAM utilization in the corresponding time interval.
The following chord diagram is a simple representation of a complex traffic flow, where the traffic flow between the various
sources and destinations is uniform.
This example shows how to view the top 10% of TCAM entries for a current date and filtered by a feature name.
switch# show icam entries acl module 3 inst 5 sort filter "qos copp" top 10
Retrieving data from linecard. This may take some time ...
=================================================================================================================
TCAM Entries (Mod 3,Inst 5)
-----------------------------------------------------------------------------------------------------------------
Feature Pkt_Type Source IP/Mask Dest IP/Mask Action ifindex Stats
-----------------------------------------------------------------------------------------------------------------
QoS COPP IPv4 ip 0.0.0.0/0 0.0.0.0/0 QoS 0x0 38408890
QoS COPP MAC 0000.0000.0000 0000.0000.0000 0180.c200.000e ffff.ffff.ffff 350 QoS 0x0 254
QoS COPP MAC 0000.0000.0000 0000.0000.0000 0100.0ccc.cccc ffff.ffff.ffff QoS 0x0 23
QoS COPP IPv4 udp 0.0.0.0/0 209.165.201.1/27 QoS 0x0 0
QoS COPP IPv4 udp 0.0.0.0/0 209.165.201.1/27 QoS 0x0 0
This example shows how to view current TCAM entries filtered by a feature name using the exact keyword.
switch# show icam entries acl module 7 inst 0 sort filter QoS exact top 100
Retrieving data from linecard. This may take some time ...
========================================================================================================
TCAM Entries (Mod 7,Inst 0)
--------------------------------------------------------------------------------------------------------
Feature Pkt_Type Source IP/Mask Dest IP/Mask Action ifindex Stats
--------------------------------------------------------------------------------------------------------
QoS IPv4 ip 209.165.201.1/27 209.165.202.129/27 QoS 0x1a316000 0
QoS IPv4 ip 209.165.201.1/27 209.165.202.129/27 QoS 0x1a316000 0
QoS IPv4 ip 209.165.201.2/27 209.165.202.129/27 QoS 0x1a316000 0
QoS IPv4 ip 209.165.201.2/27 209.165.202.129/27 QoS 0x1a316000 0
QoS IPv4 ip 209.165.201.3/27 209.165.202.129/27 QoS 0x1a316000 0
QoS IPv4 ip 209.165.201.3/27 209.165.202.129/27 QoS 0x1a316000 0
QoS IPv4 ip 0.0.0.0/0 0.0.0.0/0 QoS 0x1a316000 0
QoS IPv4 ip 0.0.0.0/0 0.0.0.0/0 QoS 0x1a316000 0
This example shows how to view the history of TCAM entries monitored by iCAM.