Graceful Handling of Out of Resource Situations

Out of Resource Situation is an alarm or notification indicating that the resources of the router are used extensively and the resources are reaching their threshold limits. These situations can occur due to various reasons such as high number of routes, MAC addresses, interfaces, and Access Control List (ACEs). To exemplify, if the router fails to program high number of routes in its Network Processing Unit (NPU), OOR alarm can be trigerred. The OOR situations ultimately leads to traffic loss. By handling the OOR situation gracefully, you can avoid the traffic loss in the router.

NPU is an integrated circuit which has a feature set targeted at a networking application domain. The role of NPU is similar to the role of CPU (Central Processing Unit) in the computer. Integrated circuits in NPU handle data packets transmission in the routers. To enable the transmission of data packets, NPU uses several internal resources such as Forwarding Information Base (FIB), Input Logical Interface (INLIF), INLIF1, INLIF2, and Router Interface (RIF).

To ensure optimum traffic forwarding without any loss, it is crucial to monitor and ensure that the NPU tables are not out of resources. The router maintains default OOR threshold levels to alert you of the NPU resource usage.

The default values for OOR threshold levels are as follows:

  • The Red state occurs when 95% or more of the router's hardware resources are in-use.

  • The Yellow state occurs when 80% or more of the router's hardware resources are in-use.

  • The Green state indicates that less than 80% of the router's hardware resources are in-use and there’s favorable utilization of hardware resources.

Out of Resource Handling of FIB Resources

The main function of the FIB within routers/line-cards is to map destination IP prefixes/labels to potential egress interfaces. In order to achieve this, the FIB maintains multiple databases or hardware tables, such as:

  • Forward Equivalence Class (FEC) and the Equal Cost Multi-Path Forward Equivalence Class (ECMP FEC): This database mainly stores information related to the IPv4 and IPv6 prefixes that the router has learnt. When a traffic packet reaches the router, it performs a FIB lookup on the destination prefix of the incoming packet. This lookup results in the FEC or ECMP FEC object for that particular prefix and it provides information about the egress interface on the router through which the packet can reach its destination.

OOR Protection Mode

When the FIB resource usage exceeds the red threshold, the system enters OOR protection mode.

In FEC OOR protection mode, the router doesn’t allocate any FEC objects when it learns a new prefix, but assigns a pre-created drop FEC instead. The router drops incoming packets with destination IP addresses that were assigned the drop FEC.

In ECMP FEC OOR protection mode, the router chooses only the first path among multiple paths to forward traffic. When FEC or ECMP FEC usage drops below yellow threshold, the router reprograms the affected prefixes to normal FEC or ECMP FEC. Thereafter, the router resumes traffic flow.

Configuration Steps to Change OOR Threshold Levels

The following section shows how to change the default threshold levels for OOR handling.


Router# conf t
Router(config)# oor hw threshold red 90
Router(config)# oor hw threshold yellow 75
Router(config)# commit

Release Stale FEC Resources

To release the stale FEC resources, execute the following command:

Router# clear cef

Verification of FEC Resources

Use the show controllers npu resources command to verify FIB resources.

The OOR State in the output of the show controllers npu resources command changes when the router reaches an OOR situation. The OOR State changes from Green to Yellow, and finally to Red depending on the utilization of FEC or ECMP FEC resources. 

Router# show controllers npu resources fec location 0/0/CPU0 
HW Resource Information
    Name                            : fec
    Asic Type                       : Qumran

NPU-0
OOR Summary
        Estimated Max Entries       : 126976
        Red Threshold               : 95 %
        Yellow Threshold            : 80 %
        OOR State                   : Green
        Bank Info                   : FEC


OFA Table Information
(May not match HW usage)
        ipnhgroup                   : 43058
        ip6nhgroup                  : 2
        edpl                        : 0
        limd                        : 0
        punt                        : 19
        iptunneldecap               : 0
        ipmcroute                   : 1
        ip6mcroute                  : 0
        ipnh                        : 0
        ip6nh                       : 0
        mplsmdtbud                  : 0
        ipvrf                       : 2
        ippbr                       : 0
        redirectvrf                 : 0
        l2protect                   : 0
        l2bridgeport                : 0

Current Hardware Usage
    Name: fec
        Estimated Max Entries       : 126976
        Total In-Use                : 43082    (33 %)
        OOR State                   : Green
        Bank Info                   : FEC


       Name: hier_0
           Estimated Max Entries       : 126976
           Total In-Use                : 43082    (33 %)
           OOR State                   : Green
           Bank Info                   : FEC

Verification of EEDB Resources

The router processes several entries and often stores these entries in the form of tables. These tables are further divided into smaller tables. These smaller tables are called as banks. The banks are often named as bank_0, bank_1, bank_2, and so on. Router segregates the entries through these banks.


Note

bank_0 will always be indicated as completely utilized and in Red OOR state on the following routers and line cards:

  • NCS-5501

  • NCS-5501-SE

  • NCS-5502

  • NCS-5502-SE

  • NC55-36x100G

  • NC55-18H18F

  • NC55-24x100G-SE

  • NC55-24H12F-SE

  • NC55-36x100G-S

  • NC55-6x200-DWDM-S

This complete utilization of bank_0 must be ignored since it is reserved for internal usage regardless of the router configuration.

Use show controllers npu resources encap command to verify the usage of EEDB resources.

The OOR State in the output of the show controllers npu resources encap command changes when the router reaches an OOR situation. The OOR State changes from Green to Yellow, and finally to Red depending on the utilization of the EEDB resources. 

Router# show controllers npu resources encap location 1/0/CPU0 
HW Resource Information
		Name                            : encap
		Asic Type                       : Jericho

	NPU-0
	OOR Summary
			Red Threshold               : 95 %
			Yellow Threshold            : 80 %


	OFA Table Information
	(May not match HW usage)
			ipnh                        : 13       
			ip6nh                       : 0        
			mplsnh                      : 0        
			llnh                        : 0        
			srv6nh                      : 0        
			ipvrf                       : 0        
			mplsmdtbud                  : 0        
			iptunnelencap               : 0        
			tep                         : 0        

	Current Hardware Usage
		Name: encap


		   Name: bank_0
			   Estimated Max Entries       : 4096    
			   Total In-Use                : 4096     (100 %)
			   OOR State                   : Red
			   OOR State Change Time       : 2022.Mar.15 05:33:14 UTC
			   Bank Info                   : phase=2 extended=no 


		   Name: bank_1
			   Estimated Max Entries       : 4096    
			   Total In-Use                : 4        (0 %)
			   OOR State                   : Green
			   Bank Info                   : phase=8 extended=no 


		   Name: bank_2
			   Estimated Max Entries       : 4096    
			   Total In-Use                : 0        (0 %)
			   OOR State                   : Green
			   Bank Info                   : phase=0 extended=no 
		  

		   Name: bank_3
			   Estimated Max Entries       : 4096    
			   Total In-Use                : 0        (0 %)
			   OOR State                   : Green
			   Bank Info                   : phase=0 extended=no