IP Routing on Cisco IE-3000

IP Routing on Cisco IE-3000

IP Routing on Cisco IE-3000

I was upgrading a Cisco IE-3000-4TC switch from LANBASE to IPSERVICES for a customer in order to convert the switch to a Layer 3 device. You need to buy an upgrade license from your local Cisco Partner, and then change the IOS from lanbase to ipservices just as any other switch. But it didn’t turn out the way I expected…

After the device has rebooted and is running the correct IPSERVICES image, I tried to enable unicast routing with the command “ip routing” as on all other Cisco IOS/IOS-XE devices, but no luck – the command was not there??? What??? A L3 capable switch running IPSERVICES and the ip routing command is not there? I was puzzled…

 

Switch Ports Model           SW Version   SW Image
------ ----- -----           ----------   ----------
*    1    14 IE-3000-4TC     15.2(4)EA5   IES-IPSERVICESK9-M


Configuration register is 0xF

sw-vvhv-ie3000-1#


sw-vvhv-ie3000-1(config)#ip routing
                             ^
% Invalid input detected at '^' marker.

 

I started looking into release notes and configuration guides to see if this was a bug or something.

In the release notes for 15.2.1EY there is a note about SDM templates, stating that in the default SDM template for the platform, ip routing is no longer enabled.

http://www.cisco.com/c/en/us/td/docs/switches/lan/cisco_ie3000/software/release/15-2_1_EY/release/notes/ie3k_15-2_1_EY.html#pgfId-85472

Well, that should be an easy fix, so I changed the SDM template to “dual-ipv4-and-ipv6 default”

sw-vvhv-ie3000-1(config)#sdm prefer dual-ipv4-and-ipv6

Next, rebooted the switch and now the ip routing command was available and everything looked happy happy – for a while.

2 minutes after bringing up a SVI, the following log message was thrown.

May 15 06:22:49.457: %PLATFORM_UCAST-4-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded

The switch was now a Layer 3 switch with routing enabled, but it could not hardware forward the traffic, which is not good. The command “show platform ip unicast failed route” shows the routes that could not be programmed into the TCAM. Here it shows the 3 directly connected routes to the SVIs of the switch.

sw-vvhv-ie3000-1#sh platform ip unicast failed route
Total of 0 covering fib entries
Entries covered by Actual default route(0.0.0.0/0)
      172.20.101.0/27 Tbl:0 : Cover:0.0.0.0/0 Tbl:0
      172.20.101.64/27 Tbl:0 : Cover:0.0.0.0/0 Tbl:0
      172.20.101.32/27 Tbl:0 : Cover:0.0.0.0/0 Tbl:0
 Total of 3 entries covered by 0.0.0.0/0 Tbl:0

sw-vvhv-ie3000-1#
sw-vvhv-ie3000-1#sh ip int brief | ex una
Interface     IP-Address      OK? Method   Status    Protocol
Vlan346       172.20.101.1    YES NVRAM    up        up
Vlan347       172.20.101.33   YES NVRAM    up        up
Vlan348       172.20.101.65   YES NVRAM    up        up

What was wrong? The SDM template I choose was the wrong template. It did indeed enable unicast routing, but it did not make any room in the TCAM for unicast rounting, as the template output shows.

sw-vvhv-ie3000-1#sh sdm prefer
 The current template is "dual-ipv4-and-ipv6 default" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 0 routed interfaces and 1024 VLANs.

 number of unicast mac addresses:                 7.5K
 number of IPv4 IGMP groups + multicast routes:   0.25K
 number of IPv4 unicast routes:                   0
 number of IPv6 multicast groups:                 0.375k
 number of IPv6 unicast routes:                   0
   number of directly-connected IPv6 addresses:   0
   number of indirect IPv6 unicast routes:        0
 number of IPv4 policy based routing aces:        0
 number of IPv4/MAC qos aces:                     0.375k
 number of IPv4/MAC security aces:                0.375k
 number of IPv6 policy based routing aces:        0
 number of IPv6 qos aces:                         20
 number of IPv6 security aces:                    77

sw-vvhv-ie3000-1#

The correct template is “routing” – obvious, right?

sw-vvhv-ie3000-1(config)#sdm prefer routing

Reload once more to make the SDM change take effect.

sw-vvhv-ie3000-1#sh sdm prefer
 The current template is "routing" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:                  1.5K
 number of IPv4 IGMP groups + multicast routes:   1K
 number of IPv4 unicast routes:                   5K
    number of directly-connected IPv4 hosts:      1.5K
    number of indirect IPv4 routes:               3.5K
 number of IPv6 multicast groups:                 0
 number of IPv6 unicast routes:                   0
    number of directly-connected IPv6 addresses:  0
    number of indirect IPv6 unicast routes:       0
 number of IPv4 policy based routing aces:        0.5K
 number of IPv4/MAC qos aces:                     0.375k
 number of IPv4/MAC security aces:                0.375k
 number of IPv6 policy based routing aces:        0
 number of IPv6 qos aces:                         20
 number of IPv6 security aces:                    25

sw-vvhv-ie3000-1#

Now – at last – everything IS good… 🙂

sw-vvhv-ie3000-1#sh platform ip unicast failed route
Total of 0 covering fib entries

sw-vvhv-ie3000-1#

No more nasty log entries saying the switch will do software forwarding of routed packets… 😉