Shared Interface Usage Examples
See the following tables for examples of interface sharing and scalability. The below scenarios assume use of one physical/EtherChannel interface for management shared across all instances, and another physical or EtherChannel interface with dedicated subinterfaces for use with High Availability.
Firepower 9300 with Three SM-44s
The following table applies to three SM-44 security modules on a 9300 using only physical interfaces or EtherChannels. Without subinterfaces, the maximum number of interfaces are limited. Moreover, sharing multiple physical interfaces uses more forwarding table resources than sharing multiple subinterfaces.
Each SM-44 module can support up to 14 instances. Instances are split between modules as necessary to stay within limits.
|
Dedicated Interfaces |
Shared Interfaces |
Number of Instances |
% Forwarding Table Used |
|---|---|---|---|
|
32:
|
0 |
4:
|
16% |
|
30:
|
0 |
2:
|
14% |
|
14:
|
1 |
14:
|
46% |
|
33:
|
3:
|
33:
|
98% |
|
33:
|
3:
|
34:
|
102% DISALLOWED |
|
30:
|
1 |
6:
|
25% |
|
30:
|
3:
|
6:
|
23% |
|
30:
|
2 |
5:
|
28% |
|
30:
|
4:
|
5:
|
26% |
|
24:
|
7 |
4:
|
44% |
|
24:
|
14:
|
4:
|
41% |
The following table applies to three SM-44 security modules on a 9300 using subinterfaces on a single parent physical interface. For example, create a large EtherChannel to bundle all of your like-kind interfaces together, and then share subinterfaces of that EtherChannel. Sharing multiple physical interfaces uses more forwarding table resources than sharing multiple subinterfaces.
Each SM-44 module can support up to 14 instances. Instances are split between modules as necessary to stay within limits.
|
Dedicated Subinterfaces |
Shared Subinterfaces |
Number of Instances |
% Forwarding Table Used |
|---|---|---|---|
|
168:
|
0 |
42:
|
33% |
|
224:
|
0 |
14:
|
27% |
|
14:
|
1 |
14:
|
46% |
|
33:
|
3:
|
33:
|
98% |
|
70:
|
1 |
14:
|
46% |
|
165:
|
3:
|
33:
|
98% |
|
70:
|
2 |
14:
|
46% |
|
165:
|
6:
|
33:
|
98% |
|
70:
|
10 |
14:
|
46% |
|
165:
|
30:
|
33:
|
102% DISALLOWED |
Firepower 9300 with One SM-44
The following table applies to the Firepower 9300 with one SM-44 using only physical interfaces or EtherChannels. Without subinterfaces, the maximum number of interfaces are limited. Moreover, sharing multiple physical interfaces uses more forwarding table resources than sharing multiple subinterfaces.
The Firepower 9300 with one SM-44 can support up to 14 instances.
|
Dedicated Interfaces |
Shared Interfaces |
Number of Instances |
% Forwarding Table Used |
|---|---|---|---|
|
32:
|
0 |
4:
|
16% |
|
30:
|
0 |
2:
|
14% |
|
14:
|
1 |
14:
|
46% |
|
14:
|
2:
|
14:
|
37% |
|
32:
|
1 |
4:
|
21% |
|
32:
|
2 |
4:
|
20% |
|
32:
|
2 |
4:
|
25% |
|
32:
|
4:
|
4:
|
24% |
|
24:
|
8 |
3:
|
37% |
|
10:
|
10 |
5:
|
69% |
|
10:
|
20:
|
5:
|
59% |
|
14:
|
10 |
7:
|
109% DISALLOWED |
The following table applies to the Firepower 9300 with one SM-44 using subinterfaces on a single parent physical interface. For example, create a large EtherChannel to bundle all of your like-kind interfaces together, and then share subinterfaces of that EtherChannel. Sharing multiple physical interfaces uses more forwarding table resources than sharing multiple subinterfaces.
The Firepower 9300 with one SM-44 can support up to 14 instances.
|
Dedicated Subinterfaces |
Shared Subinterfaces |
Number of Instances |
% Forwarding Table Used |
|---|---|---|---|
|
112:
|
0 |
14:
|
17% |
|
224:
|
0 |
14:
|
17% |
|
14:
|
1 |
14:
|
46% |
|
14:
|
2:
|
14:
|
37% |
|
112:
|
1 |
14:
|
46% |
|
112:
|
2:
|
14:
|
37% |
|
112:
|
2 |
14:
|
46% |
|
112:
|
4:
|
14:
|
37% |
|
140:
|
10 |
14:
|
46% |
|
140:
|
20:
|
14:
|
37% |