[c-nsp] C4K_PKTPROCESSING-5-NOTAPPLYINGACL

David Freedman david.freedman at uk.clara.net
Thu May 21 10:59:01 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ibrahim:

- - No QoS
- - V.small outbound ACL
- - Low load / CPU
- - Low traffic

 think it may be a CAM programming issue, am going to capture a textual
representation of the ACLents in the CAM with the command

show platform hardware acl <dir> entries interface <int> all

and compare it to the textual ACL applied (or supposedly applied) and
try and do this from an EEM applet, this should give me a diff of the
two and I can then see which entries don't make it to the CAM and for
how long.

Will keep you all updated as I progress (first step to get EEM on the box!!)

Mant thanks to richard for pointing me in the right direction here.

Dave.


Ibrahim Abo Zaid wrote:
> Hi David
> 
> from Cisco
> 
> 
> Error Message    C4K_PKTPROCESSING-5-NOTAPPLYINGACL:Not applying
> [input/output] Acl
> for packet [packet-info]
> 
> Explanation    The software has not taken the ACL actions because it could
> not determine the correct ACL entry indicated by the hardware. The
> hardware-provided index of the ACL content addressable memory (CAM)
> indicates that the software needs to take the actions for the entry at that
> index. If the packet was queued in the hardware before being processed by
> the software, the index is out-of-date.
> Recommended Action    This message is informational only. No action is
> required.
> 
> the only thing i am wondering about is ACL HW-Index is temp and has
> expiration timer ?
> 
> so do have any QoS policy applied at the same interface ? do u have any CPU
> problem on this gear ?
> 
> 
> best regards
> --Ibrahim
> 
> On Wed, May 20, 2009 at 4:03 PM, David Freedman <david.freedman at uk.clara.net
>> wrote:
> 
> No ACL changes being made at the time, a block of these occur randomly
> at once, could there be a CAM problem?
> 
> Dave.
> 
> Richard Gallagher wrote:
>>>> David,
>>>>
>>>> How often did the message occur? Were any ACL changes being made at the
>>>> time?
>>>>
>>>> Rich
>>>>
>>>> On 20 May 2009, at 01:35, David Freedman wrote:
>>>>
>>>>> Anybody seen these messages occur frequently?
>>>>>
>>>>>> May 18 09:19:31 box 575: May 18 08:20:37 UTC:
>>>>>> %C4K_PKTPROCESSING-5-NOTAPPLYINGACL: Not applying Output Acl for packet
>>>>>> udp srcHost 1.1.1.1 dstHost 2.2.2.2 tos 0 srcPort 934
>>>>>> dstPort 2049
>>>>> According the error decoder, they are CAM programming issue but that
>>>>> is about the level
>>>>> of detail it goes into, I would infer from this that they should only
>>>>> be seen rarely
>>>>> but I'm starting to see them frequently, box is 4948 running
>>>>> 12.2(25)EWA10, bugtool
>>>>> as usual has nothing.
>>>>>
>>>>> Any pointers appreciated.
>>>>>
>>>>> Regards,
>>>>>
>>>>> ------------------------------------------------
>>>>> David Freedman
>>>>> Group Network Engineering
>>>>> Claranet Limited
>>>>> http://www.clara.net
>>>>>
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
 _______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoVbDUACgkQtFWeqpgEZrLQ2ACguoFB8AMRPfLAmLfdpNdfVYLI
a8kAoM+f7K4y1yD/F5BIl9x9cZv/Mo0/
=8w6Z
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list