[f-nsp] exceed configured CAM size, larger partition size required

Mike Tindle mtindle at he.net
Thu Jan 23 18:54:25 EST 2014


Check if you have a lot of IP addresses configured on interfaces.  The rACL has to be applied for each inbound IP address the router could be listening on.  The limited CAM size for rACLs can have an impact if there are a lot of IPs and the ACL is long.  

Regards,
Mike


On Jan 23, 2014, at 8:14 AM, Darren O'Connor <darrenoc at outlook.com> wrote:

> Last weekend we added new receive ACLs to our XMRs. All our XMRs (4, 8, and 16) have identical TCAM profiles set up.
> 
> I had applied the new receive ACL to 4 XMR4s with no problems. When applying it to an XMR16 in-band I lost connection to the box. Going through OOB I removed and re-added the ACL. I was shown this error:
> 
> Port 16/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 199
> Port 2/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 199
> Port 9/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 199
> Port 6/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 199
> Port 5/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 199
> Port 3/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 199
> Port 1/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 199
> Port 4/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 199
> 
> Port 16/3, IP Receive ACL 180 exceed configured CAM size, larger partition size required.
> Unbinding IP Receive ACL 180
> 
> 
> Odd, as mentioned all my cam-partitions are identical across all boxes. After this happened I did not try and add it to any other box as it was too disruptive.
> 
> Any ideas why I would get this? Currently on 5.4d and was upgrading to 5.4e on the night.
> 
> 
> Thanks
> Darren
> http://www.mellowd.co.uk/ccie
> 
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

*----------- H U R R I C A N E - E L E C T R I C ---------->>
| Mike Tindle | Senior Network Engineer | mtindle at he.net
| ASN 6939 | http://www.he.net | 510-580-4126
*--------------------------------------------------->>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20140123/33c8b871/attachment.html>


More information about the foundry-nsp mailing list