[f-nsp] exceed configured CAM size, larger partition size required

Kennedy, Joseph Joseph.Kennedy at purchase.edu
Fri Jan 24 14:20:43 EST 2014


Are you using the same line cards in the XMR4 as you are in the XMR8's and XMR16's?

Are you using tcp/udp port ranges in the ACL in question? (I believe every tcp/udp port in the range may require its own CAM entry)

--JK

-----Original Message-----
From: foundry-nsp [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Darren O'Connor
Sent: Friday, January 24, 2014 1:05 PM
To: Eldon Koyle
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] exceed configured CAM size, larger partition size required

ACL applied is only 20 lines long. I have just a handful of ACLs applied elsewhere.

yes the XMR16 has a load more ports, but that should not cause an issue due to the tiny ACLs I'm using. 

same tcam profile used on all boxes: CAM partitioning profile: multi-service-4

system max:

sh run | inc system-max
system-max vlan 4095
system-max ip-cache 768000
system-max ip-route 768000
system-max virtual-interface 4095
system-max ipv6-cache 32000
system-max ipv6-route 32000
system-max lsp-out-acl-cam 1000


Thanks
Darren
http://www.mellowd.co.uk/ccie




> Date: Fri, 24 Jan 2014 09:58:06 -0700
> From: ekoyle at gmail.com
> To: darrenoc at outlook.com
> CC: foundry-nsp at puck.nether.net
> Subject: Re: [f-nsp] exceed configured CAM size, larger partition size 
> required
> 
> Which cam-partition profile are you using? How long are your ACLs? I'm 
> guessing your XMR16 has a lot more ports than any of your XMR4s, so 
> that could explain why you are having issues there.
> 
> --
> Eldon Koyle
> 
> On Jan 24 9:01+0000, Darren O'Connor wrote:
> > Most interfaces have a single IP, some have 2. No more than that
> > 
> > Thanks
> > Darren
> > http://www.mellowd.co.uk/ccie
> > 
> > 
> > 
> > Subject: Re: [f-nsp] exceed configured CAM size, larger partition 
> > size required
> > From: mtindle at he.net
> > Date: Thu, 23 Jan 2014 15:54:25 -0800
> > CC: foundry-nsp at puck.nether.net
> > To: darrenoc at outlook.com
> > 
> > Check if you have a lot of IP addresses configured on interfaces. The rACL has to be applied for each inbound IP address the router could be listening on. The limited CAM size for rACLs can have an impact if there are a lot of IPs and the ACL is long. 
> > Regards,Mike
> > 
> > On Jan 23, 2014, at 8:14 AM, Darren O'Connor <darrenoc at outlook.com> wrote:
> > 
> > 
> > Last weekend we added new receive ACLs to our XMRs. All our XMRs (4, 8, and 16) have identical TCAM profiles set up.
> > 
> > I had applied the new receive ACL to 4 XMR4s with no problems. When applying it to an XMR16 in-band I lost connection to the box. Going through OOB I removed and re-added the ACL. I was shown this error:
> > 
> > Port 16/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 199
> > Port 2/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 199
> > Port 9/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 199
> > Port 6/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 199
> > Port 5/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 199
> > Port 3/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 199
> > Port 1/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 199
> > Port 4/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 199
> > 
> > Port 16/3, IP Receive ACL 180 exceed configured CAM size, larger partition size required.
> > Unbinding IP Receive ACL 180
> > 
> > 
> > Odd, as mentioned all my cam-partitions are identical across all boxes. After this happened I did not try and add it to any other box as it was too disruptive.
> > 
> > Any ideas why I would get this? Currently on 5.4d and was upgrading to 5.4e on the night.
> > 
> > 
> > Thanks
> > Darren
> > http://www.mellowd.co.uk/ccie
> > 
> > 
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> > 
> > *----------- H U R R I C A N E - E L E C T R I C ---------->>
> > | Mike Tindle | Senior Network Engineer | mtindle at he.net ASN 6939 | 
> > | http://www.he.net | 510-580-4126
> > *--------------------------------------------------->>
> > 
> > 
> > 
> 
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> 





More information about the foundry-nsp mailing list