<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>ACL applied is only 20 lines long. I have just a handful of ACLs applied elsewhere.<br><br>yes the XMR16 has a load more ports, but that should not cause an issue due to the tiny ACLs I'm using. <br><br>same tcam profile used on all boxes: CAM partitioning profile: multi-service-4<br><br>system max:<br><br>sh run | inc system-max<br>system-max vlan 4095<br>system-max ip-cache 768000<br>system-max ip-route 768000<br>system-max virtual-interface 4095<br>system-max ipv6-cache 32000<br>system-max ipv6-route 32000<br>system-max lsp-out-acl-cam 1000<br><br><br>Thanks<br>Darren<br><a href="http://www.mellowd.co.uk/ccie" target="_blank">http://www.mellowd.co.uk/ccie</a><br><br><br><br><div>> Date: Fri, 24 Jan 2014 09:58:06 -0700<br>> From: ekoyle@gmail.com<br>> To: darrenoc@outlook.com<br>> CC: foundry-nsp@puck.nether.net<br>> Subject: Re: [f-nsp] exceed configured CAM size, larger partition size required<br>> <br>> Which cam-partition profile are you using? How long are your ACLs? I'm<br>> guessing your XMR16 has a lot more ports than any of your XMR4s, so that<br>> could explain why you are having issues there.<br>> <br>> -- <br>> Eldon Koyle<br>> <br>> On Jan 24 9:01+0000, Darren O'Connor wrote:<br>> > Most interfaces have a single IP, some have 2. No more than that<br>> > <br>> > Thanks<br>> > Darren<br>> > http://www.mellowd.co.uk/ccie<br>> > <br>> > <br>> > <br>> > Subject: Re: [f-nsp] exceed configured CAM size, larger partition size required<br>> > From: mtindle@he.net<br>> > Date: Thu, 23 Jan 2014 15:54:25 -0800<br>> > CC: foundry-nsp@puck.nether.net<br>> > To: darrenoc@outlook.com<br>> > <br>> > Check if you have a lot of IP addresses configured on interfaces. The rACL has to be applied for each inbound IP address the router could be listening on. The limited CAM size for rACLs can have an impact if there are a lot of IPs and the ACL is long. <br>> > Regards,Mike<br>> > <br>> > On Jan 23, 2014, at 8:14 AM, Darren O'Connor <darrenoc@outlook.com> wrote:<br>> > <br>> > <br>> > Last weekend we added new receive ACLs to our XMRs. All our XMRs (4, 8, and 16) have identical TCAM profiles set up.<br>> > <br>> > I had applied the new receive ACL to 4 XMR4s with no problems. When applying it to an XMR16 in-band I lost connection to the box. Going through OOB I removed and re-added the ACL. I was shown this error:<br>> > <br>> > Port 16/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 199<br>> > Port 2/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 199<br>> > Port 9/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 199<br>> > Port 6/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 199<br>> > Port 5/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 199<br>> > Port 3/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 199<br>> > Port 1/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 199<br>> > Port 4/1, IP Receive ACL 199 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 199<br>> > <br>> > Port 16/3, IP Receive ACL 180 exceed configured CAM size, larger partition size required.<br>> > Unbinding IP Receive ACL 180<br>> > <br>> > <br>> > Odd, as mentioned all my cam-partitions are identical across all boxes. After this happened I did not try and add it to any other box as it was too disruptive.<br>> > <br>> > Any ideas why I would get this? Currently on 5.4d and was upgrading to 5.4e on the night.<br>> > <br>> > <br>> > Thanks<br>> > Darren<br>> > http://www.mellowd.co.uk/ccie<br>> > <br>> > <br>> > _______________________________________________<br>> > foundry-nsp mailing list<br>> > foundry-nsp@puck.nether.net<br>> > http://puck.nether.net/mailman/listinfo/foundry-nsp<br>> > <br>> > *----------- H U R R I C A N E - E L E C T R I C ---------->><br>> > | Mike Tindle | Senior Network Engineer | mtindle@he.net<br>> > | ASN 6939 | http://www.he.net | 510-580-4126<br>> > *--------------------------------------------------->><br>> > <br>> > <br>> > <br>> <br>> > _______________________________________________<br>> > foundry-nsp mailing list<br>> > foundry-nsp@puck.nether.net<br>> > http://puck.nether.net/mailman/listinfo/foundry-nsp<br>> <br></div> </div></body>
</html>