Nexus 7k %ACLLOG-4

pjbarbiaux · ‎04-22-2010

Hello,

I've started seeing this message "%ACLLOG-4-ACLLOG_MAXFLOW_REACHED: Maximum limit 100000 reached for number of flows" on a Nexus 7010. The NX-OS Systems Messages Reference only offers this for explanation "The maximum flow has been reached in current interval." That was pretty clear from the name of the message. The Reference also suggests that no action is required, but I'm unconvinced. I'm hoping someone here happens to know more.

Some questions I have are: What is limiting the number of flows? Is this on a per-VDC basis, is it a line card, a supervisor, a configuration option? Perhaps most importantly, what happens to flow 100001?

vvasisth · ‎05-05-2010

This is normal behavior from ACL Logging perspective.  There is no issue in terms of switching packets.

It simply says you have reached the configured maximum cached entries of 1000. You can increase the cache 
entries if you want by using logging level acllog entries . 
What is the customer trying to do? Logging every packet passing through the box? 
Are they attempting a self-DOS?

Typically, customer would have ACL log for denied packets, and in that case these cache entries will not get 
full this fast, unless some sort of DOS or port-scan is happening.

FYI:
Also Acllog keeps printing the summary of all the flows that it has logged at an interval (default 5m).

You can infact make this interval report print at any logging level you want by using the command, 
"acllog match-log-level " now ACLLOG_FLOW_INTERVAL logs gets printed at  
you configured.

Do rate this post if its helpful.

regards,

Varun Vasisth

themrfrank · ‎05-28-2013

have you seen any issues being caused if this error is noticed? Does this error cause the switch to have any performance issues? Trying to better understand if this error is seen excessively what issue may this cause?