12-01-2011 03:04 AM - edited 03-04-2019 02:28 PM
I am seeing the following log messages appear on our border edge 7600 router (SUP720-3BXL) The messages seem to appear when tag switching has been enabled on the interface, so somehow related I presume. The MPLS forwarding table is very small however.
Nov 30 14:41:59: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded
Nov 30 14:41:59: %FMCORE-4-RACL_REDUCED: Interface GigabitEthernet1/22 routed traffic will be software switched in ingress direction
Nov 30 14:41:59: %FMCORE-4-RACL_REDUCED: Interface GigabitEthernet1/1 routed traffic will be software switched in ingress direction
Nov 30 14:41:59: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded
Nov 30 14:41:59: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded
Router1#sh tcam counts detail
Used Free Percent Used Reserved
---- ---- ------------ --------
Labels:(in) 4 4092 0
Labels:(eg) 2 4094 0
ACL_TCAM
--------
HI BANK
Masks: 1979 69 96 72
Entries: 15806 578 96 576
LOW BANK
Masks: 2 2046 0 0
Entries: 16 16368 0 0
QOS_TCAM
--------
HI BANK
Masks: 0 2048 0 18
Entries: 0 16384 0 144
LOW BANK
Masks: 4 2044 0 0
Entries: 22 16362 0 0
LOU: 0 128 0
ANDOR: 0 16 0
ORAND: 0 16 0
ADJ: 3 2045 0
I can't see anything that is using up the ACL_TCAM HI BANK using "show tcam global acl" There aren't any ACL's applied to any of the interfaces, or policy-maps. The only ACL's in use are for SNMP, ntp, and VTY. These are very small any way.
Interface Gi1/22, and 1/1 have tag switching enabled.
Router1#show fm summary
Interface: GigabitEthernet1/1 is up
TCAM screening for features: INACTIVE inbound
Interface: GigabitEthernet1/2 is up
TCAM screening for features: ACTIVE inbound
Interface: GigabitEthernet1/22 is up
TCAM screening for features: INACTIVE inbound
Interface: GigabitEthernet1/24 is up
TCAM screening for features: ACTIVE inbound
Interface: VRF_0_vlan1015 is up
TCAM screening for features: ACTIVE inbound
Router1#show platform hardware capacity | b L3
#show platform hardware capacity | b L3
L3 Forwarding Resources
Module FIB TCAM usage: Total Used %Used
5 72 bits (IPv4, MPLS, EoM) 524288 378290 72%
144 bits (IP mcast, IPv6) 262144 8 1%
detail: Protocol Used %Used
IPv4 376213 72%
MPLS 2077 1%
EoM 0 0%
IPv6 2 1%
IPv4 mcast 3 1%
IPv6 mcast 3 1%
Adjacency usage: Total Used %Used
1048576 254 1%
Forwarding engine load:
Module pps peak-pps peak-time
5 4496 35053 04:56:48 UTC Sat Nov 26 2011
The router has a full BGP routing table learned via an upstream (EBGP) peer neighbor, and an IBGP peer. The CPU utilisation seems fine, as is memory usage. CEF seems to be running okay. It's currently running c7600s72033-advipservicesk9-mz.122-33.SRE1.bin
Are prefix lists part of TCAM? Is the router over-resourced holding a full bgp routing table? I'm not sure what else I can investigate.
Solved! Go to Solution.
12-01-2011 08:31 AM
Hi,
it sounds like a tcam leaking bug ... considering you are running SRE1 we have high chances that it is
CSCtg35757 'IPV6 TCAM misprogramming: Incorporating CSCsf17163 and
CSCsh29851 fixes.'
Symptoms:
========
On frequent TCAM programming due to link flaps or interface admin state
changes,IPv6 TCAM entries consumption occurs even in the absence of IPv6
configuration.
Workaround:
==========
Configuring "mls acl tcam share-global" followed by SSO or reload will
help recover from the situation.
========
you can verify by checking
- show tcam counts ipv6
- show tcam glo acl in ipv6
if you see a high value on ipv6 tcam you need to upgrade to SRE2 or later
Riccardo
12-01-2011 08:31 AM
Hi,
it sounds like a tcam leaking bug ... considering you are running SRE1 we have high chances that it is
CSCtg35757 'IPV6 TCAM misprogramming: Incorporating CSCsf17163 and
CSCsh29851 fixes.'
Symptoms:
========
On frequent TCAM programming due to link flaps or interface admin state
changes,IPv6 TCAM entries consumption occurs even in the absence of IPv6
configuration.
Workaround:
==========
Configuring "mls acl tcam share-global" followed by SSO or reload will
help recover from the situation.
========
you can verify by checking
- show tcam counts ipv6
- show tcam glo acl in ipv6
if you see a high value on ipv6 tcam you need to upgrade to SRE2 or later
Riccardo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide