Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

7600 %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

I am seeing the following log messages appear on our border edge 7600 router (SUP720-3BXL)  The messages seem to appear when tag switching has been enabled on the interface, so somehow related I presume.  The MPLS forwarding table is very small however.

Nov 30 14:41:59: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Nov 30 14:41:59: %FMCORE-4-RACL_REDUCED: Interface GigabitEthernet1/22 routed traffic will be software switched in ingress direction

Nov 30 14:41:59: %FMCORE-4-RACL_REDUCED: Interface GigabitEthernet1/1 routed traffic will be software switched in ingress direction

Nov 30 14:41:59: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Nov 30 14:41:59: %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Router1#sh tcam counts detail

           Used        Free        Percent Used       Reserved

           ----        ----        ------------       --------

Labels:(in)  4        4092            0

Labels:(eg)  2        4094            0

ACL_TCAM

--------

HI BANK

  Masks:   1979          69           96                    72

Entries:  15806         578           96                   576

LOW BANK

  Masks:      2        2046            0                     0

Entries:     16       16368            0                     0

QOS_TCAM

--------

HI BANK

  Masks:      0        2048            0                    18

Entries:      0       16384            0                   144

LOW BANK

  Masks:      4        2044            0                     0

Entries:     22       16362            0                     0

    LOU:      0         128            0

  ANDOR:      0          16            0

  ORAND:      0          16            0

    ADJ:      3        2045            0

I can't see anything that is using up the ACL_TCAM HI BANK using "show tcam global acl"  There aren't any ACL's applied to any of the interfaces, or policy-maps.  The only ACL's in use are for SNMP, ntp, and VTY.  These are very small any way. 

Interface Gi1/22, and 1/1 have tag switching enabled. 

Router1#show fm summary

Interface: GigabitEthernet1/1 is up

  TCAM screening for features: INACTIVE inbound

Interface: GigabitEthernet1/2 is up

  TCAM screening for features: ACTIVE inbound

Interface: GigabitEthernet1/22 is up

  TCAM screening for features: INACTIVE inbound

Interface: GigabitEthernet1/24 is up

  TCAM screening for features: ACTIVE inbound

Interface: VRF_0_vlan1015 is up

  TCAM screening for features: ACTIVE inbound

Router1#show platform hardware capacity | b L3

#show platform hardware capacity | b L3

L3 Forwarding Resources

Module              FIB TCAM usage:                     Total        Used     %Used

   5                     72 bits (IPv4, MPLS, EoM)      524288      378290     72%

                        144 bits (IP mcast, IPv6)      262144            8      1%

                     detail:      Protocol                    Used       %Used

                                  IPv4                      376213         72%

                                  MPLS                        2077          1%

                                  EoM                            0          0%

                                  IPv6                           2          1%

                                  IPv4 mcast                     3          1%

                                  IPv6 mcast                     3          1%

            Adjacency usage:                     Total        Used       %Used

                                               1048576         254          1%

     Forwarding engine load:

                     Module       pps   peak-pps                     peak-time

                     5           4496      35053  04:56:48 UTC Sat Nov 26 2011

The router has a full BGP routing table learned via an upstream (EBGP) peer neighbor, and an IBGP peer.  The CPU utilisation seems fine, as is memory usage.  CEF seems to be running okay.  It's currently running c7600s72033-advipservicesk9-mz.122-33.SRE1.bin

Are prefix lists part of TCAM?  Is the router over-resourced holding a full bgp routing table?  I'm not sure what else I can investigate.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

7600 %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Hi,

it sounds like a tcam leaking bug ... considering you are running SRE1 we have high chances that it is

CSCtg35757    'IPV6 TCAM misprogramming: Incorporating CSCsf17163 and

CSCsh29851 fixes.'

Symptoms:

========

On frequent TCAM programming due to link flaps or interface admin state

changes,IPv6 TCAM entries consumption occurs even in the absence of IPv6

configuration.

Workaround:

==========

Configuring "mls acl tcam share-global" followed by SSO or reload will

help recover from the situation.

========

you can verify by checking

- show tcam counts  ipv6

- show tcam glo acl in ipv6

if you see a high value on ipv6 tcam you need to upgrade to SRE2 or later

Riccardo

1 REPLY
Cisco Employee

7600 %FM-4-TCAM_ENTRY: Hardware TCAM entry capacity exceeded

Hi,

it sounds like a tcam leaking bug ... considering you are running SRE1 we have high chances that it is

CSCtg35757    'IPV6 TCAM misprogramming: Incorporating CSCsf17163 and

CSCsh29851 fixes.'

Symptoms:

========

On frequent TCAM programming due to link flaps or interface admin state

changes,IPv6 TCAM entries consumption occurs even in the absence of IPv6

configuration.

Workaround:

==========

Configuring "mls acl tcam share-global" followed by SSO or reload will

help recover from the situation.

========

you can verify by checking

- show tcam counts  ipv6

- show tcam glo acl in ipv6

if you see a high value on ipv6 tcam you need to upgrade to SRE2 or later

Riccardo

3881
Views
0
Helpful
1
Replies
CreatePlease login to create content