Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Release-note
Extra TCAM entries consumed for ACLs/ACEs which failed during configuration.
ACL modification or attachment failure where the reason for failure (as shown in "show config failed") indicates "out of stats resources" or "out of port range ID". This should happen when running close to the stated limits for ACL statistics (likely only with ACL permit stats enabled and large ACL configurations) or when many large ranges in TCP/UDP port range fields are used. Software Releases Affected: 6.3.15 or 6.2.3
Reload LC.
Some extra TCAM entries could be stranded when a failure occurs during ACL modification or attachment. This should only occur if the failure is due to resource exhaustion of either statistics or range IDs. The stats resources can be monitored via this command: show controllers npu resources stats instance location The port range resources can be monitored via this command: show dpa resources dnxportrange location In most cases, only one additional TCAM entry is stranded per failure. Example: ======= Existing ACL: 3 user-configured ACEs + Implicit Deny ACE = 4 entries consumed in TCAM - trying to add one additional ACE (entry) to the ACL - modification fails due to "out of stats resources" - ACL should only consume 4 entries in TCAM (3 user-defined ACEs + implicit DENY ACE) - one additional entry is consumed (and will be stranded when ACL is removed) in TCAM - this is an artificially induced failure (to show the example), normally the failure would only occur if there are many TCAM entries already consumed by ACL and many stats resources consumed such that we are close to the stats limit and may run out RP/0/RP0/CPU0:ios#conf t Sat Dec 16 00:01:28.177 UTC RP/0/RP0/CPU0:ios(config)# ipv4 access-list test-acl-ipv4 RP/0/RP0/CPU0:ios(config-ipv4-acl)# 100 deny udp any eq 10 any RP/0/RP0/CPU0:ios(config-ipv4-acl)#end Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:yes % Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed [inheritance]' from this session to view the errors RP/0/RP0/CPU0:ios(config)#show config failed Sat Dec 16 00:01:32.515 UTC !! SEMANTIC ERRORS: This configuration was rejected by !! the system due to semantic errors. The individual !! errors with each failed configuration command can be !! found below. ipv4 access-list test-acl-ipv4 100 deny udp any eq 10 any !!% BCM SDK - Out of Stats Counters: Following processes are out of resources !!% process : pfilter_ea pid : 3673 node : node0_3_CPU0 rc :'DPA' detected the 'warning' condition 'BCM SDK - Out of Stats Counters' ! end RP/0/RP0/CPU0:ios(config)#end Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:no RP/0/RP0/CPU0:ios#show dpa resources ipacl location 0/3/CPU0 Sat Dec 16 00:01:44.714 UTC "ipacl" DPA Table (Id: 60, Scope: Non-Global) -------------------------------------------------- NPU ID: NPU-0 NPU-1 In Use: 0 4 <- existing 4 entries Create Requests Total: 0 5 Success: 0 4 Delete Requests Total: 0 0 Success: 0 0 Update Requests Total: 0 0 Success: 0 0 EOD Requests Total: 0 0 Success: 0 0 Errors HW Failures: 0 1 <- failed entry addition Resolve Failures: 0 0 No memory in DB: 0 0 Not found in DB: 0 0 Exists in DB: 0 0 RP/0/RP0/CPU0:ios#show controllers npu internaltcam location 0/3/CPU0 Sat Dec 16 00:01:52.718 UTC Internal TCAM Resource Information ============================================================= NPU Bank Entry Owner Free Per-DB DB DB Id Size Entries Entry ID Name ============================================================= 0 0\1 320b pmf-0 2014 28 7 INGRESS_LPTS_IPV4 0 0\1 320b pmf-0 2014 2 12 INGRESS_RX_ISIS 0 0\1 320b pmf-0 2014 2 32 INGRESS_QOS_IPV6 0 0\1 320b pmf-0 2014 2 34 INGRESS_QOS_L2 0 2 160b pmf-0 2044 2 31 INGRESS_QOS_IPV4 0 2 160b pmf-0 2044 1 33 INGRESS_QOS_MPLS 0 2 160b pmf-0 2044 1 42 INGRESS_ACL_L2 0 3 160b egress_acl 2032 16 4 EGRESS_QOS_MAP 0 4\5 320b pmf-1 2024 24 8 INGRESS_LPTS_IPV6 0 6 160b Free 2048 0 0 0 7 160b Free 2048 0 0 0 8 160b Free 2048 0 0 0 9 160b Free 2048 0 0 0 10 160b Free 2048 0 0 0 11 160b Free 2048 0 0 0 12\13 320b pmf-1 87 41 11 INGRESS_RX_L2 0 14 160b pmf-0 82 3 10 INGRESS_DHCP 0 14 160b pmf-0 82 1 13 INGRESS_MCAST_IPV4_ASM 0 14 160b pmf-0 82 13 26 INGRESS_MPLS 0 14 160b pmf-0 82 1 41 INGRESS_EVPN_AA_ESI_TO_FBN_DB 0 14 160b pmf-0 82 28 79 INGRESS_BFD_IPV4_NO_DESC_TCAM_T 0 15 160b Free 128 0 0 1 0\1 320b pmf-0 2014 28 7 INGRESS_LPTS_IPV4 1 0\1 320b pmf-0 2014 2 12 INGRESS_RX_ISIS 1 0\1 320b pmf-0 2014 2 32 INGRESS_QOS_IPV6 1 0\1 320b pmf-0 2014 2 34 INGRESS_QOS_L2 1 2 160b pmf-0 2044 2 31 INGRESS_QOS_IPV4 1 2 160b pmf-0 2044 1 33 INGRESS_QOS_MPLS 1 2 160b pmf-0 2044 1 42 INGRESS_ACL_L2 1 3 160b egress_acl 2032 16 4 EGRESS_QOS_MAP 1 4\5 320b pmf-1 2024 24 8 INGRESS_LPTS_IPV6 1 6 160b pmf-0 2043 5 16 INGRESS_ACL_L3_IPV4 <- 5 entries in TCAM (extra entry) 1 7 160b Free 2048 0 0 1 8 160b Free 2048 0 0 1 9 160b Free 2048 0 0 1 10 160b Free 2048 0 0 1 11 160b Free 2048 0 0 1 12\13 320b pmf-1 87 41 11 INGRESS_RX_L2 1 14 160b pmf-0 82 3 10 INGRESS_DHCP 1 14 160b pmf-0 82 1 13 INGRESS_MCAST_IPV4_ASM 1 14 160b pmf-0 82 13 26 INGRESS_MPLS 1 14 160b pmf-0 82 1 41 INGRESS_EVPN_AA_ESI_TO_FBN_DB 1 14 160b pmf-0 82 28 79 INGRESS_BFD_IPV4_NO_DESC_TCAM_T 1 15 160b Free 128 0