On platforms that compile policy-maps into TCAM entries, there will be pre-defined limits on how many different policy-maps can be applied to interfaces. This limit comes from the static "carving" of TCAM resources into different regions for different usages: FIB, ACL, QoS, etc. The different regions are not dynamically fungible in that, for example, unused FIB entries cannot be used for QoS purposes. Some systems support re-carving the TCAM to optimize for different use-cases by allowing particular resource "profiles"  to be configured, but this usually requires a reboot to take effect.

Platforms that forward in software (ie, CPU-based forwarding) typically do not use TCAMs for FIB/ACL/QoS/etc lookups and so the number of class-maps & policy-maps need only be limited by RAM size. Platforms with ASIC/NPU forwarding often use TCAMs and have these hardware limits. It should be noted that even in ASIC/NPU platforms, usually class-maps and policy-maps occupy only RAM until they are actually applied to an interface with a service-policy command, and so the number of such maps should be limited only by RAM until then. It is at the time of interface application of the service policies that, typically, the QoS config is compiled into actual TCAM entries.

Hi Fireman,

I am not really familiar with the 4100 series of firewalls, but given the throughput of the 4145 (up to 80Gbps) listed in its datasheet, it almost certainly forwards in hardware. My assumption is that the issue is with consumption of some specialized (ie, expensive) memory resource, either TCAM or static RAM, and not with exhaust of dynamic RAM (the 384GB). XE/XR/NXOS switches & routers usually do have commands to show TCAM resource consumption, but I do not know an equivalent command for the 4100.

Guys! What about FMC, when I will deploy from there can I fix this issue?

Why will happen with Qos policy limitations? thanks for any response!