Re: TCAM Allocation Failure

mpr5231 · ‎10-03-2022

Have a pair of N7K switches (hot standby) running 6.1. Adding a PBR to a VLAN interface, one switch accepts the command no problem, the other I get "% Could not apply PBR route-map - Tcam Allocation Failure". Tried rebooting the switch, no change. This is the only PBR on the switches. If I try to apply the PBR map to a different VLAN interface, it works.

We're cutting over to 9k switches next month, so I don't want to spend a ton of time on this, just wondering if there are any quick fixes I can try.

Any input is appreciated.

marce1000 · ‎10-03-2022

- You may try latest advisory release , if feasible and applicable : https://software.cisco.com/download/home/286284485/type/282088129/release/8.4(5)

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

MHM Cisco World · ‎10-03-2022

""" If I try to apply the PBR map to a different VLAN interface"""

I think this not relate to TCAM it relate to set <> under PBR I think,
share the PBR let me check it

mpr5231 · ‎10-04-2022

ip access-list pbr-acl
permit ip host 10.*.*.* any

ip access-list pbr-deny1-acl
permit ip host 10.*.*.* 10.0.0.0/8
ip access-list pbr-deny2-acl
permit ip host 10.*.*.* 172.16.0.0/12
ip access-list pbr-deny3-acl
permit ip host 10.*.*.* 192.168.0.0/16

route-map pbr-map deny 10
match ip address pbr-deny1-acl
route-map pbr-map deny 20
match ip address pbr-deny2-acl
route-map pbr-map deny 30
match ip address pbr-deny3-acl
route-map pbr-map permit 40
match ip address pbr-acl
set ip next-hop 10.*.*.*

int vlan***
ip policy route-map pbr-map

MHM Cisco World · ‎10-04-2022

why I think that this issue about VLAN not NSK ?
you mention that the PBR can apply to other VLAN but this VLAN can not.
for give me little Ack. but I Here try to help you to classify issue
the TCAM in NSK have two TCAM T0 and T1 and each one have Bank B0 and B1

some feature is one TCAM/Bank and other not, this make feature you want to apply can not be in same interface/vlan "sorry".
to be sure try below command add feature you config under VLAN to this command see if it appear in same TCAM/Bank or not.

show hardware access-list input interface feature-combo

MHM

mpr5231 · ‎10-05-2022

Thanks for the reply. If it was an issue with the VLAN, wouldn't the command fail in both switches, not just the one?

The command

show hardware access-list input interface feature-combo

did not work - it gave an error at "interface":

show hardware access-list input ?
config Parsed policy software database
entries Tcam entries
l4ops L4 operations information
merge Tcam entries merge information
redirect Redirect resource information
sampler With sampler details
statistics Aggregate statistics

MHM Cisco World · ‎10-07-2022

show hardware access-list input vlan feature-combo

instead of interface use VLAN

also for other NSK, are you config same feature as this NSK ?
the issue is that if feature like RACL config with PBR and the TCAM bank is mismatch then the config is reject.

mpr5231 · ‎10-10-2022

Hello -

VLAN is not an option either.

SW1# sho hardware access-list input ?
  config     Parsed policy software database
  entries    Tcam entries
  l4ops      L4 operations information
  merge      Tcam entries merge information
  redirect   Redirect resource information
  sampler    With sampler details
  statistics Aggregate statistic

The other switch is getting an identical configuration, the two are running as a hot standby pair.

Thanks for your continued help.