08-12-2020 01:18 PM
Hello community,
trying to refresh one of our policies, but I am getting this error. Have you met similar problem? I tried to find out, what this error means. But without success.
Error: Refresh failed for policy 'xxx'- ACL install operation failed - vlan *, port 21, rule "yyy", No resources for operation
X460g2 with ExtremeXOS version 21.1.4.4 21.1.4.4-patch1-7
Thanks.
3 weeks ago
Anyone had found solution? I am faceing same problem with and i am on version 31.7.2.28.
08-14-2020 08:37 AM
Hi Tomasz,
thanks for reply. I have 17 entries in the policy. If I add 18th entry like bellow (just matching VLAN), I get mentioned refresh error. It looks there is enough space in slices, see the show command bellow.
First two entries looks like this:
entry entry1 {
if {
vlan-id xxx;
ethernet-destination-address 01:00:0c:cc:cc:cd;
destination-sap 0xaa;
source-sap 0xaa;
} then {
replace-ethernet-destination-address 01:00:0c:cd:cd:d0;
count stp-pvstplus-encap ;
}
}
The rest looks like this:
entry entry3 {
if {
vlan-id xxx;
} then {
meter meter1;
}
}
show access-list usage acl-rule port 21
Ports 1-34
Total Rules:
INGRESS
Used: 865 Available: 3231
EGRESS
Used: 2 Available: 1022
LOOKUP
Used: 0 Available: 2048
EXTERNAL
Used: 0 Available: 0
show access-list usage acl-slice port 21
Ports 1-34
Stage: INGRESS
Slices: Used: 11 Available: 5
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 4) Rules: Used: 0 Available: 256
Virtual Slice 5 (physical slice 5) Rules: Used: 2 Available: 254 VLAN statistics
Virtual Slice 6 (physical slice 6) Rules: Used: 12 Available: 244 system
Virtual Slice 7 (physical slice 7) Rules: Used: 1 Available: 255 system
Virtual Slice 8 (physical slice 😎 Rules: Used: 76 Available: 180 system
Virtual Slice 9 (physical slice 9) Rules: Used: 10 Available: 246 system
Virtual Slice 10 (physical slice 10) Rules: Used: 130 Available: 126 user/other
Virtual Slice 11 (physical slice 11) Rules: Used: 127 Available: 129 user/other
Virtual Slice 12 (physical slice 12) Rules: Used: 125 Available: 131 user/other
Virtual Slice 13 (physical slice 13) Rules: Used: 128 Available: 128 user/other
Virtual Slice 14 (physical slice 14) Rules: Used: 128 Available: 128 user/other
Virtual Slice 15 (physical slice 15) Rules: Used: 126 Available: 130 user/other
Stage: EGRESS
Slices: Used: 1 Available: 3
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256
Virtual Slice 3 (physical slice 3) Rules: Used: 2 Available: 254 VLAN statistics
Stage: LOOKUP
Slices: Used: 0 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 512
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 512
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 512
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 512
Stage: EXTERNAL
Virtual Slice : (*) Physical slice not allocated to any virtual slice.
08-12-2020 04:21 PM
Hi Michal,
First thing I’d check is what new ACL matching criteria have been introduced? The hardware defines TCAM slices based on some groups of compatible criteria, each TCAM slice for ACLs in the hardware is constrained for optimization. In that case too many slices can be reserved for some system features or some new matching conditions came that require allocate a new slice but no free slice.
For further reading on hardware allocation of ACLs I’d recommend ACL chapter of EXOS User Guide: https://documentation.extremenetworks.com/exos_30.6/downloads/EXOS_User_Guide_30_6.pdf
Oh, and consider upgrading if possible, a lot of nice things have happened since 21.1. 🙂
Hope that helps,
Tomasz