To optimize both scale and performance, policy entries configured by the operator are compressed by each FP4 line card before being installed in hardware.
This compression can result, in an unexpected scenario typically only achieved in a lab environment, in an overload condition for a specified FP CAM line card. This overload condition can occur when applying a filter policy for the first time on a line card FP or when adding entries to a filter policy.
For a line card ACL filter, the system raises a trap if a specified FP CAM utilization goes beyond 85% utilization.
Applying a Filter Policy
A policy is installed for the first time on a line card FP if no router interface, service interface, SAP, spoke SDP, mesh SDP, or ESM subscriber host was using the policy on this FP.
A policy installed for the first time on a line card FP can lead to a compression failure resulting in an overload condition for this policy on this FP CAM. In this case, none of the entries for the affected filter policy are programmed and traffic is forwarded as if no filter was installed.
Adding Filter Entries
Adding an additional entry to a filter policy can lead to a compression failure resulting in an overload condition.
In this case, the newly added entry is not programmed on the affected FP CAM. Additional entries added to the same policy after the first overload condition are also not programmed on the affected FP CAM as the system attempts to install all outstanding additions in order.
A trap is raised when an overload condition occurs. After the first overload event is detected for a specified ACL FP CAM, the CPM interactively rejects the addition of filter policies or filter entries applied to the same FP CAM, therefore providing an interactive error message to the operator or the dynamic provisioning interfaces such as RADIUS.
The filter resource management task on the CPM controls the maximum number of filter entries per FP. If the operator attempts to go over the scaling limit, the system returns an interactive error message. This mechanism is independent from the overload state of the FP CAM.
Removing Filter Entries
Removing filter entries from a filter policy is always accepted and is used to resolve the overload events.
Resolving Overload
The overload condition should be resolved by the network operator before adding new entries or policies in the affected FP CAM.
To identify the affected policy, the system logs the overload event providing slot number, FP number, and impacted CAM. Based on this information, the tools>dump>filter>overload command allows the operator to identify the affected policy and policy entries in the system that cannot be programmed on a specific FP CAM.
To resolve the overload condition, the network operator can remove the newly added entries from the affected policy or assign a different policy.