av在线亚洲中文幕,性色在线网站,国产农村妇女毛片精品视频,免费日本网站久久,精品人妻无码视频一区二区三区,国产精品久久久久久69,手机av在线影音,亚洲精品视频在线看

S9706 acl策略下發(fā)失敗

2014/12/14 13:52:08點擊：

問題描述

9706設(shè)備含3塊板，其中2個48口板out方向支持1k的ACL，24口板ACL容量為512，，acl在vlan出方向使用。當(dāng)acl用到500多的時候報錯容量不足。
Slot 1
                    Vlan-ACL    Inbound-ACL   Outbound-ACL
----------------------------------------------------------------------------
Rule Used               10          956          646
Rule Free             2038         7236          378
Rule Total            2048         8192         1024
Slot 2
                   Vlan-ACL    Inbound-ACL Outbound-ACL
----------------------------------------------------------------------------
Rule Used               10          961          647
Rule Free             2038         7231          377
Rule Total            2048         8192         1024
Slot 3
                     Vlan-ACL    Inbound-ACL Outbound-ACL
----------------------------------------------------------------------------
Rule Used              158          916          481
Rule Free              866         3180           31
Rule Total            1024         4096          512

告警信息

Dec 4 2014 10:14:14+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[87]:Failed to send the data to the slot 3 device. (ErrorInfomation= Adding rule failed. Insufficient resource in policy 3149 classifier 3149 behavior 3149 acl 3149, rule 420)
Dec 3 2014 14:30:35+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[98]:Failed to send the data to the slot 3 device. (ErrorInfomation= Adding rule failed. Insufficient resource in policy 3149 classifier 3149 behavior 3149 acl 3149, rule 10000)
Dec 3 2014 14:12:45+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[100]:Failed to send the data to the slot 3 device. (ErrorInfomation= Adding rule failed. Insufficient resource in policy 3149 classifier 3149 behavior 3149 acl 3149, rule 10000)
Nov 20 2014 15:40:29+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[251]:Failed to send the data to the slot 3 device. (ErrorInfomation= Adding rule failed. Insufficient resource in policy 3146 classifier 3146 behavior 3146 acl 3146, rule 320)
Nov 20 2014 15:39:46+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[252]:Failed to send the data to the slot 3 device. (ErrorInfomation= Adding rule failed. Insufficient resource in policy 3146 classifier 3146 behavior 3146 acl 3146, rule 330)
Nov 19 2014 09:38:01+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[256]:Failed to send the data to the slot 3 device. (ErrorInfomation= Adding rule failed. Insufficient resource in policy 3146 classifier 3146 behavior 3146 acl 3146, rule 330)
Nov 19 2014 09:36:41+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[257]:Failed to send the data to the slot 3 device. (ErrorInfomation= Adding rule failed. Insufficient resource in policy 3146 classifier 3146 behavior 3146 acl 3146, rule 330)
Nov 17 2014 16:33:09+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[260]:Failed to send the data to the slot 3 device. (ErrorInfomation= Adding rule failed. Insufficient resource in policy 3146 classifier 3146 behavior 3146 acl 3146, rule 330)
Nov 17 2014 16:33:05+08:00 NH-3M-VM-S9706-D-2 %%01ACLE/3/DEVICE_DOWN(l)[261]:Failed to send the data to the slot 3 device.

處理過程

查看logbuffer，查看acl資源：display acl resource

根因

acl策略都在vlan下使能，Vlan下啟用的acl策略是全局下發(fā)，即由主控板下發(fā)到每一塊業(yè)務(wù)板上。
通過display acl resourse發(fā)現(xiàn)：slot1和slot2的acl占用數(shù)基本上為646（實際使用的acl資源），而slot3為481（上限為512）。
導(dǎo)致該問題的原因為：一條rule占用一條acl資源，還缺少100多acl條資源，所以會出現(xiàn)策略下發(fā)失敗的情況。

解決方案

1.明確客戶需求，是否可精簡outbound方向的策略（寬出），或者只在相應(yīng)的接口下啟用（相應(yīng)板卡下發(fā)）。
2.選擇高規(guī)格的板卡。

建議與總結(jié)

出方向的acl資源比較少，入方向的acl資源較多，為出方向的8倍。
根據(jù)寬進(jìn)嚴(yán)出的策略可以減少在出方向的限制，或者在對應(yīng)接口下使能，減少在vlan下的使用，否則容易形成瓶頸。

上一篇：S9306交換機由于單主控轉(zhuǎn)發(fā)丟包 2014/12/14
下一篇：AR G3盒式路由器發(fā)貨去除串口線的公告 2014/12/14