Hello,
i try to setup a simple firewall filter on our QFX switch, we use vxlan and the filter is applied on ae interface witch is part of an ESI lag
Error message:
Jan 7 10:54:50.687 2021 fpc0 DFWE ERROR DFW: Cannot program filter "ae28-input" (type IPACL_VXLAN) - TCAM has 768 free entries and the filter requires 1085 free entries
Filter:
family ethernet-switching {
filter ae28-input {
term accept_sip {
from {
ip-source-address {
46.182.XXX.XXX/32;
213.148.XXX.XXX/32;
213.148.XXX.XXX/32;
}
}
then accept;
}
term sip_sperre {
from {
port [ 5060 5061 ];
destination-prefix-list {
sip_sperre; # 3 Addresses inside
}
ip-protocol tcp;
}
then discard;
}
term accept_all_other {
then accept;
}
}
}
{master:0}[edit]
How can this filter use 1085 tcam entries ? i think its an filter / vxlan issue?