On a S7700 switch, BFD and L2tunnel features were enabled, and when tying to apply a traffic policy (used to police traffic up to 4G) on an interface a system error appeared. After the error was generated the rule application was rejected.
Error: Adding rule failed.
Insufficient resource in policy 4G class any behavior 4G acl 3001, rule 5, on slot 1 interface XGigabitEthernet.
The fault analysis started with the acl debug information obtained by running command : debugging acl all. As this information wasn't conclusive (the debug info stated that there are not enough resources on chip ). The next step was to analyze the debug information obtained by running command : debugging lsw slot 1 trace acl on, debugging lsw slot 1 debug acl on, debugging gfpi 1 acl all 5. These are used to check the physical resources used on a specific lsw. The conclusion was that all 4 CAR pool were being used so applying a traffic policy (this operation requires a free CAR pool) is imposible without freeing one of the used CAR pools.
As the error stated that there are insufficient resources we need to analyze debug information from the device.
On the S7706 platform, board type X16SFC you can only use 2 of there following 3 features at one time: BFD, Traffic policy, L2tunnel - because there are limited resources on this particular chip for this features (only 4 CAR pools available - 2 of them are used by default processes that cannot be disabled).