SRX340 (18.4R3) is receiving about 805K internet routes from BGP peer and 'RT: Failed to allocate object for flow' messages are received.

This issue occurs when the SRX340 FIB capability limit is reached. By default, SRX340 RIB is 1M. But FIB is only 600K. For details on SRX300 series RIB/FIB capability, refer to the technical documentation on SRX300 Line of Services Gateways for the Branch.

SRX340 (18.4R3) is receiving internet routes (about 805K) from BGP peer.

root@router> show bgp summary
Threading mode: BGP I/O
Groups: 2 Peers: 2 Down peers: 0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
205.209.32.225        29863     805603        217       0       0     1:37:34 Establ
  internet.inet.0: 805406/805406/805406/0
213.159.134.243       63201        198        221       0       0     1:37:38 Establ
  internet.inet.0: 0/1/1/0

In /var/log/messages, the following error messages are seen:

May 14 21:50:17  router fto_new: failed to allocate fto
May 14 21:50:17  router RT: IPv4:6 - 193.95.8/24 (RT: Failed to allocate object for flow)
May 14 21:50:17  router RT-HAL,rt_entry_add_msg_proc,3747: rt_halp_vectors->rt_create failed
May 14 21:50:17  router RT-HAL,rt_entry_add_msg_proc,3811: proto ipv4,len 24 prefix 193.95.8/24 nh 1369
May 14 21:50:17  router RT-HAL,rt_msg_handler,737: route process failed
May 14 21:50:17  router fto_new: failed to allocate fto
May 14 21:50:17  router RT: IPv4:6 - 193.95.11/24 (RT: Failed to allocate object for flow)
May 14 21:50:17  router RT-HAL,rt_entry_add_msg_proc,3747: rt_halp_vectors->rt_create failed
May 14 21:50:17  router RT-HAL,rt_entry_add_msg_proc,3811: proto ipv4,len 24 prefix 193.95.11/24 nh 1369
May 14 21:50:17  router RT-HAL,rt_msg_handler,737: route process failed
May 14 21:50:17  router fto_new: failed to allocate fto

By default, SRX340 RIB is 1M and FIB is 600K.

In order to ensure SRX340 FIB capability reaches out to RIB, enable enhanced-routing-mode with 'set security flow enhanced-routing-mode'. A reboot will be needed.

Note: UTM/IDP function can't be used at the same time.

After enabling enhanced-routing-mode and rebooting, SRX340 FIB routes limitation is no longer 600K. SRX340 does not report 'Failed to allocate object for flow' when it is receives internet routes from BGP peer.
 

root@router> show security flow status
  Flow forwarding mode:
    Inet forwarding mode: packet based
    Inet6 forwarding mode: drop
    MPLS forwarding mode: packet based
    ISO forwarding mode: drop
    Tap mode: disabled (default)
    Enhanced route scaling mode: Enabled   
  Flow trace status
    Flow tracing status: off
  Flow session distribution
    Distribution mode: RR-based
    GTP-U distribution: Disabled
  Flow ipsec performance acceleration: off
  Flow packet ordering
    Ordering mode: Hardware
  Flow power mode IPsec: Disabled

root@router> show bgp summary
Threading mode: BGP I/O
Groups: 2 Peers: 2 Down peers: 0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
205.209.32.225        29863     805603        217       0       0     1:37:34 Establ
  internet.inet.0: 805406/805406/805406/0
213.159.134.243       63201        198        221       0       0     1:37:38 Establ
  internet.inet.0: 0/1/1/0

root@router> exit

root@router% vty fwdd


BSD platform (OCTEON processor, 576MB memory, 16384KB flash)

FLOWD_OCTEON(router vty)# show route all summary

Protocol Route Tables:
Protocol                   Tables    Routes
-------------            --------  --------
IPv4                            6    805468   
MPLS                            2         2
IPv6                            4        26
CLNP                            3         3
MSTP-instance                   1         1