[c-nsp] Multiple flow-masks
Nick Hilliard
nick at foobar.org
Sat Dec 8 09:55:23 EST 2012
On 08/12/2012 12:00, Robert Williams wrote:
> The problem occurs when I issue the interface command:
>
> service-policy input test-policy
>
> I get:
>
> %FM-4-FLOWMASK_REDUCED: Features configured on interface <name> have
> conflicting flowmask requirements, some features may work in software
Yeah, sounds about right. This is explained here:
https://supportforums.cisco.com/docs/DOC-15670
The root cause here is that the PFC3 hardware is not smart enough to be
able to handle pbr and netflow flowmask processing on the same interface.
To be honest, I would just drop the flowmask stuff and let the collector
filter out the flows. On the PFC3, netflow flowmask processing is done
after the hardware lookup but before the data export process, which means
that you will not actually increase your netflow collection capacity on the
box - all you're doing is reducing the amount of data sent to the
collector. You'll still see netflow tcam overflow errors when you hit the
tcam limits, and the PFC3 will still drop netflow entries at the same rate
as without the flowmask applied.
As Roland said, the sup720 has a very poor netflow implementation which is
unsuitable for more than a gig or two of imix traffic.
Nick
More information about the cisco-nsp
mailing list