[c-nsp] VRF question

Clinton Work clinton at scripty.com
Thu Oct 7 21:43:00 EDT 2004


Take the Cisco 12000 platform as an example. If you enable "mpls ip" on 
an interface and your receiving
labeled packets you can no longer use the following features:

  a) Input ACLs fail to block incoming IP packets on the MPLS interface
  b) Netflow sampling no longer works. To be fair MPLS aware Netflow is 
available now, but
    it has some limiations and requires a Netflow V9 collector.
  c) Input service policies matching IP packets don't work

Any interface input feature that relies upon matching an IP header 
probably won't work. The limitations
can be difficult to workaround due to linecard support for various 
features. Engine 2 linecards
can only support input ACLs in hardware. Once you put MPLS on the Engine 
2 linecard interface
you can no longer use the input ACL. You might try to move the input ACL 
as an output ACL on the
other linecards, but you'll run into trouble if any of those are Engine 
0/1/2 linecards as well.





Phil Pierotti wrote:

>"once you do MPLS you can't do a lot of other features that are done on IP
>packets"
>
>Anyone care to *briefly* outline these? (features excluded by using MPLS)
>Or quote an URL which does?
>  
>



More information about the cisco-nsp mailing list