[c-nsp] VRF question
Clinton Work
clinton at scripty.com
Thu Oct 7 21:43:00 EDT 2004
Take the Cisco 12000 platform as an example. If you enable "mpls ip" on
an interface and your receiving
labeled packets you can no longer use the following features:
a) Input ACLs fail to block incoming IP packets on the MPLS interface
b) Netflow sampling no longer works. To be fair MPLS aware Netflow is
available now, but
it has some limiations and requires a Netflow V9 collector.
c) Input service policies matching IP packets don't work
Any interface input feature that relies upon matching an IP header
probably won't work. The limitations
can be difficult to workaround due to linecard support for various
features. Engine 2 linecards
can only support input ACLs in hardware. Once you put MPLS on the Engine
2 linecard interface
you can no longer use the input ACL. You might try to move the input ACL
as an output ACL on the
other linecards, but you'll run into trouble if any of those are Engine
0/1/2 linecards as well.
Phil Pierotti wrote:
>"once you do MPLS you can't do a lot of other features that are done on IP
>packets"
>
>Anyone care to *briefly* outline these? (features excluded by using MPLS)
>Or quote an URL which does?
>
>
More information about the cisco-nsp
mailing list