[c-nsp] VRF question

Matt Ryan Matt.Ryan at telewest.co.uk
Fri Oct 8 03:36:15 EDT 2004

It's kinda obvious, but if you enabled an interface for
IPX/SNA/anything_not_IP you couldn't use IP 'features' either. Once you
configure MPLS then it's no longer an IP interface and so logically the
features won't work. Of course you could argue with modern ASICs you should
be able to do deeper packet inspection and thus pick up the IP packet within
the MPLS frame but I think that's a bit disingenuous for this argument.


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Clinton Work
Sent: 08 October 2004 02:43
To: phil at unitedip.net.au
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] VRF question

Take the Cisco 12000 platform as an example. If you enable "mpls ip" on 
an interface and your receiving
labeled packets you can no longer use the following features:

  a) Input ACLs fail to block incoming IP packets on the MPLS interface
  b) Netflow sampling no longer works. To be fair MPLS aware Netflow is 
available now, but
    it has some limiations and requires a Netflow V9 collector.
  c) Input service policies matching IP packets don't work

Any interface input feature that relies upon matching an IP header 
probably won't work. The limitations
can be difficult to workaround due to linecard support for various 
features. Engine 2 linecards
can only support input ACLs in hardware. Once you put MPLS on the Engine 
2 linecard interface
you can no longer use the input ACL. You might try to move the input ACL 
as an output ACL on the
other linecards, but you'll run into trouble if any of those are Engine 
0/1/2 linecards as well.

Phil Pierotti wrote:

>"once you do MPLS you can't do a lot of other features that are done on IP
>Anyone care to *briefly* outline these? (features excluded by using MPLS)
>Or quote an URL which does?

cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

Live Life in Broadband

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material.
Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer.


More information about the cisco-nsp mailing list