[c-nsp] Flowmask Config?

Jeff Fitzwater jfitz at Princeton.EDU
Mon Dec 10 10:33:58 EST 2007 

I knew someone else out there would see this problem.

     Skeeve the problem is the you can't run QOS and NDE  
concurrently.  Both NDE and QOS use the same TCAM hardware and  
therefor you can't have two different FLOWMASKS.  This rule applies to  
any QOS feature like UBRL User Based Rate Limiting which uses  
microflows.   Only one or the other will function correctly.
     We have the same problem here because we have been using UBRL and  
now want to use NDE.  We have 720-3Bs which support multiple  
flowmasks, but they have only allocated two for the netflow TCAM and  
those two appear to be an exclusive function, where you can have two  
for UBRL ( like SRC and DST masks) or NDE (interface-full) not both.

	I hate to say it but if you look hard enough the doc states that QOS  
and NDE don't work together.
	
	Both are very important features and should work.   Princeton U. has  
been in touch with CISCO, but there seems to be no solution.

Jeff Fitzwater
OIT Network & Telecommunications Systems
Princeton University


On Dec 10, 2007, at 9:24 AM, Skeeve Stevens wrote:

>
> Hey guys,
>
> I am trying to setup NAT for a few machines on a private network which
> enters a 7609 on a Ethernet interface.
> When I put the NAT commands, this error appears in the logs, and the  
> NAT
> does not work.
>
> Can someone point me in the right direction to figure out what is  
> going on?
>
> …Skeeve
>
> ===
> Error Message
> %FM_EARL7-4-MLS_FLOWMASK_CONFLICT : mls flowmask may not be honored on
> interface [chars] due to flowmask conflict
> Explanation    The configured MLS flow mask conflicts with other
> features/QoS configuration. The traffic on this interface will be  
> sent to
> software under this condition. NetFlow data export may not function
> correctly for this interface under this condition.
> Recommended Action    Remove the conflicting configuration and re- 
> configure
> the MLS flowmask
>
>
>
> --
> Skeeve Stevens, RHCE
> skeeve at skeeve.org / www.skeeve.org
> Cell +61 (0)414 753 383 / skype://skeeve
>
> eintellego - skeeve at eintellego.net - www.eintellego.net
> --
> I'm a groove licked love child king of the verse
> Si vis pacem, para bellum
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list