[c-nsp] User Based Rate Limiting in PFC3BXL + Netflow Data Export

Ian Cox icox at cisco.com
Thu Jan 4 14:53:19 EST 2007


At 06:48 PM 1/4/2007 +0100, Peter Salanki wrote:
>Hello,
>
>I can't seem to get urbl(microflow) policing to work concurrently
>with NDE. If I have a ip flow-mask other than none, enabling
>microflow policing on an interface gives me:
>02:25:27: %FM-2-FLOWMASK_CONFLICT: Features configured on interface
>GigabitEthernet5/9 have conflicting flowmask requirements, traffic
>may be switched in software

You can not have ubrl and NDE enabled today.

http://www/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a2b.html
[snip]
Router# show mls netflow flowmask
The following specific conflicts are related to NDE:
•CBAC requires the full flow mask and is given 
priority over other flow-based features. NDE must 
use the full flow mask to avoid a conflict.
•The QoS microflow policing configuration must 
use the full flow mask to be compatible with NDE.
•When you configure NAT and NDE on an interface, 
the PFC sends all fragmented packets to the MSFC 
to be processed in software. (CSCdz51590)
[end snip]


Ian

>I have no other features configued on this box than microflow policing.
>
>Snip from: 
>http://www.cisco.com/en/US/products/hw/switches/ps708/ 
>products_white_paper0900aecd803e5017.shtml
>
>"In total, the Supervisor Engine 720 supports four flow masks in
>hardware. This is available in the PFC3a, PFC3B, and PFC3BXL. There
>is one flow mask that is reserved for multicast, and a second is
>reserved for system use. That leaves two flow masks that are
>available for normal system use, and these are the masks that UBRL
>can utilize."
>
>I would hope that I could have two urbl 
>directions (src-only and dst- only) AND a 
>full-flow flowmask for NDE configured on the same box. If
>not, I would atleast need a src-only and full-flow, which should be
>viable according to the statement about two user-configurable flow
>masks above.
>
>Sincerely
>
>Peter Salanki
>Chief Network Engineer
>Bahnhof AB (AS8473)
>www.bahnhof.se
>Office: +46855577132
>Cell: +46709174932
>
>
>
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list