[c-nsp] Weird ACL behaviour
Rodney Dunn
rodunn at cisco.com
Thu Jun 17 11:52:32 EDT 2010
If it is an inconsistency in implementation between the software and
hardware generated records it should be clearly articulated as a gotcha
in the configuration guide. Ben is checking on both parts for us.
Rodney
On 6/17/10 11:15 AM, Marco Matarazzo wrote:
> On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovell<belovell at cisco.com> wrote:
>
>> The code path for MLS netflow versus software netflow is not the same. For
>> MLS netflow the export records are created by the DFC/PFC so it's not
>> surprising that they act differently than "locally generated" traffic.
>>
>
> I'm not surprised that the flows are created by different 'entities' inside
> the 6500. Another evidence is the fact that mls record are created with a
> source port different than the software created records.
> I just found it unexpected that this 'entity' was considered external by the
> point of view of the ACL. Once you know it, I can punch an hole in the ACL,
> but wanted to be sure this is expected and not actually a bug of some sort
> (in the software or in the documentation! ;)
>
> Thanks!
> ]\/[arco
More information about the cisco-nsp
mailing list