[c-nsp] WARNING: Netflow Data Export & Hardware assisted NAT not supported on 76xx/65xx on the same interface

[Tony Varriale]

On 8/26/2011 11:25 AM, Matthew Huff wrote:
> We fully expected to be able to use hardware assisted NAT and NDE to monitor the traffic.
Why?
> The netflow output we get is random, sporadic and very incomplete.
This is a very well known limitation.
> After dealing with our Sales team and TAC, we have finally got them to admit that it doesn't work when NAT and NDE are configured on the same interface.
Keep in mind, not a lot of people,  even within Cisco, really understand 
the limitations.
>
> Nowhere in the Cisco marketing literature,
 >That's marketing.  Marketing doesn't list, describe or otherwise 
details hardware limitation or caveats.
> Cisco Documentation, or even Cisco bug lists does it mention this.
See above.  But, I'm sure someone has come across this on this list.
> There are some caveats listed regarding NDE and NAT (flow mask conflicts, and fragments), but even given that, the caveats imply that it will work if the caveats don't apply or the flowmask conflicts are resolved. Also, there are no warnings when configuring it. The feature manager shows no errors or conflicts, etc...
The platform (and related 6500) are VERY well known to have serious 
limitation around netflow.  NAT is a "netflow assisted" feature.
>
> At every step, in my opinion, cisco has been reluctant to admit that it doesn't work.
  See my above comment.  I know people with 10 years of 6500 experience 
that don't know some of the limitations.
> Had we known of this limitation,
Was that part of your requirements previous to purchasing it?  Are you 
working with knowledgeable people?
It's unfortunate that the platform doesn't meet your requirement.  I 
hope you can find some knowledgeable Cisco people in the future to help 
you with your design and purchasing.

tv