[c-nsp] WARNING: Netflow Data Export & Hardware assisted NAT not supported on 76xx/65xx on the same interface

Matthew Huff mhuff at ox.com
Sat Aug 27 13:36:31 EDT 2011 

> I would instead consider moving the NAT somewhere else, and leaving the 
> Netflow on the box. The hardware-assisted NAT feature in the 6500/7600 
> has the feel of an "abandoned" feature; one that Cisco would rather you 
> didn't use, and are sorry they ever implemented.

Yes, I get that feeling also. However, since the monitoring has a less of a priority than the low latency of the packets, moving the NAT to another box which adds another layer of complexity and another latency hop, it's likely we will either replace the entire hardware or leave it the way it is. Having to increase latency to add monitoring is the tail wagging the dog.

As far as requirements, on the marketing literature for the 7600/RSP720 the hardware assisted nat and NDE are both prominent features advertised. There are no disclaimers stating they won't work together. In fact, I've yet to see any published documentation, internal or external from Cisco that states that it won't work. Just a good explanation from TAC why it won't (The NAT inserts a special Netflow entry that doesn't follow the mls aging timeout, so NDE doesn't work).

We have been promised a formal statement from Cisco in regards to this. Once we have that, we will had it over to our legal department and see where it goes from there.


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Phil Mayers
Sent: Saturday, August 27, 2011 6:47 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] WARNING: Netflow Data Export & Hardware assisted NAT not supported on 76xx/65xx on the same interface

On 08/26/2011 05:25 PM, Matthew Huff wrote:

> I'm looking at using SPAN to replicate the data and send it to a
> linux box to then create netflow data exports, however, given the

I would instead consider moving the NAT somewhere else, and leaving the 
Netflow on the box. The hardware-assisted NAT feature in the 6500/7600 
has the feel of an "abandoned" feature; one that Cisco would rather you 
didn't use, and are sorry they ever implemented.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list