[c-nsp] WARNING: Netflow Data Export & Hardware assisted NAT not supported on 76xx/65xx on the same interface

Brett Frankenberger rbf+cisco-nsp at panix.com
Sun Aug 28 20:33:42 EDT 2011


On Sun, Aug 28, 2011 at 08:04:00PM +0200, Gert Doering wrote:
> 
> On Sun, Aug 28, 2011 at 11:12:44AM -0500, Tony Varriale wrote:
> > Then hire someone that knows what they are doing.
> 
> Am I the only one to find that sort of remark a bit nasty?
> 
> While not sporting any nice certificates, I consider myself to be 
> somewhat experienced with Cisco platforms, and Cisco architecture - and
> if a prospective customer would have asked me "will NAT and netflow
> work together?" I would have checked the documentation, would not have
> found anything about that conflict either, and would have said "no 
> problem there".

But now much money would you commit to that position?  You've been
doing this a while ... presumably you're well aware that not everything
always works togethor on platforms that do most of their switching in
ASICs.  (I do a lot of GRE tunnelling and have for a long time.  The
first thing I thought when I learned that Sup720s would support GRE
tunnels in hardware was "I wonder what the limitations are".  There are
many, and only some of them are documented.)

The comment you reference above was in respose to this:
   We don't have the luxury of long, involved RFP with detailed
   descriptions or time to work with a TME to discuss every detail of
   every configuration we use. We expect if a vendor advertise features,
   that they should work, except when they are documented (like caveats).

While you might not personally know off hand if NAT and netflow work
togethor, if you had a requirement for that functionality and were
considering the 65xx/76xx for it, would you read the documentation, not
find anything saying they won't work togethor, and then buy it?  Or
would you do a detailed RFP or talk to a TME about that functionality
before buying it?  Or if you didn't have the time or talent to do one
of those things yourself, would you hire someone who did?

The comment was rather blunt, but in terms of content, it was dead on. 
Buyers need to do their due diligence.  Some are large and/or
sophisticated enough to do it with in house employees, others need to
hire outside talent.  But if you do neither, you run the risk of being
disappointed. 

(In response to the comment about "I can't hire anyone who knows about
limitations on future unreleased products".  Of course you can't.  But
you can hire someone who knows how to do the necessary due diligence
before purchasing a product.)

     -- Brett


More information about the cisco-nsp mailing list