[c-nsp] SUP-2T and ingress netflow + microflows policing

[Robert Hass]

Hi
I'm currently using 6500 with SUP720 and 67xx CFC linecards (mainly
almost all are 6704-10GE).

Is SUP-2T (PFC4) changes anything about possible simultaneous features
configured on one interface comparing to SUP720 (PFC3) ? My goal is to
have ingress netflow and microflow policing configured on same
interface simultaneous.

When I have configured these features together on SUP720 then 6500
causing me error:
%FM-4-FLOWMASK_REDUCED: Features configured on interface
TenGigabitEthernet4/3 have conflicting flowmask requirements, some
features may work in software
I have to disable netflow or microflow policing on interface to go
back to hardware forwarding instead of punt to CPU.

My configuration:

interface TenGigabitEthernet4/3
 description TSIC04
 ip address x.x.x.x 255.255.255.252
 ip access-group SPOOFING-IN in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip policy route-map PBR
 load-interval 30
 ipv6 address ..........
 ipv6 enable
 ipv6 nd ra suppress
 ipv6 traffic-filter SPOOFING-INv6 in
 no ipv6 mld router
 no cdp enable
 hold-queue 1500 in
!

class-map match-any servers-low
  match access-group 100
!
policy-map microflows-police
  class servers-low
     police flow mask dest-only 20000000 500000 conform-action
transmit exceed-action drop
  class class-default
!
! about 20 hosts
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x
access-list 100 permit ip any host x.x.x.x

BTW. Can also Sup2-T/PFC4 solve all issues with IPv6 ? Eg. full ipv6
acls instead of compressed like on PFC3, ipv6 copp, ipv6 hardware pbr
?

Robert