[c-nsp] Multiple flow-masks

Tóth András diosbejgli at gmail.com
Sat Dec 8 16:08:44 EST 2012 

Hi Robert,

A few things to keep in mind.

With Release 12.2(33)SXI4 and later releases, when appropriate for the
configuration of the policer, microflow policers use the interface-full
flow mask, which can reduce flowmask conflicts. Releases earlier than
Release 12.2(33)SXI4 use the full flow mask.

The flowmask requirements of QoS, NetFlow, and NetFlow data export (NDE)
might conflict, especially if you configure microflow policing.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html

To add to this, note the following restrictions/recommendations well:

The micro-flow policing full flow mask is compatible with NDE’s flow masks
that are shorter than or equal to full flow (except for destination source
interface).
With any micro-flow policing partial mask an error message is displayed and
either the micro-flow policer or NDE might get disabled.

Best regards,
Andras



On Sat, Dec 8, 2012 at 3:50 PM, Robert Williams <Robert at custodiandc.com>wrote:

> Hi,
>
> Unfortunately we use Netflow for an automated system we have (it doesn't
> need to accurately record everything, just the highest number of flows /
> packets etc). So I cannot just remove it, however I have made some progress.
>
> I've tracked it down to the problem actually being with the IPv6 netflow /
> masks. With all netflow removed I am able to add my policy-map in and it
> works. Then by adding netflow commands back in I can get everything back
> except the command:
>
>  mls flow ipv6 <any command>
>
> So even if I specify:
>
>  mls flow ipv6 destination
>
> I still get:
>
> %FM-2-FLOWMASK_CONFLICT: Features configured on interface <name> have
> conflicting flowmask requirements, traffic may be switched in software
>
> At this point in time, with my policy attached and working I'm showing:
>
>                  Flowmasks:   Mask#   Type        Features
>                       IPv4:       0   reserved    none
>                       IPv4:       1   Intf Ful    FM_QOS Intf NDE L3
> Feature
>                       IPv4:       2   Dest onl    FM_QOS             <---
> My policy (V4)
>                       IPv4:       3   reserved    none
>
>                       IPv6:       0   reserved    none
>                       IPv6:       1   Intf Ful    FM_IPV6_QOS
>                       IPv6:       2   Dest onl    FM_IPV6_QOS        <---
> My policy (V6)
>                       IPv6:       3   reserved    none
>
> The command "mls flow ipv6 <anything>" just plain refuses to go active in
> the config, so if I re-send it I get the error shown above every time.
>
> The flowmasks are correctly showing "Intf Full" and "Dest only" in slots 1
> and 2 respectively. So, why does my netflow request not attach alongside
> either one of them when it's looking for the same mask as is already active
> in those slots?
>
> The policy itself is working correctly at this point, but I cannot enable
> IPv6 netflow.
>
> Can anyone help?
>
> Robert Williams
> Backline / Operations Team
> Custodian DataCentre
> tel: +44 (0)1622 230382
> email: Robert at CustodianDC.com
> http://www.custodiandc.com/disclaimer.txt
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list