[39756] in North American Network Operators' Group
Re: Netflow bug on 3-GE cards (Trident) in Cisco GSRs
daemon@ATHENA.MIT.EDU (Andrew C. Ohnstad)
Mon Jul 23 10:18:46 2001
Date: Mon, 23 Jul 2001 10:20:27 -0400
From: "Andrew C. Ohnstad" <andrewo@gblx.net>
To: Mikael Abrahamsson <swmike@swm.pp.se>
Cc: nanog@merit.org
Message-ID: <20010723102027.G1338@gblx.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.33.0107210936080.2352-100000@uplift.swm.pp.se>; from swmike@swm.pp.se on Sat, Jul 21, 2001 at 09:37:36AM +0200
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, Jul 21, 2001 at 09:37:36AM +0200, Mikael Abrahamsson wrote:
>
> On Fri, 20 Jul 2001, Dani Roisman wrote:
>
> > Turns out you can only run netflow on the first port of a 3-GigE port
> > on the current S-tract software rev. If you have been struggling with
> > this as well, I'm eager to hear about it off-list.
>
> In 12.0.15S you cannot use access-lists on subinterface on the 3GE either.
> Wonder if that's a software bug too, or hardware limitation (like the MTU
> difference on the 3GE compared to the 1GE).
Actually Cisco has never supported ACLs on Engine 0 or Engine 1 cards in
the GSR. Used to be that you could apply those ACLs, but they were
implemented by the router very erratically. Cisco finally removed the
ability to apply ACLs to an ineligible interface because the TAC was tired
of telling people "it's not supported, even though it's there."
Best wait another 6 months for the Engine 2 10xGIGE card which will
support ACLs, or change to/add something from the 7xxx platform.
DownReving the router isn't really an option, like I said because the ACLs
never really worked right anyway. I don't remember the exact details (I
can get them if anyone wants) but I believe it did something like
arbitrarily testing random packets with random rules, whereas some
packets would get thru without being checked at all.
--
=-=andrewo
