09-12-2006 05:32 AM
hy guys,
following the link below i tried to test in our lab the last scenario :
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper0900aecd803e5017.shtml
CONFIGURING UBRL: BIDIRECTIONAL UBRL.
but in the outbound direction, the policing for the traffic destined for the subnet in question is not policed at all.
i have an 7606 SUP720-3BXL router.
this a show module from the device :
7606-2-PLR#sh module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 2 2+4 port GE-WAN OSM-2+4GE-WAN+ JAE10202BAC
2 48 48-port 10/100/1000 RJ45 EtherModule WS-X6148A-GE-TX SAL09496YWU
3 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAD101708G1
4 2 2+4 port GE-WAN OSM-2+4GE-WAN+ JAE10191JMF
5 2 Supervisor Engine 720 (Active) WS-SUP720-3BXL SAL1016KSBW
6 2 Supervisor Engine 720 (Cold) WS-SUP720-3BXL SAL09475RZL
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 0017.5ad8.0d30 to 0017.5ad8.0d3f 2.3 12.2(33)SRA1 12.2(33)SRA1 Ok
2 0016.c816.6fc0 to 0016.c816.6fef 1.4 8.4(1) 8.6(0.259)CA Ok
3 0015.fa19.bb52 to 0015.fa19.bb69 2.3 12.2(14r)S5 12.2(33)SRA1 Ok
4 0017.5ad7.d600 to 0017.5ad7.d60f 2.3 12.2(33)SRA1 12.2(33)SRA1 Ok
5 0013.c43a.de28 to 0013.c43a.de2b 4.5 8.4(2) 12.2(33)SRA1 Ok
6 0014.a97e.1988 to 0014.a97e.198b 4.3 8.1(3) 12.2(2006061 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
3 Distributed Forwarding Card WS-F6700-DFC3BXL SAL1020NAK0 5.2 Ok
5 Policy Feature Card 3 WS-F6K-PFC3BXL SAL1016KR81 1.8 Ok
5 MSFC3 Daughterboard WS-SUP720 SAL1018LJ0C 2.5 Ok
6 Policy Feature Card 3 WS-F6K-PFC3BXL SAL09412T06 1.6 Ok
6 MSFC3 Daughterboard WS-SUP720 SAL09475JLE 2.3 Ok
Mod Online Diag Status
---- -------------------
1 Pass
2 Pass
3 Pass
4 Pass
5 Pass
6 Pass
09-14-2006 02:27 AM
09-14-2006 04:42 AM
Ok...Thanks for the O/P
1) Can u enable "mls flow ip"
take the output of show mls netflow flowmask
2) Can u enable "mls flow ip destination"
take the output of "show mls netflow flowmask"
3) Can u enable "mls flow ip source"
take the output of "show mls netflow flowmask"
when you are carrying above steps dont do a no of any of the commands entered. Just keep entering the commands one after the another and take the outputs.
IT would have been the best if had direct access to the devices, but anyways we can try it this way also.
HTH-Cheers,
Swaroop
09-14-2006 06:26 AM
7606-2-PLR(config)#mls flow ip destination
7606-2-PLR(config)#end
7606-2-PLR#sh ml
7606-2-PLR#sh mls ne
Sep 14 16:17:40.040 buc: %SYS-5-CONFIG_I: Configured from console by m onvty0 (192.168.1.1)
7606-2-PLR#sh mls ne
7606-2-PLR#sh mls netflow flo
7606-2-PLR#sh mls netflow flowmask
current ip flowmask for unicast: dst
current ipv6 flowmask for unicast: null
7606-2-PLR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
7606-2-PLR(config)#ml
7606-2-PLR(config)#mls flo
7606-2-PLR(config)#mls flow ip sou
7606-2-PLR(config)#mls flow ip source
7606-2-PLR(config)#end
7606-2-PLR#sh mls netflow flowmask
current ip flowmask for unicast: src
current ipv6 flowmask for unicast: null
for the mls flow ip command i have a lot of options. the ios shell don't permit to issue
just "mls flow ip" command.
09-14-2006 08:15 AM
Hi Bindar,
From your output,
use only "mls flow ip source" as UBRL uses only source flow masks as per the docs.
Lets see if this closes the issue so we can flag off this thread for future references.
HTH-CHeers,
Swaroop
09-14-2006 10:34 AM
7606-2-PLR#sh mls netflow ip
Displaying Netflow entries in Supervisor Earl
DstIP SrcIP Prot:SrcPort:DstPort Src i/f :AdjPtr
-----------------------------------------------------------------------------
Pkts Bytes Age LastSeen Attributes
---------------------------------------------------
0.0.0.0 192.168.255.13 0 :0 :0 -- :0x0
71 4163 1921 21:32:15 L3 - Dynamic
0.0.0.0 172.16.1.66 0 :0 :0 -- :0x0
0 0 1224 21:31:52 L3 - Dynamic
0.0.0.0 192.168.255.12 0 :0 :0 -- :0x0
0 0 1916 21:32:16 L3 - Dynamic
0.0.0.0 0.0.0.0 0 :0 :0 -- :0x0
927 42642 1889 21:32:07 L3 - Dynamic
0.0.0.0 192.168.1.26 0 :0 :0 -- :0x0
0 0 1924 21:32:18 L3 - Dynamic
0.0.0.0 172.16.1.65 0 :0 :0 -- :0x0
79 4566 1224 21:31:52 L2 - Dynamic
0.0.0.0 11.11.11.4 0 :0 :0 -- :0x0
101352 10743312 88 21:31:51 L3 - Dynamic
0.0.0.0 192.168.255.11 0 :0 :0 -- :0x0
0 0 1915 21:32:11 L3 - Dynamic
0.0.0.0 11.11.11.1 0 :0 :0 -- :0x0
101352 10743312 88 21:31:51 L3 - Dynamic
0.0.0.0 192.168.1.46 0 :0 :0 -- :0x0
0 0 1836 21:32:07 L3 - Dynamic
0.0.0.0 11.11.11.5 0 :0 :0 -- :0x0
101352 10743312 88 21:31:51 L3 - Dynamic
0.0.0.0 11.11.11.2 0 :0 :0 -- :0x0
101352 10743312 88 21:31:51 L3 - Dynamic
0.0.0.0 12.12.12.1 0 :0 :0 -- :0x0
101352 10743312 88 21:31:51 L3 - Dynamic
0.0.0.0 11.11.11.3 0 :0 :0 -- :0x0
101352 10743312 88 21:31:51 L3 - Dynamic
0.0.0.0 12.12.12.2 0 :0 :0 -- :0x0
101351 10743206 88 21:31:51 L3 - Dynamic
the policing doesn't working in any direction.
let's close this thread if u agree.
thank u very much for your patience .
09-14-2006 10:45 AM
Hi Marius,
Thanks for your persistence as well.
If you happen to get it working later, do update the thread for others reference.
HTH-Cheers!
Swaroop
09-14-2006 10:54 AM
Mail be your mail-id so that i can send you some details if I come across anything more on this topic. My Mail-ID is swaroop.potdar@corliant.com
HTH-Cheers,
Swaroop
10-31-2006 03:25 AM
Hi guys,
i had the same problem on a Cat6509 therefore i opend a case. This is the result:
-----snip-----
" I have been investigating this issue deeper since being back from vacation.
**************************************************************
The first point to mention is that the Bidir UBRL as described in the doc you referencd is not valid:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_p
aper0
900aecd803e5017.shtml
**************************************************************
Due to hardware limitation there is no way that this config could work.
There would be a conflict between Src and Dest mask applied to the same interface. When configuring in lab you should see the message:
switch(config)#int gig 6/2
switch(config-if)# service-policy input livingdata-police
switch(config-if)#
QoS-ERROR: QoS policy on interface Gi6/2 cannot be successfully
installed due to the interaction with other feature configuration
Failure reason is Unresolvable flowmask conflict with other features
QoS-ERROR: installation of policy on Gi6/2 failed
5d18h: %FM_EARL7-4-NO_FLOWMASK_REGISTERS: Feature configuration on
interface GigabitEthernet6/2 could not allocate required flowmask
registers, traffic may be switched in software switch(config-if)#
**************************************************************
I have submitted feedback to the author and CCO team and it should be either removed from CCO or amended."
-----snap------
12-28-2009 06:00 AM
mls flow ip full
police flow mask src 1000000 conform-action transmit exceed-action drop
I got the "FLOWMASK_CONFLICT: Features configured on interface " errors
however, when i used:
mls flow ip full
police flow 1000000 conform-action transmit exceed-action drop
without specified the mask, i get no error and the microflow working. Is there any issue with this?
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd803e5017.html does not seem to work
Any advice and thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide