Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
6
Helpful
2
Replies

CPU increases on netflow command

S891
Level 2
Level 2

‎06-16-2015 10:51 AM - edited ‎03-08-2019 12:34 AM

hi,

I am having an issue when configuring a netflow command on 6500 switch. As soon as I enter the below command CPU goes up. Can anyone tell me what could be the issue?

ip flow ingress layer2-switched vlan 70

I also see below message in the log after the above command is entered.

 %FM-2-FLOWMASK_CONFLICT: Features configured on interface Vlan70 have conflicting flowmask requirements, traffic may be switched in software
 %FM_EARL7-4-FLOW_FEAT_FLOWMASK_REQ_FAIL: Flowmask request for the flow based feature NAT for protocol IPv4 is unsuccessful, hardware acceleration may be disabled for the feature

 

This is the interface vlan config

interface Vlan70
  ip vrf forwarding ABC
 ip address 10.26.47.195 255.255.255.240
 ip nat inside
 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎06-16-2015 05:13 PM

The meaning of the error is the following:

%FM-2-FLOWMASK_CONFLICT: Features configured on interface [chars] have conflicting
flowmask requirements, traffic may be switched in software

The configured features for this interface have a flowmask conflict. The traffic on this
interface and the interfaces sharing the TCAM label with this interface may not comply
with the features under this condition. The traffic on these interfaces will be sent to
software under this condition.

Recommended Action: Redefine and reapply or deconfigure one or more features to avoid the
conflict.

Please check If you have "mls flow ip interface-full" is configured.If
yes,it should not be
configured, since this command is referring to the flow mask of NDE.
Basically you are trying to configure NDE to use the same flow mask that
NAT requires, thus preventing NAT to use it.
 
This is for sure one cause of that errors. You should remove that
command from the configuration and try again to set up the configuration.

 

HTH

Regards

Inayath

 

horizons6
Level 1
Level 1
In response to InayathUlla Sharieff

‎09-14-2016 01:54 PM

That is indeed the correct assessment of the error.

In my case, I had NAT enabled on the SVI and with the "mls flow ip interface-full" command enabled, I got the error described above, with the CPU utilization shooting way up;

A few verification commands confirmed the issue:

#show fm fie flowmask

Primary Flowmasks registered by Features

----------------------------+------------------------+---------------------

         Feature                   Flowmask             Flowmask Status

----------------------------+------------------------+---------------------

IP_ACCESS_INGRESS               Intf Full Flow           Disabled/Unused

IP_ACCESS_EGRESS               Intf Full Flow           Disabled/Unused

NAT_INGRESS                     Intf Full Flow           Enabled

NAT_EGRESS                     Intf Full Flow           Disabled/Unused

TCP_INTERCEPT                   Full Flow Least           Disabled/Unused

IPV6_RACL_INGRESS               Intf Full Flow           Disabled/Unused

IPV6_RACL_EGRESS               Intf Full Flow           Disabled/Unused

INSPECT                         Full Flow                 Disabled/Unused

WCCP_INGRESS                   Intf Full Flow           Disabled/Unused

WCCP_EGRESS                     Intf Full Flow           Disabled/Unused

SLB                             Full Flow Least           Disabled/Unused

FM_SVC_ACCLRT                   Intf Full Flow           Disabled/Unused

IPV6_COPY_INGRESS               Src only                 Disabled/Unused

Changing the flow-mask to a lesser one resolved the issue.

0 Helpful
Customers Also Viewed These Support Documents