The issue happens when you want to run Netflow and Microflow policing at the same time.
It is sometimes observed that Netflow fails to start exporting when a Microflow policer is already active. The Microflow policer continues to work. Alternatively, a Microflow policer does not function when Netflow is already enabled on a Catalyst 6500 and the policer configuration is applied. Netflow continues to function since it was enabled first.
The following are the limitations regarding NDE and microflow policers:
- Full flow microflow policer works only when NDE is configured to Src, Dest, Dest-Src or Full.
- Src-only / Dest-only Microflow policer will not work, when NDE is configured.
For addtional information refer to, Flow Masks.
The only condition that allows the NDE and Microflow policer to work is to use the mls flow ip full command in global configuration mode which configures the flow mask for NDE. The Microflow policers do not match any IPv6 traffic.
Note : If you use mls flow ip full command it will consume more memory in MLS because it will have more entries based on layer 4 information. It is recommended to keep the size of the MLS cache below 32K entries. To keep the size of the MLS cache down, enable mls aging fast.
For additional information refer to, Configuring NetFlow Data Export (NDE).