14-8
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 14 Configuring MLS
Understanding How Layer 3 Switching Works
Because multiple flow masks can now coexist on the switch, the show mls statistics entry command
displays only the relevant fields per flow. Depending on the flow mask that is used to create a particular
flow, the relevant fields are zeroed out. NDE is used by the flow collector software. NDE assumes that
all flows are created with the same flow mask. Due to this restriction, NDE cannot be enabled with
certain features requiring conflicting flow masks. One specific case is hardware-accelerated NAT. NDE
and hardware-accelerated NAT are mutually exclusive.
Software release 8.5(1) introduces hardware acceleration for some MSFC features. When upgrading
from software release 8.4(x) to software release 8.5(1), there are no issues with MSFC features that were
already configured and running. In addition to NAT, such features as reflexive ACLs and Context Based
Access Control (CBAC) can work in the hardware if there is no flow mask conflict. A feature will work
in the hardware unless the feature needs a flow mask that is in conflict with another feature such as an
NDE or QoS microflow policer.
Hardware acceleration is also introduced in software release 8.5(1) for WCCP and TCP intercept. These
MSFC features can coexist with NDE if there is no flow mask conflict. The ACL manager attempts to
merge the flow mask requirements of different features. The basic idea is to allocate a new flow mask
only for a strict flow mask requirement that is incompatible with already allocated flow masks. NDE
does not have a strict flow mask requirement, so the flow mask for NDE can be moved up.
To use the hardware acceleration functionality for NAT, if a flow mask has been configured for NDE
(enter the show mls command to display flow masks), perform these steps:
Step 1 Enter the set mls flow null command.
Step 2 The MSFC needs to request a flow mask. This is accomplished by reconfiguring the specific MSFC
feature.
NDE will fail if any of the following events occur:
• Hardware-accelerated NAT is enabled.
• Two or more features with conflicting flow masks have been configured on the switch.
Conversely, once NDE is successfully configured, NAT cannot be configured to work in the hardware
and two different features with conflicting flow mask requirements cannot be configured on the switch.
Software release 8.5(1) introduces the show mls flowmask command that displays the flow masks used
by the various features on the switch.
These examples show the output with various configurations when no features are configured on the
MSFC:
Console> show mls flowmask
Netflow Data Export is enabled
NDE Flowmask is configured to use at least Null flowmask
Console>
Console> show mls flowmask
Netflow Data Export is enabled and is using Full flowmask
NDE Flowmask is configured to use at least Full flowmask
Console>
Console> show mls flowmask
Netflow Data Export is disabled
NDE Flowmask is configured to use at least Full flowmask
Console>
To Next Page
Loading...
Need help?
General