Hi everyone,

I really like the possibility to use L3HW offloading on the newer high-end devices! However, I also like to monitor my network traffic with Traffic Flow. And sadly, the two are incompatible out of the box (meaning that Traffic Flow simply doesn't see and hence doesn't report flows that are offloaded to the hardware).

I tried tinkering around with switch ACL rules to copy packets to the cpu (on a CRS326-24S+2Q+):
This makes the flows visible again - but has two drawbacks:

1. It duplicates the packets, which are then forwarded by the CPU too.
2. It copies all packets to the CPU (the rate parameter is simply ignored).

Ideally, I'd like to implement the Flow Sampling in the ACL rule, copying only 1% of packets to CPU, and then stop them from being forwarded by the CPU. Sadly, because Traffic Flow happens after the forward chain processing, the IP firewall cannot be used to prevent the duplication. And switch ACLs configured for the CPU port apparently aren't actually applied (which is consistent with Port Isolation reporting as not being supported for the CPU port).

So... does anybody have this kind of setup? Or do I simply have to mirror the traffic off-device and use another device (e.g. server) for flow monitoring? (Which still poses the question of whether switch ACL rules can somehow be used to implement the sampling.)

I have this same question.. did you ever find a good solution to this?

Hey there,

Hardware traffic sampling and QoS are the next major features that we consider implementing after the finalization of IPv6 L3HW. Unfortunately, at the moment of writing, there is no good solution to your problem.

Hi raimondsp, is VRF support on the roadmap?