MARS basic questions

Unanswered Question
Nov 13th, 2007
User Badges:

Hi friends,


I just wanted to know a few basic things about MARS:


1. Regarding Netflow on 6509 switches, where do i put the ip route-cache flow statement? Do i put it on all user vlan's or server vlan's or management vlan's? Also, is it ok if i apply it on trunk ports?


2. Regarding routers, do i put ip route-cache flow on trunk ports or on Layer 3 interfaces only?


Thanks a lot

Gautam


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Collin Clark Tue, 11/13/2007 - 13:04
User Badges:
  • Purple, 4500 points or more

Gautam,


1. Put the command on any interface where you want to monitor traffic flows (ingress and egress).


2. AFAIK- layer 3 interfaces only.


HTH and please rate.

pmccubbin Tue, 11/13/2007 - 14:11
User Badges:
  • Silver, 250 points or more

Hi Gautam


I would only add to Collin's answer the following guidelines which I employ:


"Ideally, NetFlow information should be collected from the distribution switches and routers. These devices, together with NetFlow from Internet-facing routers or syslog from firewalls, represent the entire network.


Just a word of caution on Netflow. You do not want nor need to turn it on for every networking device. Otherwise you will get multiple copies of the same info. Where you want to turn it on is at logical aggregation points, like your distribution layer, or WAN aggregation router."


Hope this helps.


Best,


Paul



Collin Clark Tue, 11/13/2007 - 14:17
User Badges:
  • Purple, 4500 points or more

Excellent points Paul, worth some points.

gautamzone Sat, 11/17/2007 - 02:42
User Badges:

Thanks a lot for your help and effort in sorting out my confusion.


There is one more thing that i noticed about the Resource Utilization report (Memory and CPU) of MARS. When i click on View report, it only shows me the TOP N values of some Layer 3 devices.


Is there a way for this report to also show Layer 2 and all other devices (ASA, FWSM) etc also?



Thanks

Gautam

brad.miller Tue, 11/20/2007 - 04:35
User Badges:

I would like to gather NetFlow stats from the fiber interface to my PIX. What is the non-route command for a layer 2 interface? I am picturing the command on the 6513 side.

Collin Clark Tue, 11/20/2007 - 06:12
User Badges:
  • Purple, 4500 points or more

non-route command? I don't understand.

brad.miller Tue, 11/20/2007 - 08:50
User Badges:

I was told that there is a different command that I need to put on a layer 2 switch interface since the ip route-cache does not work.

Collin Clark Tue, 11/20/2007 - 09:15
User Badges:
  • Purple, 4500 points or more

AFAIK you can't monitor Netflow traffic via a layer 2 interface.

Actions

This Discussion