Clear Netflow Tables??

Unanswered Question
Nov 14th, 2007

Is there any way to clear the netflow tables of expired or current flows?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Collin Clark Wed, 11/14/2007 - 07:39

You can display and clear NetFlow statistics. NetFlow statistics consist of IP packet size distribution, IP flow cache information, and flow information such as the protocol, total flow, flows per second, and so forth. The resulting information can be used to find out information about your router traffic. To manage NetFlow statistics, use either of the following commands in privileged EXEC mode:

Command

show ip cache flow = Display the NetFlow statistics.

clear ip flow stats = Clear the NetFlow statistics.

HTH and please rate

vblaha Wed, 11/14/2007 - 07:46

Thanks for the info but according to Cisco documentation on Netflow by default, all expired flows are exported and filter values are stored in NVRAM and are not cleared when NDE is disabled.

Jan Nejman Wed, 11/14/2007 - 07:50

Hello,

Did you thought how to flush a netflow table to the collector? I think that it is not implemented in Cisco IOS. You can only clear information about netflow statistics, but not flow table.

You can configure expiration times (active/inactive), but I think that it is not answer that you expected.

Kind regards,

Jan Nejman

Caligare, Co.

http://www.caligare.com/

vblaha Wed, 11/14/2007 - 07:54

What is the best way configure expiration timers to expire the data quickly?

Jan Nejman Wed, 11/14/2007 - 08:03

Hello,

we tried a minimal values, but a netflow cache is still pernamently overflowed... (Cisco7609 with 8x10Gbps interfaces, SUP720-3BXL).

I recommend set the following values:

ip flow-cache timeout active 2

ip flow-cache timeout inactive 30

mls aging long 128

mls aging normal 32

A very useful command is:

mls netflow usage notify 75 180

It warns you when netflow table is almost full ...

paitken Tue, 11/27/2007 - 03:48

Note that the "ip flow-cache timeout ..." configs are for the software cache, while the "mls aging ..." configs are for the hardware cache.

paitken Tue, 11/27/2007 - 03:52

If your cache is still overflowing then it may simply be too small. The default cache size depends on the platform and available memory, but it's certainly not a one-size-fits-all. Yet it's one of the most overlooked aspects of netflow configuration.

Use the "ip flow-cache entries" config to adjust the cache size.

NB the cache is only resized when it's no longer in use, so you'll need to disable netflow on all your interfaces. Or reboot :-(

Actions

This Discussion