07-29-2008 09:01 PM
Hi all
I'm trying to get some netflow stats from a 6513 using VS-S720-10G sup's (we're not using the vs functionality). I've configured the following:
mls netflow
mls nde send version 7
mls nde interface
mls agingtime long 64
mls agingtime fast 16 0
ip flow-export version 9
ip flow-export source vlan 101
ip flow-export destination 10.255.0.43 9995
ip flow-cache timeout active 1
and on the interfaces i want to gather netflow info:
ie interface atm4/0/0.53
ip flow ingress
I seem to be getting some netflow data but it doesn't appear to be all the flow information. I want to see all the application traffic flows. All i'm seeing is ntp, eigrp, icmp etc nothing for other tcp protocols. Am i missing something?
07-30-2008 12:24 AM
Hello,
try use the following command:
mls flow ip interface-full
and try some show commands:
show mls nde
show mls netflow table-contention summary
show ip flow export
Please, let me know results.
Kind regards,
Jan Nejman
Caligare, Co.
07-30-2008 07:53 PM
Hi
I added the mls flow ip interface-full and it made no difference.
When i do a sho ip cache flow, i can see various protocols ie http but it doesn't appear in the reporting.
ccrtr01#sho ip cache flow
-------------------------------------------------------------------------------
Displaying software-switched flow entries on the MSFC in Module 8:
IP packet size distribution (2119108 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.125 .194 .576 .001 .020 .006 .004 .000 .065 .000 .002 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
66 active, 4030 inactive, 441883 added
15689322 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 33992 bytes
66 active, 958 inactive, 441883 added, 441883 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 1w0d
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 418 0.0 57 46 0.0 17.0 11.8
TCP-WWW 662 0.0 1 47 0.0 1.1 15.5
TCP-other 210 0.0 5 51 0.0 9.7 15.2
UDP-DNS 2656 0.0 2 65 0.0 3.7 15.5
UDP-NTP 267456 0.3 1 76 0.3 0.0 15.5
UDP-TFTP 1156 0.0 6 53 0.0 29.1 15.5
UDP-other 26712 0.0 4 151 0.1 6.5 15.2
ICMP 48626 0.0 8 113 0.5 36.7 8.1
IP-other 93968 0.1 13 64 1.9 58.4 1.9
Total: 441864 0.6 4 80 3.1 16.9 11.8
07-31-2008 12:09 AM
Please,
could you send me output of the commands:
show mls nde
show mls netflow table-contention summary
Which collector/analyzer do you using? Is your collector supporting netflow version 7?
Kind regards,
Jan Nejman
Caligare, Co.
08-03-2008 04:02 PM
Hi Jan
We're using NetQos is supports all versions up to 9. I don't have a problem with 1841 routers sending netflow to it just the 6513.
ccrtr01#sho mls nde
Netflow Data Export enabled
Exporting flows to 10.255.0.43 (9995) 10.16.8.188 (2055)
Exporting flows from 10.100.1.1 (49471)
Version: 5
Layer2 flow creation is disabled
Layer2 flow export is disabled
Include Filter not configured
Exclude Filter not configured
Total Netflow Data Export Packets are:
39649 packets, 0 no packets, 419406 records
Total Netflow Data Export Send Errors:
IPWRITE_NO_FIB = 0
IPWRITE_ADJ_FAILED = 0
IPWRITE_PROCESS = 0
IPWRITE_ENQUEUE_FAILED = 0
IPWRITE_IPC_FAILED = 0
IPWRITE_OUTPUT_FAILED = 0
IPWRITE_MTU_FAILED = 0
IPWRITE_ENCAPFIX_FAILED = 0
IPWRITE_CARD_FAILED = 0
Netflow Aggregation Disabled
ccrtr01#sho mls net
ccrtr01#sho mls netflow tab
ccrtr01#sho mls netflow table-contention summ
Earl in Module 7
Summary of Netflow CAM Utilization (as a percentage)
====================================================
TCAM Utilization : 0%
ICAM Utilization : 0%
Netflow Creation Failures : 0
Netflow CAM aliases : 0
Earl in Module 8
Summary of Netflow CAM Utilization (as a percentage)
====================================================
TCAM Utilization : 0%
ICAM Utilization : 0%
Netflow Creation Failures : 0
Netflow CAM aliases : 0
ccrtr01#
08-03-2008 05:21 PM
One potential explanation of this symptom can be the fact NetQoS RA only keeps the top-50 flows for each interface after 4 hrs (RA 7.x) or 24 hrs (RA 8.x). In RA 8.x, this can be vividly seen in the many gaps in the trend plots of flows, as they fall in or out of the top-50 bucket. In RA 7.x, the gaps were plotted as zero, so the graphs were smooth/gapless.
08-03-2008 05:35 PM
Hi,
I also have a demo of flukes netflow tracker which only supports version 5 and have the same problem.
08-03-2008 06:03 PM
Do you see the missing flows in the data (text) files on the Harvester(s) of NetQoS RA?
I find it bizarre that your config shows:
mls nde send version 7
Yet your "show mls nde" says "version 5".
I'm also curious: Any reason you want to use NetFlow v9?
Failing everything else, it may be worth trying setting both "ip flow-export version" and "mls nde send version" to 5 and see if that helps.
08-03-2008 06:14 PM
Ah sorry for all the confusion.. i had to drop back to version 5 because flukes only supported up to 5 whereas netqos does 9.
No real requirement for version 9 other than the collect supports it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: