IP FLOW EGRESS - Cisco 6506's??

Unanswered Question
Sep 29th, 2008
User Badges:

Hi Guru's!


We have a Cisco 6506 and we have IP NetFlow configured on the LAN/WAN interfaces (both are gigbitethernet ports). We have "ip flow ingress" on the LAN interface which is sending the stats back to our server.


However if we configure "ip flow egress" on the WAN port, it stops sending the stats back to our server completely. Is there a hardware issue on the 6506's related to NetFlow? Or a bug? I've done a bug search on the platform and there is nothing obvious related to what we are seeing.


We know it's not our configuration because we have a duplicate configuraion on a Cisco 6524 and that one has no issues and is sending the stats to our server with no issues.


This is the IOS we are using:

bootdisk:s72033-advipservicesk9_wan-mz.122-33.SXH.bin


The version we're using is:

ip flow-export version 5

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aa_mohammed Sat, 10/04/2008 - 02:42
User Badges:

This is resolved.


More importantly Cisco said (TAC) that the egress command is redundant.


Thanks for your mail. Yes, removing 'ip flow egress' should not make any

difference for hardware switched flows. There is a difference in NetFlow

configuration since 12.2(33)SXH IOS and later - now 'ip flow ingress' is

required (and enabled by default when you configure NetFlow globally) as

we can now do interface specific NetFlow. In the past there was no way

to collect PFC switched flows for a subset of interfaces.


Is my understanding correct that all flows are now exported as expected,

but missing the TOS field?


If you check 'sh mls netflow ip detail nowrap', do you see any non-zero

values logged under the QoS field?



Another email:


Unfortunately, egress NetFlow is not supported in hardware on any PFC3*

system - only software switched flows will be collected by this

configuration. Equally, 'ip flow ingress' only applies for software

switched flows. By default, all hardware switched flows will be

collected on the PFC - you can verify this with 'sh mls netflow ip'.


Actions

This Discussion