Netflow data export issue with Cisco ME 6524

Unanswered Question
Jul 5th, 2009

Hi all,

I am attempting to collect netflow statistics from a Cisco ME 6524 switch with MPLS configured on it. The scenario is a MPLS core of 3 devices (all 6524's) and off one of the PE's is a customer link by VRF. I wish to collect netflow info from that customer link and export it to a Solarwinds collector. Attached is the relevant parts of the 6524 config I am using plus output of some show commands. What is happening is that the NDE is only sending records of the software netflow table which is just the OSPF flows and my telnet session flows. When you look at the output of "show ip cache flow", the hardware table has all the entries I want to export - but they aren't being exported. Have i missed something critical? I have run wireshark on the collector and can see the NDE packets arrive but only with 1-2 flow records for OSPF and Telnet as above. Any help greatly appreciated in advance.

Cisco ME 6524 L3 switch running version 12.2(33)SXH with PFC3C and MSFC2A

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Lucien Avramov Sun, 07/05/2009 - 21:20

Can you add ip route-cache flow on int g1/31 ?

Also can you add : mls nde interface ?

The Cisco ME 6524 netflow commands are the same as those for the 7600 :

Do you have ingress bridged ip traffic in vlans ?

After enabling those 2 commands, please send along :

show ip flow export

show mls nde

craig.potter Sun, 07/05/2009 - 21:45

As per my post attachment and config, both of those commands are already done. Here is the output of your requested 'show' commands.

PE1#sh ip flow export

Flow export v5 is enabled for main cache

Export source and destination details :

VRF ID : 6

Source(1) (GigabitEthernet1/31)

Destination(1) (2055)

Version 5 flow records

302 flows exported in 210 udp datagrams

0 flows failed due to lack of export packet

0 export packets were sent up to process level

0 export packets were dropped due to no fib

0 export packets were dropped due to adjacency issues

0 export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

0 export packets were dropped enqueuing for the RP

0 export packets were dropped due to IPC rate limiting

0 export packets were dropped due to Card not being able to export

PE1#sh mls nde

Netflow Data Export enabled

Exporting flows to (2055)

Exporting flows from (62186)

Version: 5

Layer2 flow creation is disabled

Layer2 flow export is disabled

Include Filter not configured

Exclude Filter not configured

Total Netflow Data Export Packets are:

4558 packets, 0 no packets, 92127 records

Total Netflow Data Export Send Errors:










Netflow Aggregation Disabled

Lucien Avramov Sun, 07/05/2009 - 21:51

Your previous post did not have show ip flow export.

Did you enter the 2 commands I asked you ?

craig.potter Sun, 07/05/2009 - 21:55

My original attachment definitely shows the output you requested but I have done this again for you. The two commands you ask to be input were already in the config so adding them again is superflous. I have removed them and added them again for the sake of it though. Thanks for looking at this.

craig.potter Sun, 07/05/2009 - 21:51


There is no Vlans being bridged. What is there is an MPLS network on the provider interfaces G1/2 and G1/5, then a customer routed link on G1/31. This means traffic comes in on the customer interface as IP and is then incorporated into a specific VRF and then transmitted via MPLS out of the provider interfaces. I just need to capture the netflow IP data from the customer link and VRF.

craig.potter Sun, 07/05/2009 - 21:57

Sorry. Also, the command "ip route-cache flow" is superceded in this version and appears in the config as "ip flow ingress".

Lucien Avramov Sun, 07/05/2009 - 22:00

Let's try netflow sampling to see if it makes any difference :

Router# configure terminal

Router(config)# mls sampling packet-based 64

Router(config)# interface g x/y

Router(config-if)# mls netflow sampling

Router(config)# end


craig.potter Sun, 07/05/2009 - 22:10

Done! How does sampling help me though? I already have the data I want in the PFC but it won't export.

Displaying hardware-switched flow entries in the PFC (Standby) Module 1:

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Gi1/31 Gi1/2 06 0A67 0B97 1918

-- --- 00 0000 0000 38K

Gi1/31 Gi1/2 06 04E0 27BB 292

Gi1/31 Gi1/5 06 1F90 08A0 7

Gi1/31 Gi1/2 06 1BE8 C756 189

Gi1/31 Gi1/2 06 8E14 0401 184

Gi1/31 Gi1/5 11 6922 441A 517

Gi1/31 Gi1/5 06 170D 07CB 727

Gi1/31 Gi1/5 11 691C 7BF8 517

Gi1/31 Gi1/2 06 FDBD 0185 12

Gi1/31 Gi1/2 06 07D0 C45A 1

Gi1/31 Gi1/5 11 0202 0202 62

Gi1/31 Gi1/2 06 0CEA 1BE8 1

Gi1/31 Gi1/2 06 1BE8 D1DE 82

Gi1/31 Gi1/5 06 01BD 0757 7571

Gi1/31 Gi1/2 06 1F90 0A29 81

Gi1/31 Gi1/2 06 01BD 062F

Lucien Avramov Sun, 07/05/2009 - 22:36

I'm asking you to try those, as I am looking to see if we may be hitting a bug.

Can you see if you can type the hidden command :

mls nde export direct

Lucien Avramov Sun, 07/05/2009 - 22:38

Also can you try exporting in version 7 instead of 5 ?

what output do you get from : sh mls net table det

craig.potter Sun, 07/05/2009 - 22:53

Entered the "hidden" command but it does not appear in the config. results of you requested command -

PE1.STLD#sh mls net table det

Earl in Module 1

Detailed Netflow CAM (TCAM and ICAM) Utilization


TCAM Utilization : 0%

ICAM Utilization : 0%

Netflow TCAM count : 171

Netflow ICAM count : 0

Netflow Creation Failures : 0

Netflow CAM aliases : 0

I will attempt the version 7 change now but have already tried version 9 with no success.

I can change the version with the command "mls nde sender version 7" but am unable to set "ip flow-export version 7" as I am restricted to versions 1, 5 or 9 only.

PS: I am still not receiving the full flow data on my collector.

Lucien Avramov Mon, 07/06/2009 - 08:45

Your mpls mtu is 1512, when you take a packet capture can you check the packet mtu ? Isnt't the packet mtu 1608 bytes ?

Lucien Avramov Mon, 07/06/2009 - 09:04

The only other thing I can suspect is that there has been a leak somewhere of packets. NetFlow needs

packets to export. Therefore, the lack of export of packets is a

symptom of the packet leak.

NetFlow could be a cause as well as a symptom or something else could be the cause.

If the mtu doesnt help, gather the show buffers leak and please open a TAC case to troubleshoot this further


This Discussion