cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1777
Views
0
Helpful
13
Replies

Netflow data export issue with Cisco ME 6524

craig.potter
Level 1
Level 1

Hi all,

I am attempting to collect netflow statistics from a Cisco ME 6524 switch with MPLS configured on it. The scenario is a MPLS core of 3 devices (all 6524's) and off one of the PE's is a customer link by VRF. I wish to collect netflow info from that customer link and export it to a Solarwinds collector. Attached is the relevant parts of the 6524 config I am using plus output of some show commands. What is happening is that the NDE is only sending records of the software netflow table which is just the OSPF flows and my telnet session flows. When you look at the output of "show ip cache flow", the hardware table has all the entries I want to export - but they aren't being exported. Have i missed something critical? I have run wireshark on the collector and can see the NDE packets arrive but only with 1-2 flow records for OSPF and Telnet as above. Any help greatly appreciated in advance.

Cisco ME 6524 L3 switch running version 12.2(33)SXH with PFC3C and MSFC2A

13 Replies 13

Lucien Avramov
Level 10
Level 10

Can you add ip route-cache flow on int g1/31 ?

Also can you add : mls nde interface ?

The Cisco ME 6524 netflow commands are the same as those for the 7600 :

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/nde.html#wp1080827

Do you have ingress bridged ip traffic in vlans ?

After enabling those 2 commands, please send along :

show ip flow export

show mls nde

craig.potter
Level 1
Level 1

As per my post attachment and config, both of those commands are already done. Here is the output of your requested 'show' commands.

PE1#sh ip flow export

Flow export v5 is enabled for main cache

Export source and destination details :

VRF ID : 6

Source(1) 10.24.131.1 (GigabitEthernet1/31)

Destination(1) 10.24.12.34 (2055)

Version 5 flow records

302 flows exported in 210 udp datagrams

0 flows failed due to lack of export packet

0 export packets were sent up to process level

0 export packets were dropped due to no fib

0 export packets were dropped due to adjacency issues

0 export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

0 export packets were dropped enqueuing for the RP

0 export packets were dropped due to IPC rate limiting

0 export packets were dropped due to Card not being able to export

PE1#sh mls nde

Netflow Data Export enabled

Exporting flows to 10.24.12.34 (2055)

Exporting flows from 10.24.131.1 (62186)

Version: 5

Layer2 flow creation is disabled

Layer2 flow export is disabled

Include Filter not configured

Exclude Filter not configured

Total Netflow Data Export Packets are:

4558 packets, 0 no packets, 92127 records

Total Netflow Data Export Send Errors:

IPWRITE_NO_FIB = 0

IPWRITE_ADJ_FAILED = 0

IPWRITE_PROCESS = 0

IPWRITE_ENQUEUE_FAILED = 0

IPWRITE_IPC_FAILED = 0

IPWRITE_OUTPUT_FAILED = 0

IPWRITE_MTU_FAILED = 0

IPWRITE_ENCAPFIX_FAILED = 0

IPWRITE_CARD_FAILED = 0

Netflow Aggregation Disabled

Your previous post did not have show ip flow export.

Did you enter the 2 commands I asked you ?

My original attachment definitely shows the output you requested but I have done this again for you. The two commands you ask to be input were already in the config so adding them again is superflous. I have removed them and added them again for the sake of it though. Thanks for looking at this.

PS:

There is no Vlans being bridged. What is there is an MPLS network on the provider interfaces G1/2 and G1/5, then a customer routed link on G1/31. This means traffic comes in on the customer interface as IP and is then incorporated into a specific VRF and then transmitted via MPLS out of the provider interfaces. I just need to capture the netflow IP data from the customer link and VRF.

Sorry. Also, the command "ip route-cache flow" is superceded in this version and appears in the config as "ip flow ingress".

Let's try netflow sampling to see if it makes any difference :

Router# configure terminal

Router(config)# mls sampling packet-based 64

Router(config)# interface g x/y

Router(config-if)# mls netflow sampling

Router(config)# end

Router#

Done! How does sampling help me though? I already have the data I want in the PFC but it won't export.

Displaying hardware-switched flow entries in the PFC (Standby) Module 1:

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Gi1/31 172.24.4.42 Gi1/2 10.20.16.86 06 0A67 0B97 1918

-- 0.0.0.0 --- 0.0.0.0 00 0000 0000 38K

Gi1/31 172.24.4.22 Gi1/2 10.21.12.65 06 04E0 27BB 292

Gi1/31 172.24.12.16 Gi1/5 172.18.51.173 06 1F90 08A0 7

Gi1/31 10.24.12.36 Gi1/2 172.18.162.180 06 1BE8 C756 189

Gi1/31 172.24.4.22 Gi1/2 192.168.129.65 06 8E14 0401 184

Gi1/31 10.24.4.74 Gi1/5 10.8.51.4 11 6922 441A 517

Gi1/31 10.161.20.172 Gi1/5 172.18.52.167 06 170D 07CB 727

Gi1/31 10.24.4.74 Gi1/5 10.8.54.59 11 691C 7BF8 517

Gi1/31 10.24.12.50 Gi1/2 10.21.12.51 06 FDBD 0185 12

Gi1/31 10.24.4.74 Gi1/2 10.18.99.7 06 07D0 C45A 1

Gi1/31 10.24.131.21 Gi1/5 172.18.53.218 11 0202 0202 62

Gi1/31 10.24.12.36 Gi1/2 172.18.146.180 06 0CEA 1BE8 1

Gi1/31 10.24.12.36 Gi1/2 172.18.114.180 06 1BE8 D1DE 82

Gi1/31 10.24.12.30 Gi1/5 172.18.52.166 06 01BD 0757 7571

Gi1/31 172.24.12.16 Gi1/2 172.18.162.66 06 1F90 0A29 81

Gi1/31 10.24.12.30 Gi1/2 172.18.146.75 06 01BD 062F

I'm asking you to try those, as I am looking to see if we may be hitting a bug.

Can you see if you can type the hidden command :

mls nde export direct

Also can you try exporting in version 7 instead of 5 ?

what output do you get from : sh mls net table det

Entered the "hidden" command but it does not appear in the config. results of you requested command -

PE1.STLD#sh mls net table det

Earl in Module 1

Detailed Netflow CAM (TCAM and ICAM) Utilization

================================================

TCAM Utilization : 0%

ICAM Utilization : 0%

Netflow TCAM count : 171

Netflow ICAM count : 0

Netflow Creation Failures : 0

Netflow CAM aliases : 0

I will attempt the version 7 change now but have already tried version 9 with no success.

I can change the version with the command "mls nde sender version 7" but am unable to set "ip flow-export version 7" as I am restricted to versions 1, 5 or 9 only.

PS: I am still not receiving the full flow data on my collector.

Your mpls mtu is 1512, when you take a packet capture can you check the packet mtu ? Isnt't the packet mtu 1608 bytes ?

The only other thing I can suspect is that there has been a leak somewhere of packets. NetFlow needs

packets to export. Therefore, the lack of export of packets is a

symptom of the packet leak.

NetFlow could be a cause as well as a symptom or something else could be the cause.

If the mtu doesnt help, gather the show buffers leak and please open a TAC case to troubleshoot this further

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco