why the flow of netflow collect not equal the flow of snmp polling

Unanswered Question
Nov 10th, 2009
User Badges:

by use the cisco 7606.【Version 12.2(33)SRB5,Supervisor Engine 32 10GE】,when uset netflow collect the flow of app,and use snmp get the port traffic.but now,the flow of netflow not equal the traffic of snmp polling.why.

under is the router's config:

--------------------------------

mls ip slb purge global

mls ip multicast flow-stat-timer 9

mls flow ip interface-full

mls nde sender version 5

no mls acl tcam share-global

mls cef error action reset

interface FastEthernet1/0/0

ip address x.x.x.x 255.255.255.252

ip flow ingress

speed 100

full-duplex

mls netflow sampling

!

interface FastEthernet1/0/1

ip address x.x.x.x 255.255.255.252

ip accounting output-packets

ip flow ingress

no ip mroute-cache

speed 100

full-duplex

mls netflow sampling

!

interface ATM1/1/0

no ip address

ip flow ingress

atm sonet stm-1

no atm enable-ilmi-trap

no atm ilmi-keepalive

!

interface ATM1/1/0.1 point-to-point

bandwidth 24000

ip address x.x.x.x 255.255.255.252

ip accounting output-packets

ip flow ingress

no atm enable-ilmi-trap

mls netflow sampling

!

ip flow-export source Loopback0

ip flow-export version 5

ip flow-export destination x.x.x.x 9996

ip flow-export destination x.x.x.x 9996

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 11/10/2009 - 23:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Qing,


>> mls netflow sampling


this means that not all packets are processed by netflow but only one every N packets.

This has been introduced first on Cisco 12000.

It is a measure of scalability on devices that are hardware based the netflow process cannot be implemented in HW so for providing netflow stats without impacting on the high performance of linecards sampling has been introduced.


The price to pay is that short life flows like a DNS request are missed but it is used also on service provider networks.


Hope to help

Giuseppe


QFX527518 Wed, 11/11/2009 - 00:37
User Badges:

thx.when i delete mls netflow samping.question is still.

help!

Giuseppe Larosa Wed, 11/11/2009 - 03:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Qing,

I'm afraid I was not able to explain the question.


netflow sampling can be a need in your platform.


if one every 100 packets is sampled processed by netflow you should see a flow of 100 MB as a flow of 1 MB


Hope to help

Giuseppe


QFX527518 Sun, 12/06/2009 - 21:53
User Badges:

thx。now the problem have been resolved.

under the global config add command :

mls aging long 64
mls aging normal 32

Giuseppe Larosa Mon, 12/07/2009 - 00:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Qing,

interesting feedback: so after disabling sampled netflow and adding these two commands you see netflow stats that match snmp stats?



according to netflow command reference disabling sampled netflow is needed for the two commands to have effect


see


http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_02.html#wp1012247



Hope to help

Giuseppe

Actions

This Discussion