Netflow > Cisco 7604 > Not picking up hardly any traffic

Unanswered Question
Dec 18th, 2009

Hi,

I am trying to get Netflow working on a Cisco 7604 which has multiple onward metro-ethernet connections out to the remote locations.

I use netflow a lot and use Netflow Tracker by Crannog to display the traffic flow.  Config is as per below and I've also attached a show ip cache flow but

I'm picking up little /no traffic and as you can see by the show int gig 3/9, there is traffic going across the line.

What am I missing?

Regards

Mary

The Cisco 7604 IOS and software is as per below:-

ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE (fc1)
BOOTLDR: s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXE1, RELEASE SOFTWARE (fc2)

ITC_7604 uptime is 2 years, 48 weeks, 6 days, 7 hours, 13 minutes
Time since BOI_EBN_CORE_ITC_7604 switched to active is 2 years, 48 weeks, 6 days, 7 hours, 29 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19 (SP by power-on)
System restarted at 06:46:35 GMT Thu Jan 11 2007
System image file is "sup-bootflash:s72033-ipservicesk9-mz.122-18.SXE1.bin"

Config on 7604:-

On int gig 3/9
ip route-cache flow


ip flow-cache timeout active 1
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 10.82.124.100 2052    

!

BOI_EBN_CORE_ITC_7604#sh ip flow export
Flow export v5 is enabled for main cache
  Exporting flows to 10.82.124.100 (2052)
  Exporting using source interface Loopback0
  Version 5 flow records
  188 flows exported in 164 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
  0 export packets were dropped enqueuing for the RP
  0 export packets were dropped due to IPC rate limiting
ITC_7604#

ITC_7604#sh ip cache flow

-------------------------------------------------------------------------------
MSFC:
IP packet size distribution (2138 total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
   .000 .807 .111 .007 .014 .000 .000 .000 .000 .002 .001 .001 .002 .001 .004

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .000 .001 .037 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes
  0 active, 65536 inactive, 177 added
  3302 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 270664 bytes
  0 active, 16384 inactive, 354 added, 177 added to flow
  0 alloc failures, 0 force free
  1 chunk, 1 chunk added
  last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-Telnet          23      0.0        86    73      0.0      26.0      10.0
UDP-NTP            154      0.0         1    76      0.0       0.0      15.5
Total:             177      0.0        12    74      0.0       3.3      14.8

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts

-------------------------------------------------------------------------------
PFC:

Displaying Hardware entries in Module 1
SrcIf            SrcIPaddress          DstIPaddress      Pr       SrcP      DstP      Pkts
--               0.0.0.0               0.0.0.0           0        0         0         3697053    

ITC_7604#

ITC_7604#sh int gig 3/9
GigabitEthernet3/9 is up, line protocol is up (connected)
  Hardware is C6k 1000Mb 802.3, address is 0013.5f21.5e00 (bia 0013.5f21.5e00)
  Description: *** Link to Dublin***
  Internet address is 10.72.128.201/30
  MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,
     reliability 255/255, txload 144/255, rxload 43/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s
  input flow-control is off, output flow-control is off
  Clock mode is auto
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 5w1d
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 37234
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 16961000 bits/sec, 6084 packets/sec
  5 minute output rate 56619000 bits/sec, 7020 packets/sec
  L2 Switched: ucast: 358461 pkt, 24339230 bytes - mcast: 739068 pkt, 265869052 bytes
  L3 in Switched: ucast: 10028703219 pkt, 5616981093375 bytes - mcast: 0 pkt, 0 bytes mcast
  L3 out Switched: ucast: 10996815464 pkt, 10024333988866 bytes mcast: 0 pkt, 0 bytes
     10030248594 packets input, 5617304246327 bytes, 0 no buffer
     Received 739080 broadcasts (0 IP multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     10998446905 packets output, 10024643777571 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yjdabear Fri, 12/18/2009 - 08:37

So is Crannog Netflow Tracker reporting flows for other interfaces of the router? Is there "little" (which implies there's some, to me) or "no" flow for g3/9?

In the unlikely case the command "show ip flow interface" is available, it's the easiest way to determine whether there're flows out of g3/9.

Does the 7604 have any NDE config for the PFC? E.g.:

mls aging fast threshold ##
mls aging long ##
mls aging normal ##
mls flow ip interface-full
no mls flow ipv6
mls nde sender version 5

maryodriscoll Fri, 12/18/2009 - 08:52

I managed to get it working in the end after finding something on a usenet site:-

ip flow-cache timeout active 1
mls flow ip interface-full
ip flow-export version 5 origin-as
ip flow-export destination 10.82.124.100
mls rp ip
mls aging long 64
mls aging normal 32
mls flow ip interface-full
mls nde sender version 5
no mls acl tcam share-global

We also have QOS configured on this box - assume there is no issue running QOS with Netflow on a Cisco 7604?

Actions

This Discussion