About the Netflow with PBR,result in Inconsistent flow

Unanswered Question
Apr 8th, 2010

Hi all,
I am configuring Netflow on my GSR 12406 with PRP-1,for more detailed configuration please see below:


IOS (tm) GS Software (C12KPRP-P-M), Version 12.0(33)S1, RELEASE SOFTWARE (fc1)

ROM: System Bootstrap, Version 12.0(20020328:180436) [sumisra-rm1 3], DEVELOPMENT SOFTWARE

BOOTLDR: GS Software (C12KPRP-P-M), Version 12.0(33)S1, RELEASE SOFTWARE (fc1)

System image file is "disk0:c12kprp-p-mz.120-33.S1.bin"

cisco 12406/PRP (MPC7455) processor (revision 0x00) with 2097152K bytes of memory.
MPC7455 CPU at 665Mhz, Rev 2.1, 256KB L2, 2048KB L3 Cache
Last reset from mbus reset

2 Route Processor Cards
2 Clock Scheduler Cards
3 Switch Fabric Cards
2 Four Port Gigabit Ethernet/IEEE 802.3z controllers (8 GigabitEthernet).
2 Ethernet/IEEE 802.3 interface(s)
8 GigabitEthernet/IEEE 802.3 interface(s)
2043K bytes of non-volatile configuration memory.

62720K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102

WARNING: Old fab-loader in slot 4; use "upgrade fabric-downloader" to update


R-12406-2#show diags summ
SLOT 0  (RP/LC 0 ): Performance Route Processor
SLOT 3  (RP/LC 3 ): 4 Port ISE Gigabit Ethernet
SLOT 4  (RP/LC 4 ): 4 Port ISE Gigabit Ethernet
SLOT 5  (RP/LC 5 ): Performance Route Processor
SLOT 16 (CSC 0   ): Clock Scheduler Card(6) OC-192
SLOT 17 (CSC 1   ): Clock Scheduler Card(6) OC-192
SLOT 18 (SFC 0   ): Switch Fabric Card(6) OC-192
SLOT 19 (SFC 1   ): Switch Fabric Card(6) OC-192
SLOT 20 (SFC 2   ): Switch Fabric Card(6) OC-192
SLOT 24 (PS A1   ): Alarm Module(6)
SLOT 25 (PS A2   ): Alarm Module(6)
SLOT 28 (TOP FAN ): Standard Blower Module(6)
PEM  1  (POWER_A ): Standard AC PS [PWR-GSR6-AC=]
PEM  2  (POWER_B ): Standard AC PS [PWR-GSR6-AC=]


Here is my environment:

Problom.jpg

My configuration is:
interface GigabitEthernet3/1
ip address x.x.x.x y.y.y.y
no ip directed-broadcast
ip route-cache flow sampled input
ip policy route-map SDS-PBR
no negotiation auto


interface GigabitEthernet3/2
ip address x.x.x.x y.y.y.y

ip access-group DENY-ATTACK in
no ip directed-broadcast
ip route-cache flow sampled input
load-interval 60
no negotiation auto


interface GigabitEthernet3/3
no ip address
ip access-group DENY-ATTACK in
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip route-cache flow sampled input
load-interval 30
no negotiation auto
no cdp enable


interface GigabitEthernet3/3.102
encapsulation dot1Q 100
ip address x.x.x.x y.y.y.y
ip access-group DENY-ATTACK in
no ip redirects
no ip directed-broadcast
no ip proxy-arp
ip bgp fast-external-fallover permit
bfd interval 50 min_rx 50 multiplier 20


interface GigabitEthernet4/0
no ip address
no ip directed-broadcast
ip route-cache flow sampled input
load-interval 60
negotiation auto


interface GigabitEthernet4/0.101
encapsulation dot1Q 101
ip address x.x.x.x y.y.y.y
no ip directed-broadcast


interface GigabitEthernet4/1
ip address x.x.x.x y.y.y.y
no ip directed-broadcast
ip route-cache flow sampled input
ip policy route-map SDS-PBR
load-interval 60
no negotiation auto


R-12406-2#sh route-map SDS-PBR
route-map SDS-PBR, permit, sequence 10
  Match clauses:
    ip address (access-lists): ACL
  Set clauses:
    ip next-hop x.x.x.x(G4/0.101)

  Policy routing matches: 64093899126 packets, 36251499723829 bytes


R-12406-2#sh run | in flow
ip flow-cache timeout inactive 0
ip flow-cache timeout active 1
ip flow-sampling-mode packet-interval 128
ip flow-export source Loopback1
ip flow-export version 5 origin-as
ip flow-export destination x.x.x.x 9996


The following are my test results provide analysis and comparison:


InterfaceShow interfaceCollector Display
InputOutputInputOutput
G3/110Kbps86Mbps2Kbps82Mbps
G3/254Mbps58Mbps50Mbps45Mbps
G3/3.10217Mbps11Mbps18Mbps178Mbps
G4/0.10183Mbps166Mbps79Mbps0Mbps
G4/1227Mbps80Mbps226Mbps79Mbps

From the above data, you can see the interface G3/3.102, G4/0.101 flow,there is very large difference between the "Show interface" and "Collector Display".


I suspect the problem is caused by PBR

You have encountered similar problems?And how can I resolve this issue?

Look forward to your help,THANK YOU VERY VERY MUCH!!!


消息编辑者为:Zhi Xu

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 04/16/2010 - 01:40

Hello Zhi,

sorry for last reply

my first notes follow:


the command for enabling netflow should be given on a L3 interface, in the case of interface g3/3 and g4/0 the main interfaces have no ip address.


I would try to apply the command in the appropriate subinterface mode g3/3.102 and gi4/0.101


Hope to help

Giuseppe

Actions

This Discussion