Can I enable Netflow on WS-SUP720-BASE?

Unanswered Question
May 24th, 2010

I need to collect Netflow data on some core switches (WS-C6513 and WS-C6509-E) with a WS-SUP720-BASE supervisor module, however I'm not able to find out any Cisco documentation informing whether or not Netflow feature can is available on this supervisor module.

Can I enable Netflow on WS-SUP720-BASE?

Thanks in advance,

Daniela Goulart

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
danigoulart Mon, 05/24/2010 - 12:35

My concern is related to the supervisor module hardware because I was not able to find out the WS-SUP720-BASE datasheet. So I'm not sure whether or not this one includes the Netflow feature included.

The IOS version running on our core switches is 12.2(18)SXF16, howerver if an upgrade is required, we will be able to perform that.

Ganesh Hariharan Tue, 05/25/2010 - 00:14

My concern is related to the supervisor module hardware because I was not able to find out the WS-SUP720-BASE datasheet. So I'm not sure whether or not this one includes the Netflow feature included.

The IOS version running on our core switches is 12.2(18)SXF16, howerver if an upgrade is required, we will be able to perform that.

Netflow configurations are also supported on Route Switch Processor           720, Supervisor Engine 720. There is no difference between Supervisor Engine           720 and Route Switch Processor 720 as far as NetFlow is concerned. So the same           configuration applies for both for Supervisor Engine 720 and Route Switch           Processor 720

Check out the below link for configuring netflow in 6500 series switches

https://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml#prereq

Hope to help !!

Ganesh.H

Remember to rate the helpful post

Giuseppe Larosa Tue, 05/25/2010 - 01:48

Hello Daniela,

as noted by Ganesh netflow is supported in all sup720 versions.

first difference is about the possibility to monitor bridged traffic

In PFC3A mode, NetFlow collects statistics only  for routed traffic. With a PFC3B or PFC3BXL, you can configure NetFlow  to collect statistics for both routed and bridged traffic. Netflow for  bridged traffic requires Release 12.2(18)SXE or later.

you should have a PFC3B.

However, there are some differences that regards the size of the netflow cache.

with sup720 base you have a smaller table then with sup720 3BXL

see table 50-3 in

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html

this may be a problem if observed traffic contains a lot of different flows (different source and destination)

use of table is also influenced by the IP MLS flow mask a more detailed mask means more entries used in the table

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html#wp1148314

Hope to help

Giuseppe

danigoulart Tue, 05/25/2010 - 05:24

Thank you for all help and support.

I'm a little bit confused on waht exactly means routed traffic and bridged traffic.

Would you mind to help me to understand what exactly this kind of traffic means?

Don Jacob Tue, 05/25/2010 - 06:12

Hi Daniela,

We suggest the following configuration for customers using NetFlow Analyzer (manageengine). Maybe this should help your setup too:

Go to config mode and execute the following commands from the config mode:

mls netflow  // This enables NetFlow on the Supervisor.
mls nde sender version 7

mls aging long 64  // This breaks up long-lived flows into (roughly) one-minute segments.
mls aging normal 32  // This ensures that flows that have finished are exported in a timely manner.

Since you have Supervisor Engine 720, you need to execute the below two commands to put the interface information in the netflow packets.

mls flow ip interface-full
mls nde interface

The next two commands will help to enable NetFlow data export for bridged traffic which is optional. You can specify the list of VLANs here to enable bridged traffic.

ip flow ingress layer2-switched vlan
ip flow export layer2-switched vlan

You can also find more information about these commands in the following Cisco link:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/nde.html#wp1047637
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml

Apart from this, please configure the routing module (MSFC) to enable netflow data export using the below commands.

ip route-cache flow  // This command has to be executed on all the L3/VLAN interfaces.
ip flow-export destination {hostname|ip_address} 9996    // The hostname or IP address of the server where NetFlow Analyzer is installed
ip flow-export source {interface}     // The interface through which NetFlow packets are exported. eg: FastEthernet 0/0
ip flow-export version 5
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
snmp-server ifindex persist

Note: Switch ports connected to a etherchannel or a trunk cannot be configured to export netflow data.

Hope this helps.

Regards,

Jacob

danigoulart Tue, 05/25/2010 - 07:29

Thanks again for all attention and support.

As far as I can understand my supervisor is PFC3A mode”, which does not allow the bridged traffic capture.

So I'd like to understand better what exactly that means?

What exactly I'd be able to capture using my supervisor PFC3A mode” with only routed traffic?

Regards,

Daniela Goulart

Giuseppe Larosa Tue, 05/25/2010 - 08:05

Hello Daniela,

sh module can tell you what type of PFC you have I took one from one of our C6500 in a campus

sh module

Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  1   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       SAL10414U9U

  2   48  SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-45AF   SAL10425G99

  3   48  SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-45AF   SAL1211JJ4Y

  4    8  CEF720 8 port 10GE with DFC            WS-X6708-10GE      SAL1222S32A

  >>>5    2  Supervisor Engine 720 (Active)         WS-SUP720-3B       SAL10381QC0

Mod MAC addresses                       Hw    Fw           Sw           Status

--- ---------------------------------- ------ ------------ ------------ -------

  1  0019.2f56.f14c to 0019.2f56.f163   2.5   12.2(14r)S5  12.2(33)SXH2 Ok

  2  0019.5635.21b0 to 0019.5635.21df  12.1   7.2(1)       8.7(0.22)BUB Ok

  3  001f.6ca0.eea0 to 001f.6ca0.eecf  12.3   7.2(1)       8.7(0.22)BUB Ok

  4  001e.f7f7.c428 to 001e.f7f7.c42f   1.4   12.2(18r)S1  12.2(33)SXH2 Ok

  5  0014.a982.4c0c to 0014.a982.4c0f   5.2   8.4(2)       12.2(33)SXH2 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status

---- --------------------------- ------------------ ----------- ------- -------

  1  Distributed Forwarding Card WS-F6700-DFC3B     SAL1034Z9J9  4.4    Ok

  2  IEEE Voice Daughter Card    WS-F6K-48-AF       SAL1043654N  2.2    Ok

  3  IEEE Voice Daughter Card    WS-F6K-48-AF       SAD111504LD  2.3    Ok

  4  Distributed Forwarding Card WS-F6700-DFC3C     SAL1222SCMD  1.0    Ok

>>>>  5  Policy Feature Card 3       WS-F6K-PFC3B       SAL10371CLL  2.3    Ok

  5  MSFC3 Daughterboard         WS-SUP720          SAL10371E8H  2.5    Ok

you should have a PFC3B as PFC3A should be in sup32

bridged traffic means traffic that is within a vlan and that is only processed at Layer 2

routed traffic means traffic between different Vlans/IP subnets (like in a router just to say) for which your 6500 is performing L3 switching.

Hope to help

Giuseppe

danigoulart Mon, 05/31/2010 - 06:10

So does it mean I will not be able to collect L2 traffic on a trunk interface because my supervisor is not able to collect bridged traffic?

Giuseppe Larosa Mon, 05/31/2010 - 12:33

Hello Danielle,

you should be able as you should have a PFC3B in your chassis, post the sh module of your device to provide confirmation

see the following datasheet comparing different types of sup 720

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html

even sup32 has PFC3B installed see

http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps5972/product_data_sheet0900aecd801c5cab_ps708_Products_Data_Sheet.html

Be aware that you may need specific configuration to support netflow accounting of bridged traffic

see

Enabling NetFlow for Ingress-Bridged IP Traffic

In PFC3B or PFC3BXL mode with Release 12.2(18)SXE and later releases,  NetFlow supports ingress-bridged IP traffic. PFC3A mode does not support  NetFlow for bridged IP traffic.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html#wp1105127

Hope to help

Giuseppe

Don Jacob Tue, 06/01/2010 - 13:31

I guess what Danielle means is, if it is possible to monitor the trunk interfaces directly for L2 traffic. My understanding is that this is not possible as NetFlow data is exported only from L3 interfaces and only Cisco 6500 running Hybrid OS can export NetFlow from switch ports.

As mentioned by Giuseppe, the option is to see the bridged traffic (L2 traffic) within a VLAN using the corresponding bridged traffic command.

Regards,

Jacob

Actions

This Discussion