Netflow problem help ?

Answered Question
Aug 13th, 2010

Dear all,

I have a Catalyst 4507-E with supervisor V-10GE. In this switch I have anable netflow service to manage flow on network. The functionality is embedded in the supervisor engine. I use open source "Flow Tool" for flow capture, in this tool I configured capture flow every 5 minutes. And then when I open a terminal console into Catalyst 4507, I have received this errors every 5 minutes:

" *Aug 12 20:58:06.089: %C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost either due to hardware hash collisions or full hardware flow table. Stats lost for 24417 packets."

This is the output of show inventory command:

NAME: "Switch System", DESCR: "Cisco Systems, Inc. WS-C4507R-E 7 slot switch "
PID: WS-C4507R-E       , VID: V02  , SN: FOX1412GCTW

NAME: "Clock Module", DESCR: "Clock Module"
PID: WS-X4K-CLOCK-E    , VID: V01  , SN: JAE14180ERS

NAME: "Mux Buffer 1 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E        , VID: V01  , SN: JAE14170GVA

NAME: "Mux Buffer 2 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E        , VID: V01  , SN: JAE14170IHF

NAME: "Mux Buffer 5 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E        , VID: V01  , SN: JAE14170DGE

NAME: "Mux Buffer 6 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E        , VID: V01  , SN: JAE14170ASJ

NAME: "Mux Buffer 7 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E        , VID: V01  , SN: JAE14170AV6

NAME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45) with 24 10/100/1000 baseT ports"
PID: WS-X4424-GB-RJ45  , VID: V06  , SN: JAE1418012E

NAME: "Linecard(slot 3)", DESCR: "Supervisor V-10GE with 2 10GE X2 ports, and 4 1000BaseX SFP ports"
PID: WS-X4516-10GE     , VID: V11  , SN: JAE14070LGD

NAME: "Linecard(slot 4)", DESCR: "Supervisor V-10GE with 2 10GE X2 ports, and 4 1000BaseX SFP ports"
PID: WS-X4516-10GE     , VID: V11  , SN: JAE14070LIG

NAME: "Linecard(slot 7)", DESCR: "10/100/1000BaseT (RJ45) with 24 10/100/1000 baseT ports"
PID: WS-X4424-GB-RJ45  , VID: V06  , SN: JAE14180132

NAME: "Fan", DESCR: "FanTray"
PID: WS-X4597-E        , VID: V02  , SN: FOX1412G4D3

NAME: "Power Supply 1", DESCR: "Power Supply ( AC 1400W )"
PID: PWR-C45-1400AC    , VID: V04  , SN: AZS14060RRP

NAME: "Power Supply 2", DESCR: "Power Supply ( AC 1400W )"
PID: PWR-C45-1400AC    , VID: V04  , SN: AZS14060RKA

So what is the problem and what I can do to resolve it ?

Thanks so much,

Trung.

I have this problem too.
0 votes
Correct Answer by u1kumar2002 about 6 years 5 months ago

Hi,

   Agreed to above answer.. This is a informational message that cache is full, then somenetflow statistics will be lost.

Error Message    C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost due to full hw 
flow table.  [char] [dec] packets.

Explanation   This message indicates that if the cache is full, then some flow statistics will be lost. This message informs users about the total collected flow statistics. If the counter that tracks the lost statistics has overflowed, an accurate count of total lost flows is not available.

Recommended Action   This is an informational message only. No action is required.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12.1e/system/message/emsg.html#wp1404615

To overcome this issue you have to configure minimum flowmask,

The flow mask determines the granularity of the statistics gathered, which controls the size of the NetFlow table. The less-specific flow masks result in fewer entries in the NetFlow table and the most-specific flow masks result in the most NetFlow entries.

For example, if the flow mask is set to source-only, the NetFlow table contains only one entry per source IP address. The statistics for all flows from a given source are accumulated in the one entry. However, if the flow mask is configured as full, the NetFlow table contains one entry per full flow. Many entries may exist per source IP address, so the NetFlow table can become very large.

Setting the Minimum IP MLS Flow Mask

You can set the minimum specificity of the flow mask for the NetFlow table on the PFC. The actual flow mask may be more specific than the level configured in the mls flow ip command, if other configured features need a more specific flow mask (see the "Flow Mask Conflicts" section).

To set the minimum IP MLS flow mask, perform this task:

Command
Purpose

Router(config)# mls flow ip {source | destination | destination-source | interface-destination-source | full | interface-full}

Sets the minimum IP MLS flow mask for the protocol.

Router(config)# no mls flow ip

Reverts to the default IP MLS flow mask (null).


This example shows how to set the minimum IP MLS flow mask:

Router(config)# mls flow ip destination 
Hope this information will help you....
Uttam
'
Correct Answer by Giuseppe Larosa about 6 years 5 months ago

Hello Nguyen,

>> " *Aug 12 20:58:06.089: %C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost either due to hardware hash collisions or full hardware flow table. Stats lost for 24417 packets."

the messages means that for the limited size of netflow cache on the device it has been not possible to collect data about all observed traffic flows.

Post a sh mls  to see the flowmask

what is the flow mask that you are using ?

Depending on interaction with other features changing the flow mask could be a solution.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Giuseppe Larosa Fri, 08/13/2010 - 03:27

Hello Nguyen,

>> " *Aug 12 20:58:06.089: %C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost either due to hardware hash collisions or full hardware flow table. Stats lost for 24417 packets."

the messages means that for the limited size of netflow cache on the device it has been not possible to collect data about all observed traffic flows.

Post a sh mls  to see the flowmask

what is the flow mask that you are using ?

Depending on interaction with other features changing the flow mask could be a solution.

Hope to help

Giuseppe

Correct Answer
u1kumar2002 Fri, 08/13/2010 - 05:29

Hi,

   Agreed to above answer.. This is a informational message that cache is full, then somenetflow statistics will be lost.

Error Message    C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost due to full hw 
flow table.  [char] [dec] packets.

Explanation   This message indicates that if the cache is full, then some flow statistics will be lost. This message informs users about the total collected flow statistics. If the counter that tracks the lost statistics has overflowed, an accurate count of total lost flows is not available.

Recommended Action   This is an informational message only. No action is required.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12.1e/system/message/emsg.html#wp1404615

To overcome this issue you have to configure minimum flowmask,

The flow mask determines the granularity of the statistics gathered, which controls the size of the NetFlow table. The less-specific flow masks result in fewer entries in the NetFlow table and the most-specific flow masks result in the most NetFlow entries.

For example, if the flow mask is set to source-only, the NetFlow table contains only one entry per source IP address. The statistics for all flows from a given source are accumulated in the one entry. However, if the flow mask is configured as full, the NetFlow table contains one entry per full flow. Many entries may exist per source IP address, so the NetFlow table can become very large.

Setting the Minimum IP MLS Flow Mask

You can set the minimum specificity of the flow mask for the NetFlow table on the PFC. The actual flow mask may be more specific than the level configured in the mls flow ip command, if other configured features need a more specific flow mask (see the "Flow Mask Conflicts" section).

To set the minimum IP MLS flow mask, perform this task:

Command
Purpose

Router(config)# mls flow ip {source | destination | destination-source | interface-destination-source | full | interface-full}

Sets the minimum IP MLS flow mask for the protocol.

Router(config)# no mls flow ip

Reverts to the default IP MLS flow mask (null).


This example shows how to set the minimum IP MLS flow mask:

Router(config)# mls flow ip destination 
Hope this information will help you....
Uttam
'
trungfotech Sun, 08/15/2010 - 19:58

Dear Uttam & Giuseppe,

Thank you very much about support. I have understanded the problem. In my DC, the flow is very large, I have used 70% bandwidth of 10Gig uplink connect to Internet. I have used flow mask apply to source IP only for capture flow from server in DC to Internet.

Sorry for late reply, I don't have Internet Access at the weekend.

Thanks so much again

Trung.

Actions

This Discussion