asr1004 doesn't export netflow statistic from vrf interface. 122-33.XNF2
I have asr routers with flow export configured. Flow-collector with ip address 10.10.129.114 receives statistic from exporter 10.10.132.144. But in fact traffic from router to flow-collector goes not over interface in vrf but over global routing table.
So routers are sending statistic with vrf source, but not over vrf interface. Is it some known bag?
asr1#show run | in flow ip flow ingress ip flow ingress ip flow ingress ip flow ingress ip flow ingress ip flow ingress ip flow-export version 5 peer-as bgp-nexthop ip flow-export destination 10.10.129.114 5000 vrf Mgmt-intf
#show ip flow export Flow export v5 is enabled for main cache Export source and destination details : VRF ID : 4085 Source(1) 10.10.132.144 (GigabitEthernet0) Destination(1) 10.10.129.114 (5000) Version 5 flow records, peer-as bgp-nexthop 467558004 flows exported in 16544602 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures 0 export packets were dropped enqueuing for the RP 0 export packets were dropped due to IPC rate limiting 0 export packets were dropped due to Card not being able to export
#show interfaces gigabitEthernet 0 GigabitEthernet0 is up, line protocol is up Hardware is RP management port, address is 8843.e177.cd80 (bia 8843.e177.cd80) Description: "MANAGEMENT" Internet address is 10.10.132.144/27 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full Duplex, 100Mbps, link type is auto, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:14, output 00:00:00, output hang never Last clearing of "show interface" counters 1d17h Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 104345 packets input, 9015921 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 78113 packets output, 7906690 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out
Re: asr1004 doesn't export netflow statistic from vrf interface.
Giuseppe provided a link to the other thread, but this is not supported on the ASR1000.
12.2(33)XNF brought support for Netflow Export to a destination in a VRF for the ASR1000, but it is not supported on the Gig0 interface.
If you try to configure the source as Gig0 there was a check put in which informs you this is not supported:
Router(config)#ip flow-export source gig0 %Interface GigabitEthernet0 cannot be used as an exporter source!
Netflow collection and export happens directly on the ESP and does not require the RP to function. The ESP has no way to interact with the Gig0 interface directly since the management interface is part of the RP.
asr1004 doesn't export netflow statistic from vrf interface. 122
I just hit this problem on an ASR1002-X, google the error and hit your very useful explanation! Thanks George! Looks like I'll be configuring Gig0/0/5 as the management interface rather than Gig0 so we can netflow exports out of the router.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...