On a sup720 with vlan interfaces, is it possible to monitor with netflow properly?
Right now I am but it doesn't seem that I am getting the full flow of traffic through the vlan interface. Now, I know there is layer2 and layer3 operations and netflow only sees the layer3 operation. My regular interface traffic monitoring on one of the interfaces shows upwards of 500mb of traffic (both directions) but the netflow only shows about 700kb.
That's a pretty hefty difference for it to be all layer2...
Still, there is this command that I have applied that I thought might handle most of the layer2 as well:
ip flow ingress layer2-switched vlan (vlans)
but alas I am still not seeing what I desire. I do hate the " mls netflow sampling" command applied to each vlan interface. We have no physical layer3 interfaces on these switches.
It's taken a while for me to get this straightened out but I finally have it.
The recommendations above are correct but not complete.
So for full netflow information to be exported the following configuration will do it - the caveat is that the NDE process hits the CPU on the router pretty hard:
ip flow ingress layer2-switched vlan
mls aging long 64
mls aging normal 32
mls flow ip interface-full
mls nde sender
ip flow-export source Loopback0 <-(Can be any interface - specifying an interface seems to make it more reliable)
ip flow-export destination
Sample interface config:
ip address IP/Mask
ip flow ingress <--(Needed to Capture inbound statistics)
ip route-cache flow
Now the problem I have is that the Export process hits my CPU pretty hard; I'm concerned about it so I turned sampling back on which pretty much makes netflow suck.
Any other input is appreciated. It seems that with sampling off taking full netflows I get a CPU utilization of about 20-30% (total) where as with sampling the NDE doesn't really hurt the CPU and I have normal utilization of about 10% (even an untilizied sup720 runs at about 10%).
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...