04-08-2010 09:18 AM - edited 03-04-2019 08:04 AM
Hi all,
I am configuring Netflow on my GSR 12406 with PRP-1,for more detailed configuration please see below:
IOS (tm) GS Software (C12KPRP-P-M), Version 12.0(33)S1, RELEASE SOFTWARE (fc1)
ROM: System Bootstrap, Version 12.0(20020328:180436) [sumisra-rm1 3], DEVELOPMENT SOFTWARE
BOOTLDR: GS Software (C12KPRP-P-M), Version 12.0(33)S1, RELEASE SOFTWARE (fc1)
System image file is "disk0:c12kprp-p-mz.120-33.S1.bin"
cisco 12406/PRP (MPC7455) processor (revision 0x00) with 2097152K bytes of memory.
MPC7455 CPU at 665Mhz, Rev 2.1, 256KB L2, 2048KB L3 Cache
Last reset from mbus reset
2 Route Processor Cards
2 Clock Scheduler Cards
3 Switch Fabric Cards
2 Four Port Gigabit Ethernet/IEEE 802.3z controllers (8 GigabitEthernet).
2 Ethernet/IEEE 802.3 interface(s)
8 GigabitEthernet/IEEE 802.3 interface(s)
2043K bytes of non-volatile configuration memory.
62720K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102
WARNING: Old fab-loader in slot 4; use "upgrade fabric-downloader" to update
R-12406-2#show diags summ
SLOT 0 (RP/LC 0 ): Performance Route Processor
SLOT 3 (RP/LC 3 ): 4 Port ISE Gigabit Ethernet
SLOT 4 (RP/LC 4 ): 4 Port ISE Gigabit Ethernet
SLOT 5 (RP/LC 5 ): Performance Route Processor
SLOT 16 (CSC 0 ): Clock Scheduler Card(6) OC-192
SLOT 17 (CSC 1 ): Clock Scheduler Card(6) OC-192
SLOT 18 (SFC 0 ): Switch Fabric Card(6) OC-192
SLOT 19 (SFC 1 ): Switch Fabric Card(6) OC-192
SLOT 20 (SFC 2 ): Switch Fabric Card(6) OC-192
SLOT 24 (PS A1 ): Alarm Module(6)
SLOT 25 (PS A2 ): Alarm Module(6)
SLOT 28 (TOP FAN ): Standard Blower Module(6)
PEM 1 (POWER_A ): Standard AC PS [PWR-GSR6-AC=]
PEM 2 (POWER_B ): Standard AC PS [PWR-GSR6-AC=]
Here is my environment:
My configuration is:
interface GigabitEthernet3/1
ip address x.x.x.x y.y.y.y
no ip directed-broadcast
ip route-cache flow sampled input
ip policy route-map SDS-PBR
no negotiation auto
interface GigabitEthernet3/2
ip address x.x.x.x y.y.y.y
ip access-group DENY-ATTACK in
no ip directed-broadcast
ip route-cache flow sampled input
load-interval 60
no negotiation auto
interface GigabitEthernet3/3
no ip address
ip access-group DENY-ATTACK in
no ip redirects
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip route-cache flow sampled input
load-interval 30
no negotiation auto
no cdp enable
interface GigabitEthernet3/3.102
encapsulation dot1Q 100
ip address x.x.x.x y.y.y.y
ip access-group DENY-ATTACK in
no ip redirects
no ip directed-broadcast
no ip proxy-arp
ip bgp fast-external-fallover permit
bfd interval 50 min_rx 50 multiplier 20
interface GigabitEthernet4/0
no ip address
no ip directed-broadcast
ip route-cache flow sampled input
load-interval 60
negotiation auto
interface GigabitEthernet4/0.101
encapsulation dot1Q 101
ip address x.x.x.x y.y.y.y
no ip directed-broadcast
interface GigabitEthernet4/1
ip address x.x.x.x y.y.y.y
no ip directed-broadcast
ip route-cache flow sampled input
ip policy route-map SDS-PBR
load-interval 60
no negotiation auto
R-12406-2#sh route-map SDS-PBR
route-map SDS-PBR, permit, sequence 10
Match clauses:
ip address (access-lists): ACL
Set clauses:
ip next-hop x.x.x.x(G4/0.101)
Policy routing matches: 64093899126 packets, 36251499723829 bytes
R-12406-2#sh run | in flow
ip flow-cache timeout inactive 0
ip flow-cache timeout active 1
ip flow-sampling-mode packet-interval 128
ip flow-export source Loopback1
ip flow-export version 5 origin-as
ip flow-export destination x.x.x.x 9996
The following are my test results provide analysis and comparison:
Interface | Show interface | Collector Display | ||
Input | Output | Input | Output | |
G3/1 | 10Kbps | 86Mbps | 2Kbps | 82Mbps |
G3/2 | 54Mbps | 58Mbps | 50Mbps | 45Mbps |
G3/3.102 | 17Mbps | 11Mbps | 18Mbps | 178Mbps |
G4/0.101 | 83Mbps | 166Mbps | 79Mbps | 0Mbps |
G4/1 | 227Mbps | 80Mbps | 226Mbps | 79Mbps |
I suspect the problem is caused by PBR
You have encountered similar problems?And how can I resolve this issue?
Look forward to your help,THANK YOU VERY VERY MUCH!!!
消息编辑者为:Zhi Xu
04-16-2010 01:40 AM
Hello Zhi,
sorry for last reply
my first notes follow:
the command for enabling netflow should be given on a L3 interface, in the case of interface g3/3 and g4/0 the main interfaces have no ip address.
I would try to apply the command in the appropriate subinterface mode g3/3.102 and gi4/0.101
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide