Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

asr1000 flow-export to vrf Mgmt-intf

Hi All,

Got a question about flow-export to to vrf Mgmt-intf.

asr1000 version:  02.06.02.122-33.XNF2

ip flow ingress on both inbound and outbound gig interface.

additional commands:

ip flow-cache timeout active 1

ip flow-export version 9
ip flow-export destination 10.0.0.1 9801 vrf Mgmt-intf

However, I don't see any netflow data and here is show ip flow export output

ASR1000#show ip flow export
Flow export v9 is enabled for main cache
  Export source and destination details :
  VRF ID : 4085
    Source(1)       10.0.0.254 (GigabitEthernet0)
    Destination(1)  10.0.0.1 (9801)
  Version 9 flow records
  0 flows exported in 0 udp datagrams
  206 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
  0 export packets were dropped enqueuing for the RP
  0 export packets were dropped due to IPC rate limiting
  0 export packets were dropped due to Card not being able to export   

Wondering why flow is failed....

But it works without go to vrf:

ip flow-export destination 10.0.0.1 9801

ASR1000#show ip flow export
Flow export v9 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Destination(1)  10.0.0.1 (9801)
  Version 9 flow records
  21 flows exported in 18 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
  0 export packets were dropped enqueuing for the RP
  0 export packets were dropped due to IPC rate limiting
  0 export packets were dropped due to Card not being able to export

Any suggestions are appericated...

Best Regards,

=J=

Everyone's tags (4)
7 REPLIES
Hall of Fame Super Silver

Re: asr1000 flow-export to vrf Mgmt-intf

Hello Jay,

>> 206 flows failed due to lack of export packet

exporting netflow packets using an interface mapped in a VRF is a feature that was not supported untl recent times

This is a problem that happens also on other platforms like C7600.

the feature may be in the roadmap, there have been other threads about this issue in the forums

see

https://supportforums.cisco.com/message/3040853#3040853

https://supportforums.cisco.com/message/1331662#1331662

another colleague opened a thread for the same issue

https://supportforums.cisco.com/message/3201480#3201480

as I wrote before open a service request

Edit:

in feature navigator the feature is named:

Netflow Data Export to a collector in a VRF

but it is supported only on C6500

again open a service request

Hope to help

Giuseppe

New Member

Hi

Hi

We have an ASR1001 running version 15.1(2)S2. Instead of using interface Gi0, we used another interface Gi0/0/3 to export the flow. From the "sh ip flow export" command, we can see that the flow is already exported. However, when we tried sniffing at the next hop (10.1.1.1), which is a firewall, we cannot see the udp packets coming into the interface. So, the udp packets is not leaving the router. Any idea what is missing?

interface GigabitEthernet0/0/3
 ip vrf forwarding mgmt-ip
 ip address 10.1.1.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 negotiation auto
 cdp enable
!
ip route vrf mgmt-ip 0.0.0.0 0.0.0.0 GigabitEthernet0/0/3 10.1.1.1
!
ip flow-export source GigabitEthernet0/0/3
ip flow-export version 9
ip flow-export destination 10.10.10.253 5100 vrf mgmt-ip
!

Router#sh ip flow export
Flow export v9 is enabled for main cache
  Export source and destination details :
  VRF ID : 2
    Source(1)       10.1.1.2 (GigabitEthernet0/0/3)
    Destination(1)  10.10.10.253 (5100)
  Version 9 flow records
  238115493 flows exported in 10970087 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
  0 export packets were dropped enqueuing for the RP
  0 export packets were dropped due to IPC rate limiting
  0 export packets were dropped due to Card not being able to export
Router#

New Member

hi,

hi,

you can try

show flow exporter [yourexporter] statistics

it will show you a little bit more than command in your example. and you must see whether it sending any traffic or no. I had similair issues and this command helped me to solve my issue. also I noted "Flow export v9 is enabled for main cache" in your last command output, maybe it's something with cache?

New Member

You might want to try FNF

You might want to try FNF based flow config. I am not sure if this is available in your IOS version. Here's an example which I am using for IOS 15.6:

flow record demo
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport destination-port
 match transport source-port
 match routing vrf input
 match routing vrf output
 match mpls label 1 details
 match mpls label 2 details
 match mpls label 3 details
 collect counter bytes long
 collect counter packets long
flow exporter demo
 destination 10.10.10.10
 transport udp 9996
flow monitor demo
 exporter demo
 cache timeout inactive 30
 cache timeout active 60
 record demo
 

And this is how I attach to interface for which I want to collect flows:

!
interface GigabitEthernet1
 ip flow monitor demo input
 ip flow monitor demo output

!

Cisco Employee

Re: asr1000 flow-export to vrf Mgmt-intf

12.2(33)XNF brought support for Netflow Export to a destination in a VRF

for the ASR1000, but it is not supported on the Gig0 interface.

If you try to configure the source as Gig0 there was a check put in which informs you this is not supported:

Router(config)#ip flow-export source gig0
%Interface GigabitEthernet0 cannot be used as an exporter source!

Netflow collection and export happens directly on the ESP and does not require the RP to function. The  ESP has no way to interact with the Gig0 interface directly since the management interface is part of the RP.

Hall of Fame Super Silver

Re: asr1000 flow-export to vrf Mgmt-intf

Hello George,

thanks for your platform specific information

but how netflow export packets prepared by ESP go out to the external world?

it can use any interface on a SPA instead of an interface on the RP?

Hope to help

Giuseppe

Cisco Employee

Re: asr1000 flow-export to vrf Mgmt-intf

Giuseppe,

What you said is correct. Any SPA interface can be used for Netflow Export for the ASR1000. The Gig0 interface being referred to is built into the RP and while its purpose is for Management it cannot be used for Netflow Export. This is platform specific as you noted.

7255
Views
10
Helpful
7
Replies
CreatePlease login to create content