Re: NDE and MPLS

From: Benoit Claise (bclaise@cisco.com)
Date: Thu Jul 12 2001 - 01:09:56 PDT

  • Next message: Roman Popov: "Re: Help, anyone know the minimum system require for Cflowd??"

    Gustavo,

    Gustavo Torres wrote:

    > I took part on Networkers 2001 last month, and a question remains open:
    > - what if I'm using MPLS, will NDE report flow information correctly?

    No. I enable netflow on PE router, with netflow enabled on a tag-switched interface and the only traffic reported by netflow is:
    - The one using the global routing table
    - The BGP session messages (TCP, DstPort = 179)
    - The TDP session message (TCP, SrcPort = 711)

    Regards, Benoit

    >
    > Any guesses?
    >
    > --
    > Gustavo Torres
    > Senior Network Management Architect
    > OptiGlobe Communications Inc. -The Internet Lives Here.
    > Rua Bento Branco de Andrade Filho, 621
    > 04757-000, São Paulo - SP
    > Brasil
    > http://www.optiglobe.com.br
    >
    > Tel: +55 11 33654469
    > Fax: +55 11 33654445
    > Cel: +55 11 92660684
    >
    > -----------------------------------------------------------------------------
    >
    > Date: Wed, 11 Jul 2001 10:42:34 -0700
    > From: Jeffrey Papen <jpapen@yahoo-inc.com>
    > To: Mark Fullmer <maf@eng.oar.net>
    > Cc: "'dproscin@oracle.com'" <dproscin@oracle.com>, cflowd@caida.org
    > Subject: Re: NDE Version 7 (Cat 6509)
    >
    > Very bad news folks for NetFlow on the newer 6509.
    >
    > http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm
    >
    > the above URL details all of the fields in a Version 7 flow that are set to zero. They include next_hop_ip, both source and destination AS, source and destination
    > port, source IP address, and protocol.
    >
    > my $soapbox = 1;
    >
    > Essentially, if you have a 6500 with a Sup 1a and MSFC1, you're golden. If you have a Sup2 w/ MSFC2 then NetFlow is dead to you. Cisco did the same thing when they added the 3 port Gig card to their GSR line. Cisco went to Netflow Version 8 which is an "aggregation" - read labotomization - of any useful flow data. It bums me out considerably that the only way Cisco makes their stuff faster is to strip out all of the features hardcore users require. What's next SNMP? How about ACLs?
    >
    > Thank God for Juniper! Cisco deserves to get their lunch eaten. When it happens, I'll dance a jig on the grave of the GSR.
    >
    > $soapbox = 0;
    >
    > - Jeffrey
    >
    > Mark Fullmer wrote:
    >
    > > On Mon, Jul 09, 2001 at 06:44:25PM -0700, Jeffrey Papen wrote:
    > > > Is that a for sale product? What is so great about it? I have a similar problem and am looking for version 5 type formats from a Catalyst 6500.
    > >
    > > flow-tools 0.54 has a utility that will translate export versions. This
    > > should allow you to use version 7 exports with cflowd by translating
    > > to version 5.
    > >
    > > % flow-receive 0/exporterip/port | flow-xlate -V5 | flow-send 0/127.0.0.1/port2
    > >
    > > Where exporterip and port are the IP address and port of the router providing
    > > the flows and port2 is the port cflowd is listening on.
    > >
    > > This will not currently work with the native IOS version of the 6500 due
    > > to how they mix the CPU and hardware accelerated flows together on the
    > > same UDP port. flow-tools will be able to support this in the next release
    > > though.
    > >
    > > mark
    > > --
    > > cflowd mailing list
    > > cflowd@caida.org
    >
    > --
    > Yahoo! BGP/Peering Engineer
    > email: jeffrey@papen.com beep: page-jeffrey@papen.com
    > work: 408-349-3897 fax: 408-349-5307
    > cell: 650-580-2684 page: 877-701-1126
    > Yahoo Messenger ID: jpapen
    >
    > --
    > cflowd mailing list
    > cflowd@caida.org
    >
    > --
    > cflowd mailing list
    > cflowd@caida.org

    --
    cflowd mailing list
    cflowd@caida.org
    



    This archive was generated by hypermail 2b29 : Thu Jul 12 2001 - 01:26:30 PDT