Re: Cat 6506 and NetFlow

From: Jeffrey Papen (jpapen@yahoo-inc.com)
Date: Thu Jul 19 2001 - 12:53:09 PDT

  • Next message: Jeffrey Papen: "NetFlow version 5 vs. 7 vs. 8"

    It depends on if you're using a sup1a w/ MSFC then you configure ip route-cache flow on each vlan you want flows exporting from. Then in the global router config setup the export ip, version, etc.

    If you have a sup2 with MSFC2 then it's ankle-grabbing time. Cisco changed NetFlow on the MSFC2 to support only version 7. This means that dest IP, port, protocol, AS, and some other cool fields are always set to zero. Now both the router and the switch will be exporting to your collector where the router does a flow for the first packet and the switch does a lobotomized flow for the remainder of the data.

    The commands you're looking for are:
    SUP config
    -----------

    set mls agingtime 256 (or whatever values)
    set mls agingtime fast 10 5 (or whatever values)
    set mls flow full
    set mls nde 172.17.246.225 9996
    set mls nde version 7 (version 7 not 5)
    set mls nde enable

    MSFC config
    -----------

    interface vlanx
    ip route-cache flow

    ip flow-export destination 172.17.246.225 9996
    ip flow-export version 5
    ip flow-export source vlan 1

    Here is a URL that may help.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/nde.htm#xtocid220905

    If you end up opening a Cisco TAC case on this, we had case #B464927 on this issue. Referencing it may help you out. The case was about an sup1a/MSFC working great and a sup2/MSFC2 working like poop.

    Let me know if you have any other questions.

    Thanks,
    - Jeffrey

    Luca Deri wrote:

    > Dear all,
    > I need to enable NetFlow on a Cat 6506 with MSFC. Unfortunately all the
    > attempts failed as I am not able to export any flow. I have attached below
    > an output of the current configuration. Please note that on VLAN1 there's
    > most of the traffic and that there is a data collector on such vlan.
    >
    > Is there anyone out there who can tell *precisely* where's the problem and
    > what are the command I should use for enabling NetFlow?
    >
    > Thanks in advance,
    >
    > Luca
    >
    > =============
    > #mls
    > set mls flow destination-source
    > set mls nde 213.158.72.52 9996
    > set mls statistics protocol 0
    > set mls nde enable
    >
    > =============
    > output of Cat 6500:
    > Console> (enable) sh mls
    > Total packets switched = 0
    > Total bytes switched = 0
    > Total routes = 30
    >
    > IP statistics flows aging time = 256 seconds
    > IP statistics flows fast aging time = 0 seconds, packet threshold = 0
    > IP Current flow mask is Destination-source flow
    > Netflow Data Export version: 7
    > Netflow Data Export enabled
    > Netflow Data Export configured for port 9996 on host 213.158.72.52
    > Total packets exported = 0
    >
    > =============
    >
    > MSFC configuration
    >
    > mls rp ip
    > !
    > interface Vlan1
    > ip address 213.158.72.120 255.255.255.128
    > no ip redirects
    > ip route-cache flow
    > mls rp ip
    > !
    > ip flow-export source Vlan1
    > ip flow-export version 5
    > ip flow-export destination 213.158.72.52 9996
    >
    > output dell'MSFC:
    > Core_2#sh ip cache flow
    > IP packet size distribution (232 total packets):
    > 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448
    > 480
    > .000 .008 .801 .000 .000 .000 .000 .094 .094 .000 .000 .000 .000 .000
    > .000
    >
    > 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
    > .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
    >
    > IP Flow Switching Cache, 278544 bytes
    > 3 active, 4093 inactive, 52 added
    > 1050 ager polls, 0 flow alloc failures
    > Active flows timeout in 30 minutes
    > Inactive flows timeout in 15 seconds
    > last clearing of statistics 15:27:58
    > Protocol Total Flows Packets Bytes Packets Active(Sec)
    > Idle(Sec)
    > -------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
    > UDP-other 46 0.0 4 112 0.0 5.4 15.4
    > ICMP 3 0.0 1 84 0.0 0.0 15.3
    > Total: 49 0.0 4 112 0.0 5.1 15.4
    >
    > SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
    > Pkts
    > Vl1 213.158.72.70 Null 213.158.72.127 11 0089 0089
    > 1
    > Vl1 213.158.72.13 Null 213.158.72.127 11 008A 008A
    > 2
    > Vl1 213.158.72.13 Null 213.158.72.127 11 0089 0089
    > 13
    >
    > =============
    > Core_2#sh mls rp
    > ip multilayer switching is globally enabled
    > ipx multilayer switching is globally disabled
    > ipx mls inbound acl override is globally disabled
    > mls id is 0005.5e32.02c0
    > mls ip address 127.0.0.12
    > mls ip flow mask is destination
    > mls ipx flow mask is unknown
    > number of domains configured for mls 1
    >
    > vlan domain name: -null-
    > current ip flow mask: destination
    > ip current/next global purge: false/false
    > ip current/next purge count: 0/0
    > current ipx flow mask: destination
    > ipx current/next global purge: false/false
    > ipx current/next purge count: 0/0
    > current sequence number: 2260543826
    > current/maximum retry count: 0/10
    > current domain state: no-change
    > domain uptime: 00:01:34
    > keepalive timer expires in 11 seconds
    > retry timer not running
    > change timer not running
    > fcp subblock count = 1
    >
    > 0 management interface(s) currently defined:
    >
    > 1 mac-vlan(s) configured for multi-layer switching
    >
    > 1 mac-vlan(s) enabled for ip multi-layer switching:
    >
    > mac 0005.dce0.67fc
    > vlan id(s)
    > 1
    >
    > 0 mac-vlan(s) enabled for ipx multi-layer switching:
    >
    > router currently aware of following 0 switch(es):
    > no switch id's currently exists in domain
    >
    > --
    > cflowd mailing list
    > cflowd@caida.org

    --
    Yahoo! BGP/Peering Engineer
    email: jeffrey@papen.com         beep: page-jeffrey@papen.com
    work: 408-349-3897               fax:  408-349-5307
    cell: 650-580-2684               page: 877-701-1126
    Yahoo Messenger ID: jpapen
    

    -- cflowd mailing list cflowd@caida.org



    This archive was generated by hypermail 2b29 : Thu Jul 19 2001 - 23:44:54 PDT