Re: Cat6k-MSFC2 and netflow

From: Jeffrey Papen (jpapen@yahoo-inc.com)
Date: Tue Jul 24 2001 - 16:01:22 PDT

  • Next message: Joe Loiacono: "Destination I/F = 0?"

    I think the biggest thing to take away from what you said was that you're running the native IOS code on the 6500, so there is no Cat OS and MSFC OS. I've spoken with the Cisco folks and they said that this code will give you cflowd stats like a 7500, but since it's not fully baked (buggy) we would want to wait a while before rolling production routers to it.

    - Jeffrey

    Andrew Fort wrote:

    > >On Fri, Jul 20, 2001 at 12:21:59PM -0500, David Spindler wrote:
    > >> The sup2 still supports version 1 which should have sour and
    > >dest ip set.
    > >
    > >Version 1 exports should not be used for anything important
    > >since without
    > >a sequence number it is not possible to detect lost flows.
    > >
    > >The ifIndex (input/output) fields are left 0. v1 exports will not fix
    > >this. It's either a bug or hardware limitation of the 65xx.
    >
    > So okay, what it comes down to is if you have a MSFC OR MSFC2 attached to a
    > MLS switch (Supervisor+PFC), you can deduce everything that passes through
    > your network, even nexthop/AS data (requires more 'smarts' in the collection
    > tools). We have an MSFC2 with Sup1 (c6sup12 native ios image), and we get
    > full data appearing in the flowscan graphs (after being capture by
    > flow-tools). Note that the application (flowscan) doesn't require AS data
    > (it can use it, but we're not as we dont run BGP on these boxes).
    >
    > If you have a PFC2, it appears you only get effectively the 'shortcut'
    > flows, and you lose src/dst If/AS and nexthop data from every flow (whereas
    > the non-accelerated flows from the MSFC2 with a Supervisor 1 are seen,
    > allowing a "reconstruction" to be made by the collector, as Mark suggested a
    > possible method for).
    >
    > why? Supervisor 1 is a "MLS" routing switch ala Cat 5505 netflow feature
    > card + Route Switch module. Supervisor 2 is more like a GSR (and more like
    > an 8500 series switching router), using CEF (and PXF?) to accelerate packets
    > through the chassis. This allows for that 'first packet' classification of
    > a flow to be skipped (these are the flows the MSFC[2] exports on a Cat6500
    > Supervisor 1).
    >
    > -afort
    > --
    > cflowd mailing list
    > cflowd@caida.org

    --
    Yahoo! BGP/Peering Engineer
    email: jeffrey@papen.com         beep: page-jeffrey@papen.com
    work: 408-349-3897               fax:  408-349-5307
    cell: 650-580-2684               page: 877-701-1126
    Yahoo Messenger ID: jpapen
    

    -- cflowd mailing list cflowd@caida.org



    This archive was generated by hypermail 2b29 : Tue Jul 24 2001 - 16:09:21 PDT