RE: [nsp] GSR+Netflow+OC-48 blade that won't export flows?

From: Bulger, Tim (TBulger@ea.com)
Date: Thu Dec 13 2001 - 11:36:30 EST

Next message: Barry Wright: "RE: [nsp] GSR+Netflow+OC-48 blade that won't export flows?"
Previous message: Junichi Shimagami: "Re: [nsp] GSR+Netflow+OC-48 blade that won't export flows?"
Maybe in reply to: Bulger, Tim: "[nsp] GSR+Netflow+OC-48 blade that won't export flows?"
Next in thread: Barry Wright: "RE: [nsp] GSR+Netflow+OC-48 blade that won't export flows?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Thanks for all the feedback all, it appears that the lack of sampling is
the problem.

Tim

-----Original Message-----
From: Barry Wright [mailto:Bwright@interland.com]
Sent: Thursday, December 13, 2001 6:18 AM
To: 'Bulger, Tim '; 'cisco-nsp@puck.nether.net '
Subject: RE: [nsp] GSR+Netflow+OC-48 blade that won't export flows?

Engine Type 2 and above cards don't do basic Netflow. You have to
configure "ip route-cache flow sampled" on the interface, and then set

ip flow-sampling-mode packet-interval <10-16382> <--this number means
that netflow will sample and capture one packet in ever <#> packets.

This command will show what version of Engine cards you have. sho diag |
include Engine
  L3 Engine: 0 - OC12 (622 Mbps)
  L3 Engine: 2 - Backbone OC48 (2.5 Gbps)
  L3 Engine: 1 - Standard OC48 (2.5 Gbps)
  L3 Engine: 1 - Standard OC48 (2.5 Gbps)
  L3 Engine: 2 - Backbone OC48 (2.5 Gbps)

or just a show diag [slot#]

-----Original Message-----
From: Bulger, Tim
To: cisco-nsp@puck.nether.net
Sent: 12/12/2001 10:57 PM
Subject: [nsp] GSR+Netflow+OC-48 blade that won't export flows?

Hello,

I have a 2 GSR 12008s with OC-48 and 8 port FE modules. Both of them
are configured almost identically, but one fails to export flow data
from the OC-48 card. When I connect to the slot and look at the flow
information, this is what I see:

LC-Slot0#sh ip flow export
Flow export is enabled
  Exporting flows to 159.153.192.59 (9997)
  Exporting using source IP address 159.153.192.250
  Version 5 flow records, origin-as
  0 flows exported in 0 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were punted to the RP
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
  0 export packets were dropped enqueuing for the RP
  0 export packets were dropped due to IPC rate limiting
  0 export packets were dropped due to output drops
LC-Slot0#sh ip cache flow
IP packet size distribution (0 total packets):
   1-32 64 96 128 160 192 224 256 288 320 352 384 416 448
480
   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
.000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 17826816 bytes
  0 active, 262144 inactive, 0 added
  0 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  Inactive flows timeout in 15 seconds
  last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow
/Flow

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
Pkts
LC-Slot0#

When I do the same on the one that is working, it looks like this:

LC-Slot0#sh ip cache flow
IP packet size distribution (131391975 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448
480
.001 .489 .184 .065 .026 .015 .011 .011 .005 .004 .004 .005 .002 .001
.001

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.001 .001 .014 .017 .132 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 17826816 bytes
  5361 active, 256783 inactive, 69172561 added
  507674141 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow
/Flow
TCP-Telnet 5007 0.0 16 69 0.0 18.2
14.6
TCP-FTP 20769 0.0 1 100 0.0 0.2
13.7
TCP-FTPD 40921 0.0 17 1293 0.1 22.7
13.0
TCP-WWW 14505922 3.3 1 828 5.6 0.8
15.3
TCP-SMTP 108611 0.0 1 575 0.0 0.1
13.5
TCP-X 28 0.0 1 48 0.0 2.3
16.0
TCP-BGP 9543 0.0 1 368 0.0 1.8
16.3
TCP-Frag 9 0.0 1 44 0.0 1.9
16.8
TCP-other 54145959 12.6 1 131 23.3 5.0
16.4
UDP-DNS 19108 0.0 1 69 0.0 1.5
16.4
UDP-NTP 80 0.0 1 76 0.0 0.0
16.4
UDP-Frag 4295 0.0 20 53 0.0 16.8
13.0
UDP-other 125240 0.0 27 215 0.8 28.1
10.8
ICMP 171424 0.0 2 45 0.0 2.7
16.1
IP-other 10283 0.0 159 1124 0.3 51.0
3.0
Total: 69167199 16.1 1 281 30.5 4.2
16.1

They were running the same version of code, but I recently upgraded the
broken one to 12.0.19S1 to no effect. 'ip route cache flow' is set on
the interface.. Perhaps OC-48 line speed is too high for Netflow without
sampling?

Thanks in advance,

Tim Bulger
Senior Network Engineer
Electronic Arts

Next message: Barry Wright: "RE: [nsp] GSR+Netflow+OC-48 blade that won't export flows?"
Previous message: Junichi Shimagami: "Re: [nsp] GSR+Netflow+OC-48 blade that won't export flows?"
Maybe in reply to: Bulger, Tim: "[nsp] GSR+Netflow+OC-48 blade that won't export flows?"
Next in thread: Barry Wright: "RE: [nsp] GSR+Netflow+OC-48 blade that won't export flows?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:25 EDT