Re: [nsp] CEF subinterface

From: Simon Leinen (simon@limmat.switch.ch)
Date: Mon Aug 28 2000 - 12:34:15 EDT


>>>>> "rp" == Rick Payne <rickp@rossfell.co.uk> writes:
> --On 25/08/00 12:52:13 -0400 "Martin, Christian" <cmartin@gnilink.net>
>> A cisco defect has been logged in regards to this issue. I spoke
>> with the developer, who verified the problem. Apparently, while
>> implementing the BGP Policy MIB, the DEs latched into the CEF
>> sublayer instead of the actual interface. It will likeley be
>> removed in the 12.1 train, and maybe some 12.0S images. (13?)

> Thats a shame - 'cos its the only way I've found to accurately map
> the interface numbers used in the netflow export to the "real"
> interfaces on the router.

What do you mean by "real interface" and how did you compute this
mapping? I'm curious because I found it very difficult to map from the
"cef layer" interface index to *anything*.

We use an interface's IP address(es) in order to group interfaces into
different categories for NetFlow analysis (such as backbone, customer,
peer). Before the "cef layer" interfaces showed up, this was very
easy because the ifIndexes in NetFlow where the same as those in
ipAddrTable.

When the "cef layer" interfaces where introduced, this code of mine
broke, and the only way to make it work again was to use the ifDescr
(i.e. the interface "name"), remove the string "-cef layer", find the
interface with that name, and do the IP address lookup. At first I
had thought I could use ifStackTable, which is supposed to link
"layered" interface instances. Unfortunately the "-cef layer"
interfaces aren't represented in ifStackTable.

> If the "CEF-layer" SNMP interfaces are to be removed - whats the
> recommended method for mapping netflow interface ID to real
> interfaces?

The situation should be the same as before the introduction of the
"-cef layer" interfaces. You'll get the ifIndex corresponding to the
(sub)interface on which the flow's packets entered/left the router.
So for me the mapping would become the identity mapping again, but
maybe I don't understand you correctly.

-- 
Simon Leinen				       simon@babar.switch.ch
SWITCH				   http://www.switch.ch/misc/leinen/

Who is General Failure & why's he reading my disk?



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:15 EDT