[nsp] Netflow questions

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Apr 25 08:14:22 EDT 2003


Raymond, Steven wrote:
> So it seems easy enough to enable Netflow on an interface with "ip
> route-cache flow".  Have found however that as long as dCEF is
> enabled, it still seems to accumulate statistics about the number of
> flows but does not show the source/destination address pairs at the
> bottom of the "show ip cache flow" output.
> Saying "no ip route-cache distributed" fixes this issue, but I assume
> then that the switching performance is then downgraded to the next
> fastest path, no?  With dCEF re-enabled, I can if-con into the vip
> and see all the output including src/dest pairs in the output of
> "show ip cache flow".  Is this expected behavior?

Yes, this is expected behaviour for distributed platforms (7500/12000).
As packets are switched by the VIPs when dCEF is enabled, the VIPs will
collect and export the flows as the RSP never sees them. VIPs (or
Linecards in the GSR) are separate "Netflow instances".

BTW: In the v5/v8 flow records, you can check the engine_type and
engine_id field. if engine_type == 0, the flow was collected by the RSP,
and by the VIP if engine_type == 1. In this case, engine_id will give
you the slot# of the VIP.

	oli



More information about the cisco-nsp mailing list