[nsp] Netflow on E3 LC

Majid Siddiq majid at pie.net.pk
Sat Aug 16 13:50:33 EDT 2003 

Hi Dmitri,

I am still unable to enable the non-sampled flow on E3. Only sampled flow is
working.

i have tried your suggested configuration without any luck.

Any other suggestion?

regards
majid

----- Original Message -----
From: "Dmitri Bouianovski" <dbouiano at cisco.com>
To: <yuvalba at netvision.net.il>
Cc: <majid at pie.net.pk>; <cisco-nsp at puck.nether.net>
Sent: Thursday, August 14, 2003 9:11 AM
Subject: RE: [nsp] Netflow on E3 LC


> >as far as I understand, newer engines with higher bandwidth can't do
> >netflow per packet at those rates so the sampling mode was introduced
> >read this one:
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/12
0limit/120s/120s11/12s_sanf.htm
> >
>
> Actually E3 LCs support both raw (v5) NF in sampled mode and
> aggregated (v8) NF in full (non-sampled) mode.
>
> Configuration of an aggregated NF scheme in full (non-sampled) mode
> on an E3 LC is the same as on any other platform. One just should
> increase the number of entries in the aggregation cache to at least
> 64K-128K or to a bigger number depending on the aggregation scheme
> and traffic to optimize the feature performance. Here is an example.
>
> conf t
>   int pos 3/0
>     ip route-cache flow
>   exit
>   ip flow-aggregation cache source-prefix
>     cache entries 128000
>     export destination 6.1.1.3 3000
>     enabled
>   exit
>   ip flow-export version 5 origin-as
>
>
> Here is a NetFlow feature matrix for c12000 ISE (engine 3) LCs.
>
> --------------------------------+---------------------+-------------------
---
>                                 | Raw NetFlow (1)     |  Aggregated
NetFlow (2)
> --------------------------------+---------------------+-------------------
---
> Accounted Traffic               | IPv4, MPLS          |  IPv4
> --------------------------------+---------------------+-------------------
---
> Export Format                   | v5, v9 (3)          |  v8, v9 (4)
> --------------------------------+---------------------+-------------------
---
> E3 support in full mode   (6)   | No                  |  Yes (5)
> --------------------------------+---------------------+-------------------
---
> E3 support in sampled mode (7)  | Yes                 |  Yes
> --------------------------------+---------------------+-------------------
---
>
> (1) An IPv4 raw flow is defined as a unidirectional set of IPv4 packets
> that arrive to a router on the same sub-interface with a unique set
> of the following key fields: source and destination IP addresses,
> transport layer protocol, source and destination application
> (TCP/UDP) port numbers and IP Type of Service (ToS).
>
> (1) An MPLS raw flow is defined as a unidirectional set of MPLS
> packets that arrive to a router on the same sub-interface with a
> unique set of the following key fields: up to 3 MPLS labels of
> interest, corresponding EXP and EOS bits, all key fields of an IPv4
> flow if there is an IPv4 packet under the MPLS label stack.
>
> (2) There are a number of aggregation schemes: AS, Protocol-Port,
> Source-Prefix, Destination-Prefix, Prefix, AS-TOS, Source-Prefix-TOS,
> Destination-Prefix-TOS, Prefix-TOS, Prefix-Port, BGP-Next-Hop-TOS.
> Each of them defines an aggregated flow that groups together IPv4 raw
> flows with a particular set of common fields. For example, AS
> aggregation scheme groups together raw flows which have the same
> source and destination BGP AS's and source and destination
> interfaces, ignoring all other fields.
>
> (3) IPv4 flows can be exported either in v5 or v9 format but MPLS
> flows in v9 format only.
>
> (4) BGP Next Hop TOS aggregation scheme flows can be exported in v9
> format only.
>
> (5) BGP Next Hop TOS aggregation scheme is not supported by E3 in
> full (non-sampled) mode. It's supported by E3 in Sampled mode only.
>
> (6) Full mode means that NetFlow accounting is performed for *every*
> packet arriving to a NetFlow enabled interface.
>
> (7) Sampled mode means that NetFlow accounting is performed for one
> out of N sequential packets arriving to a NetFlow enabled interface,
> where N is a user configurable parameter.
>
> Dmitri
>
>
> > > -----Original Message-----
> > > From: Majid Siddiq [mailto:majid at pie.net.pk]
> > > Sent: Tuesday, August 12, 2003 14:18
> > > To: Yuval Ben-Ari; cisco-nsp at puck.nether.net
> > > Subject: Re: [nsp] Netflow on E3 LC
> > >
> > >
> > > Yes, missed out that one. "show ip flow sampling" did the
> > > trick. Sampled
> > > flow is working now.
> > >
> > > But what about the normal netflow; can't we enable normal
> > > netflow on Engine
> > > 3 cards.
> > >
> > > regards
> > > majid
> > >
> > > ----- Original Message -----
> > > From: "Yuval Ben-Ari" <yuvalba at netvision.net.il>
> > > To: "Majid Siddiq" <majid at pie.net.pk>; <cisco-nsp at puck.nether.net>
> > > Sent: Tuesday, August 12, 2003 5:53 PM
> > > Subject: RE: [nsp] Netflow on E3 LC
> > >
> > >
> > > you need to globally enable flow-sampling with "ip flow-sampling-mode
> > > packet-interval X"
> > > you can verify with "show ip flow sampling"
> > > I know it is explained somewhere on the CCO
> > >
> > > > -----Original Message-----
> > > > From: Majid Siddiq [mailto:majid at pie.net.pk]
> > > > Sent: Tuesday, August 12, 2003 8:59 AM
> > > > To: cisco-nsp at puck.nether.net
> > > > Subject: [nsp] Netflow on E3 LC
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I am unable to get any data when I enabled netflow on POS
> > > > interfaces of ISE
> > > > card on 12410. IOS is 12.0.25S1.
> > > >
> > > > Same result with 'sampled' option and 'direction'.
> > > >
> > > > Any clue of what's going on ?  i have not searched the bug
> > > > toolkit and have
> > > > not found any relevant bug.
> > > >
> > > > IP packet size distribution (0 total packets):
> > > >    1-32   64   96  128  160  192  224  256  288  320  352
> > > > 384  416  448
> > > > 480
> > > >    .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
> > > > .000 .000 .000
> > > > .000
> > > >
> > > >     512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
> > > >    .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
> > > >
> > > > IP Flow Switching Cache, 69636 bytes
> > > >   0 active, 1024 inactive, 0 added
> > > >   0 ager polls, 0 flow alloc failures
> > > >   Active flows timeout in 30 minutes
> > > >   Inactive flows timeout in 15 seconds
> > > >   last clearing of statistics 17:51:39
> > > > Protocol         Total    Flows   Packets Bytes  Packets Active(Sec)
> > > > Idle(Sec)
> > > > --------         Flows     /Sec     /Flow  /Pkt     /Sec
> > > > /Flow     /Flow
> > > >
> > > > Actual flows can be seen on line cards only
> > > >         Do "attach <slot>" and re-enter the show command
> > > >
> > > > regards
> > > > majid
> > > >
> > > > _______________________________________________
> > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > >
> > > >
> > >
> > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > >
> >
> >
> >_______________________________________________
> >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list