[nsp] Netflow on E3 LC

Majid Siddiq majid at pie.net.pk
Sun Aug 17 15:24:45 EDT 2003


Hi Oliver,

i was using the wrong command to check the flows. the flows are listed on
the LC and i was checking it on the GRP.

Thanks for the help.

regards
majid

----- Original Message -----
From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
To: "Majid Siddiq" <majid at pie.net.pk>; "Dmitri Bouianovski (dbouiano)"
<dbouiano at cisco.com>; <yuvalba at netvision.net.il>
Cc: <cisco-nsp at puck.nether.net>
Sent: Saturday, August 16, 2003 4:54 PM
Subject: RE: [nsp] Netflow on E3 LC


H Majid,

> I am still unable to enable the non-sampled flow on E3. Only sampled
> flow is working.

Do you see entries in the aggregation cache on the linecard (i.e.
"execute-on slot <slot> show ip cache flow aggregation
<whatever-aggregation-scheme-you've-configured>")? As the E3 does the v8
aggregation in hardware, "exec slot <n> show ip cache flow" will never
show any entries when non-sampled aggregated netflow is configured.
Can you post a "show ip flow export" (from the GRP) as well as your
configuration?

Tx,
oli




> i have tried your suggested configuration without any luck.
>
> Any other suggestion?
>
> regards
> majid
>
> ----- Original Message -----
> From: "Dmitri Bouianovski" <dbouiano at cisco.com>
> To: <yuvalba at netvision.net.il>
> Cc: <majid at pie.net.pk>; <cisco-nsp at puck.nether.net>
> Sent: Thursday, August 14, 2003 9:11 AM
> Subject: RE: [nsp] Netflow on E3 LC
>
>
> > > as far as I understand, newer engines with higher bandwidth can't
> > > do netflow per packet at those rates so the sampling mode was
> > > introduced read this one:
> >
> >
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft
/12
> 0limit/120s/120s11/12s_sanf.htm
> > >
> >
> > Actually E3 LCs support both raw (v5) NF in sampled mode and
> > aggregated (v8) NF in full (non-sampled) mode.
> >
> > Configuration of an aggregated NF scheme in full (non-sampled) mode
> > on an E3 LC is the same as on any other platform. One just should
> > increase the number of entries in the aggregation cache to at least
> > 64K-128K or to a bigger number depending on the aggregation scheme
> > and traffic to optimize the feature performance. Here is an example.
> >
> > conf t
> >   int pos 3/0
> >     ip route-cache flow
> >   exit
> >   ip flow-aggregation cache source-prefix
> >     cache entries 128000
> >     export destination 6.1.1.3 3000
> >     enabled
> >   exit
> >   ip flow-export version 5 origin-as
> >
> >
> > Here is a NetFlow feature matrix for c12000 ISE (engine 3) LCs.
> >
> >
--------------------------------+---------------------+-----------------
--
> >                                 --- | Raw NetFlow (1)     |
> > Aggregated NetFlow (2)
> >
--------------------------------+---------------------+-----------------
--
> > --- Accounted Traffic               | IPv4, MPLS          |  IPv4
> >
--------------------------------+---------------------+-----------------
--
> > --- Export Format                   | v5, v9 (3)          |  v8, v9
> > (4)
> >
--------------------------------+---------------------+-----------------
--
> > --- E3 support in full mode   (6)   | No                  |  Yes (5)
> >
--------------------------------+---------------------+-----------------
--
> > --- E3 support in sampled mode (7)  | Yes                 |  Yes
> >
--------------------------------+---------------------+-----------------
--
> > ---
> >
> > (1) An IPv4 raw flow is defined as a unidirectional set of IPv4
> > packets that arrive to a router on the same sub-interface with a
> > unique set of the following key fields: source and destination IP
> > addresses, transport layer protocol, source and destination
> > application (TCP/UDP) port numbers and IP Type of Service (ToS).
> >
> > (1) An MPLS raw flow is defined as a unidirectional set of MPLS
> > packets that arrive to a router on the same sub-interface with a
> > unique set of the following key fields: up to 3 MPLS labels of
> > interest, corresponding EXP and EOS bits, all key fields of an IPv4
> > flow if there is an IPv4 packet under the MPLS label stack.
> >
> > (2) There are a number of aggregation schemes: AS, Protocol-Port,
> > Source-Prefix, Destination-Prefix, Prefix, AS-TOS,
> > Source-Prefix-TOS, Destination-Prefix-TOS, Prefix-TOS, Prefix-Port,
> > BGP-Next-Hop-TOS. Each of them defines an aggregated flow that
> > groups together IPv4 raw flows with a particular set of common
> > fields. For example, AS aggregation scheme groups together raw
> > flows which have the same source and destination BGP AS's and
> > source and destination interfaces, ignoring all other fields.
> >
> > (3) IPv4 flows can be exported either in v5 or v9 format but MPLS
> > flows in v9 format only.
> >
> > (4) BGP Next Hop TOS aggregation scheme flows can be exported in v9
> > format only.
> >
> > (5) BGP Next Hop TOS aggregation scheme is not supported by E3 in
> > full (non-sampled) mode. It's supported by E3 in Sampled mode only.
> >
> > (6) Full mode means that NetFlow accounting is performed for *every*
> > packet arriving to a NetFlow enabled interface.
> >
> > (7) Sampled mode means that NetFlow accounting is performed for one
> > out of N sequential packets arriving to a NetFlow enabled interface,
> > where N is a user configurable parameter.
> >
> > Dmitri
> >
> >
> > > > -----Original Message-----
> > > > From: Majid Siddiq [mailto:majid at pie.net.pk]
> > > > Sent: Tuesday, August 12, 2003 14:18
> > > > To: Yuval Ben-Ari; cisco-nsp at puck.nether.net
> > > > Subject: Re: [nsp] Netflow on E3 LC
> > > >
> > > >
> > > > Yes, missed out that one. "show ip flow sampling" did the
> > > > trick. Sampled flow is working now.
> > > >
> > > > But what about the normal netflow; can't we enable normal
> > > > netflow on Engine 3 cards.
> > > >
> > > > regards
> > > > majid
> > > >
> > > > ----- Original Message -----
> > > > From: "Yuval Ben-Ari" <yuvalba at netvision.net.il>
> > > > To: "Majid Siddiq" <majid at pie.net.pk>;
> > > > <cisco-nsp at puck.nether.net> Sent: Tuesday, August 12, 2003 5:53
> > > > PM Subject: RE: [nsp] Netflow on E3 LC
> > > >
> > > >
> > > > you need to globally enable flow-sampling with "ip
> > > > flow-sampling-mode packet-interval X" you can verify with "show
> > > > ip flow sampling" I know it is explained somewhere on the CCO
> > > >
> > > > > -----Original Message-----
> > > > > From: Majid Siddiq [mailto:majid at pie.net.pk]
> > > > > Sent: Tuesday, August 12, 2003 8:59 AM
> > > > > To: cisco-nsp at puck.nether.net
> > > > > Subject: [nsp] Netflow on E3 LC
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > I am unable to get any data when I enabled netflow on POS
> > > > > interfaces of ISE card on 12410. IOS is 12.0.25S1.
> > > > >
> > > > > Same result with 'sampled' option and 'direction'.
> > > > >
> > > > > Any clue of what's going on ?  i have not searched the bug
> > > > > toolkit and have not found any relevant bug.
> > > > >
> > > > > IP packet size distribution (0 total packets):
> > > > >    1-32   64   96  128  160  192  224  256  288  320  352 384
> > > > > 416  448 480
> > > > >    .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
> > > > > .000 .000 .000 .000
> > > > >
> > > > >     512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
> > > > >    .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
> > > > >
> > > > > IP Flow Switching Cache, 69636 bytes
> > > > >   0 active, 1024 inactive, 0 added
> > > > >   0 ager polls, 0 flow alloc failures
> > > > >   Active flows timeout in 30 minutes
> > > > >   Inactive flows timeout in 15 seconds
> > > > >   last clearing of statistics 17:51:39
> > > > > Protocol         Total    Flows   Packets Bytes  Packets
> > > > > Active(Sec) Idle(Sec)
> > > > > --------         Flows     /Sec     /Flow  /Pkt     /Sec
> > > > > /Flow     /Flow
> > > > >
> > > > > Actual flows can be seen on line cards only
> > > > >         Do "attach <slot>" and re-enter the show command
> > > > >
> > > > > regards
> > > > > majid
> > > > >
> > > > > _______________________________________________
> > > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > >
> > > >
> > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list