[nsp] netflow on cat6k native?
Simon Leinen
simon at limmat.switch.ch
Wed Feb 19 21:45:36 EST 2003
Stephen,
> K folks I'm on 12.1.13E4 now..
good.
> So I get the sp flows now too, but its not good:
> AS src/dst fields are zero
Did you say
ip flow-export version 5 peer-as
or
ip flow-export version 5 origin-as
?
> Src interface seems not to be the source, in fact the one I'm
> looking at right now corresponds to an admin down interface.
Try the following configuration commands:
mls flow ip interface-full
This includes the source VLAN (L3 interface) in the flow mask, and
will make sure that the actual ingress interface is noted for each
flow.
mls nde interface
This causes the NDE process to fill in the input/output interface
fields - but if you have non-zero interface fields you know that
already.
> RP and SP flows are indistinguishable (no unique src/dst port/ips)
That's a bug - for this reason I still use NetFlow v7 from the SP,
just so that I can distinguish the SP (PFC) flow stream from the RP
(MSFC) one.
NetFlow v5 (and also v7 I think) includes engine-type and engine-id
fields that should be used to disambiguate exported flows from
different "engines" within a box. This is used with Distributed
NetFlow on the 7500/VIP2 and 12000 platforms. Somehow it seems to
have been forgotten on the Catalyst 6500/7600 OSR when NetFlow v5
support was introduced on the SP (PFC) - the engine-type and engine-id
are zero, whether the flows come from the PFC or from the MSFC.
Hopefully this will be fixed in a future release.
> Is this right or am I doing something wrong? This is useless!
Well, for me it has been extremely useful (and the numbers look
correct too :-)
Regards,
--
Simon.
More information about the cisco-nsp
mailing list