[nsp] Netflow broken for CWAN(FlexWAN) flows on Sup720,
12.2(14)SX1 native?
Andrew Fort
afort at choqolat.org
Wed Sep 24 03:41:16 EDT 2003
Hi folks (especially fellow bleeding edge sup720 folks ;),
We have a 7609/sup720 combo with CWAN (aka FlexWAN) card, and we're not
seeing flows on packets ingressing a PA-A3-OC3-SMI card in the CWAN card.
Flows going the other way, say, ingressing the WS-X6816 Gig card on
their way to the CWAN ATM PA, get exported as you'd expect, but the
return flows, we don't see in the box (*). MSFC3 handled flows
ingressing the CWAN do show up (e.g. a TCP/179 flow).
Has anyone else run into this?
Our interface and netflow related config is as follows:
! test setting only to placate weary billing engineer
mls aging fast time 1 threshold 1
! we require the ingress interface also
mls flow ip interface-full
! and our collector doesn't handle v7 from the PFCs NDE
mls nde sender version 5
! flexWAN interface on the PA-A3-OC3-SMI ATM adapter;
interface ATM4/1/0
no ip address
ip flow ingress
ip route-cache flow
interface ATM4/1/0.100 point-to-point
ip address 192.0.0.22 255.255.255.252
ip flow ingress
pvc 1/100
encapsulation aal5snap
! NDE config for MSFC
ip flow-export version 5 peer-as
ip flow-export destination 192.0.0.18 9997
!! Note that netflow works for us elsewhere on this box, such as:
interface GigabitEthernet1/1
ip address 192.0.0.6 255.255.255.252
ip flow ingress
ip route-cache flow
ip ospf cost 1000
ip ospf network point-to-point
spanning-tree link-type point-to-point
!
end
!
The interface is definitely seeing traffic:
7609-C-#sh int atm4/1/0 | i proto|minute
ATM4/1/0 is up, line protocol is up
5 minute input rate 6699000 bits/sec, 594 packets/sec
5 minute output rate 124000 bits/sec, 287 packets/sec
=============================================================
(*)
However,
sh ip cache flow
sh mls ip flow tcp stat
sh mls ip flow udp stat
sh mls netflow ip
etc
Show nothing happening on the Flexwan subinterface (other than
occasional traffic destined to the box itself, e.g. BGP flows) Also,
nothing is being received by the netflow collector.
Thus, it appears that flows being switched for the FlexWAN, without the
involvement of the MSFC are not getting exported (perhaps even from the
PFC up to the MSFC for UDP packaging and export).
Cheers,
-afort
More information about the cisco-nsp
mailing list