[nsp] Netflow broken for CWAN(FlexWAN) flows on Sup720, 12.2(14)SX1 native?

Andrew Fort afort at choqolat.org
Wed Sep 24 03:41:16 EDT 2003


Hi folks (especially fellow bleeding edge sup720 folks ;),

We have a 7609/sup720 combo with CWAN (aka FlexWAN) card, and we're not 
seeing flows on packets ingressing a PA-A3-OC3-SMI card in the CWAN card.

Flows going the other way, say, ingressing the WS-X6816 Gig card on 
their way to the CWAN ATM PA, get exported as you'd expect, but the 
return flows, we don't see in the box (*).  MSFC3 handled flows 
ingressing the CWAN do show up (e.g. a TCP/179 flow).

Has anyone else run into this?

Our interface and netflow related config is as follows:


! test setting only to placate weary billing engineer
mls aging fast time 1 threshold 1
! we require the ingress interface also
mls flow ip interface-full
! and our collector doesn't handle v7 from the PFCs NDE
mls nde sender version 5

! flexWAN interface on the PA-A3-OC3-SMI ATM adapter;

interface ATM4/1/0
  no ip address
  ip flow ingress
  ip route-cache flow

interface ATM4/1/0.100 point-to-point
  ip address 192.0.0.22 255.255.255.252
  ip flow ingress
  pvc 1/100
   encapsulation aal5snap

! NDE config for MSFC
ip flow-export version 5 peer-as
ip flow-export destination 192.0.0.18 9997


!! Note that netflow works for us elsewhere on this box, such as:

interface GigabitEthernet1/1
  ip address 192.0.0.6 255.255.255.252
  ip flow ingress
  ip route-cache flow
  ip ospf cost 1000
  ip ospf network point-to-point
  spanning-tree link-type point-to-point
!

end
!


The interface is definitely seeing traffic:

7609-C-#sh int atm4/1/0 | i proto|minute
ATM4/1/0 is up, line protocol is up
   5 minute input rate 6699000 bits/sec, 594 packets/sec
   5 minute output rate 124000 bits/sec, 287 packets/sec 
=============================================================

(*)
However,

sh ip cache flow
sh mls ip flow tcp stat
sh mls ip flow udp stat
sh mls netflow ip
etc

Show nothing happening on the Flexwan subinterface (other than 
occasional traffic destined to the box itself, e.g. BGP flows) Also, 
nothing is being received by the netflow collector.

Thus, it appears that flows being switched for the FlexWAN, without the 
involvement of the MSFC are not getting exported (perhaps even from the 
PFC up to the MSFC for UDP packaging and export).

Cheers,
-afort




More information about the cisco-nsp mailing list