[c-nsp] accounting/cache/cache flow/cef

Amol Sapkal amolsapkal at gmail.com
Tue Sep 14 14:05:41 EDT 2004 

Something more to my confusion:

https://puck.nether.net/pipermail/cisco-nsp/2003-December/007036.html



On Tue, 14 Sep 2004 19:41:10 +0300 (IDT), Hank Nussbacher
<hank at mail.iucc.ac.il> wrote:
> On Tue, 14 Sep 2004, Rodney Dunn wrote:
> 
> > On Tue, Sep 14, 2004 at 07:44:37PM +0530, Amol Sapkal wrote:
> > > Hi Guys,
> > >
> > > I have been following this cef thing for long, and after looking out
> > > at the following command outputs, I am sort of lost:
> > >
> > > sh ip accounting
> >
> > Old way of doing packet accounting.  Not recommended today.
> >
> > > sh ip cef
> >
> > Just shows the leaf of the mtrie that corresponds to some route
> > in the routing table.
> >
> > > sh ip cache
> >
> > That shows the output of the old fastswitching cache.
> > If you have CEF on your 'sh ip cache' should really be
> > empty.
> >
> > > sh ip cache flow
> >
> > Shows the netflow cache which is exported to some form
> > of netflow collector if you  have it configured to export.
> > This is the recommended way to do packet accounting.
> >
> > >
> > >
> > > Assuming that I have enabled:
> > > 1.cef globally
> > > 2.ip route cache flow, on outgoing interfaces to my peer
> >
> > ip route-cache flow is only inbound flow on an interface
> > unless you have some sort of egress netflow support.
> >
> > > 3.ip accounting output-packets, on outgoing interfaces to my peer
> >
> > ip accounting is the old way of doing packet accounting.
> > We don't recommend using it.  The way to monitor traffic
> > flows accurately is via netflow.
> >
> > You can put the netflow on all interfaces and then sort
> > by egress interface to get cumulative egress packet counters.
> 
> And now to confuse you even more try the global command (7200, 7500,
> 12000):
> ip cef accounting non-recursive
> which will put you into the world of tmstats.  For more info see:
> <http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a0080080593.html>
> This basically is an IOS feature that enables an administrator to capture
> and analyze traffic data entering a backbone that is running BGP.
> The command to see the numbers is the non-intuitive:
> more system:/vfiles/tmstats_ascii
> for per prefix octet counts.
> 
> Good luck,
> -Hank
> 



-- 
Warm Regds,

Amol Sapkal

--------------------------------------------------------------------
An eye for an eye makes the whole world blind 
- Mahatma Gandhi
--------------------------------------------------------------------

More information about the cisco-nsp mailing list