[c-nsp] netflow on native 6509

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Nov 25 12:44:01 EST 2005 

Alex,

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configura
tion_guide_chapter09186a008007e6f0.html#wp1060003 says:

---snip---
Sampled NetFlow 

Sampled NetFlow exports data for a subset of the Layer 3-switched IP
packets instead of for all packets in a flow. Sampled NetFlow
substantially decreases the Supervisor Engine 2 CPU utilization. Release
12.1(13)E and later releases support sampled NetFlow on the Supervisor
Engine 2. 

With the full-interface or destination-source-interface flow masks, you
can enable or disable sampled NetFlow on each LAN port. With all other
flow masks, sampled Netflow is enabled or disabled globally.

---snip---

since you have "mls flow ip interface-full", you need to enable SNF on
the L3 interface(s)..

sampled NF is processed on the MSFC

	oli

Alex Rubenstein <mailto:alex at nac.net> wrote on Friday, November 25, 2005
6:21 PM:

> Since I have written this, I spent about 5 hours experimenting.
> 
> I have found the following:
> 
> If you enable mls nde with:
> 
> mls flow ip interface-full
> mls nde sender version 5
> mls nde interface
> ip flow-export version 5 origin-as
> ip flow-export destination [collector] [port]
> 
> every flow across every interface will be sent to the collector.
> 
> HOWEVER, once you enter this global command:
> 
> mls sampling packet-based x y
> 
> No flows, I repeat, NO FLOWS are sent to the collector. I tested this
> extensively.
> 
> As soon as you enter the following on an interface:
> 
> interface Blah4/5
>   mls netflow sampling
> 
> Sampled netflow, at the rate defined in the global command, begins to
> flow 
> to the collector, ONLY FOR THE INTERFACES enabled on. And, only in the
> inbound aspect.
> 
> Anyone else confirm this behavior?
> 
> 
> 
> 
> 
> 
> On Fri, 25 Nov 2005, Oliver Boehmer \(oboehmer\) wrote:
> 
>> Alex Rubenstein <> wrote on Friday, November 25, 2005 3:15 AM:
>> 
>>> Hello,
>>> 
>>> Sup2, MSFC2, 12.1.26E Native (no CatOS).
>>> 
>>> Fairly simple question. Running mls nde, is it globally on all
>>> interfaces only, or can you enable/disable mls nde per interface?
>> 
>> it is enabled globally for all interfaces on this platform/IOS
>> release, so you need to filter the flows on the collector..
>> 
>> 	oli
>> 
> 
> --
> Alex Rubenstein, AR97, K2AHR, alex at nac.net, latency, Al Reuben
> Net Access Corporation, 800-NET-ME-36, http://www.nac.net

More information about the cisco-nsp mailing list