[c-nsp] No netflow packets after upgrade?

Rodney Dunn rodunn at cisco.com
Mon Sep 26 09:20:50 EDT 2005


What platforms did you upgrade?

224.0.0.2 is the resuved mulicast address for
all routers on subnet.

Try building an ACL like this:

access-list X permit ip host <loopback0ip> host x.x.x.x eq 4444

and do a debug ip packet against that ACL or try debug ip cef
packet against that ACL and see if we are trying to export
the flows. Correlate that to "sh ip flow export stats" and
watch for those packet counters to go up.

I don't think the debug below corresponds to netflow trying
to send the packets.

Rodney


On Sat, Sep 24, 2005 at 10:35:23AM +0200, Garry wrote:
> Hi,
> 
> after upgrading one of our backbone routers (well, two actually) to
> 12.2(25)S4, I can't seem to get it to export any netflow data anymore
> ... I had "router-cache flow" turned on for several interfaces, which
> seems to be default now or replaced by "ip flow ingress", plus the usual
> config options:
> 
> ip flow-export source Loopback0
> ip flow-export version 5 origin-as
> ip flow-export destination x.x.x.x 4444
> 
> On several other systems (720x, too) this works fine - but the updated
> routers won't send out a single packet anymore ...
> 
> Am I missing something here?
> 
> "show ip cache flow" still lists of flow entries, and show ip flow
> export states it has sent lots of datagrams:
> 
> Flow export v5 is enabled for main cache
>   Exporting flows to x.x.x.x (9995) y.y.y.y (4444)
>   Exporting using source interface GigabitEthernet1/0
>   Version 5 flow records, origin-as
>   52083 flows exported in 1736 udp datagrams
>   0 flows failed due to lack of export packet
>   0 export packets were sent up to process level
>   0 export packets were dropped due to no fib
>   0 export packets were dropped due to adjacency issues
>   0 export packets were dropped due to fragmentation failures
>   0 export packets were dropped due to encapsulation fixup failures
> 
> (that was after a clear, and with another host configured ... ping works
> to either host ...)
> 
> Turning on ip packet debugging I get these funny outputs: (with a.a.a.a
> being the gi1/0 ip address):
> 
> Sep 24 08:22:29: IP: s=a.a.a.a (local), d=224.0.0.2
> (GigabitEthernet1/0), len 62, sending broad/multicast
> Sep 24 08:22:29: IP: s=a.a.a.a (local), d=224.0.0.2
> (GigabitEthernet1/0), len 62, output feature, Post-Ingress-NetFlow(1),
> rtype 0, forus FALSE, sendself FALSE, mtu 0
> Sep 24 08:22:29: IP: s=a.a.a.a (local), d=224.0.0.2
> (GigabitEthernet1/0), len 62, sending full packet, Ingress-NetFlow(3),
> rtype 0, forus FALSE, sendself FALSE, mtu 0, Ingress-NetFlow(3), rtype
> 0, forus FALSE, sendself FALSE, mtu 0, Ingress-NetFlow(3), rtype 0,
> forus FALSE, sendself FALSE, mtu 0, Ingress-NetFlow(3), rtype 0, forus
> FALSE, sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus
> FALSE, sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus
> FALSE, sendself FALSE, mtu 0, Ingress-NetFlow(3), rtype 0, forus FALSE,
> sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus FALSE,
> sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus FALSE,
> sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus FALSE,
> sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus FALSE,
> sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus FALSE,
> sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus FALSE,
> sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus FALSE,
> sendself FALSE, mtu 0, Ingress-NetFlow(3), rtype 0, forus FALSE,
> sendself FALSE, mtu 0, Post-Ingress-NetFlow(1), rtype 1, forus FALSE, [..]
> 
> Does this mean the router is trying to send the flow accounting data out
> via broadcast???
> 
> I checked the Cisco docs, but apart from the config options above which
> were set already, I couldn't find anything else ...
> 
> Tnx, -garry
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list