[c-nsp] 6509 broken netflow
Jon Lewis
jlewis at lewis.org
Mon Jun 5 23:05:42 EDT 2006
On 2 6509s with very similar configs and traffic, one is giving me
reasonable netflow data while the other gives what looks like 0.5% sampled
netflow. Back when I was first configuring netflow export on this pair of
6509s, I had a feeling at one point after making changes to the flow
aging, that netflow had become "sampled" on both units, but for what I was
using the data for (abuse tracking) it generally didn't matter and I
didn't pursue the issue. After one of them rebooted recently, whatever
was broken got fixed by the reboot. With no change in config, suddenly it
was producing about 200x as much netflow data.
Are there known issues in 12.2SXD that can cause this behavior? Is there
anything I can do, short of a reboot, that might fix the sampled one?
On the one that's working:
#show mls netflow ip count
Displaying Netflow entries in Supervisor Earl
Number of shortcuts = 70629 (bounces around 60000-80000)
The other:
#show mls netflow ip count
Displaying Netflow entries in Supervisor Earl
Number of shortcuts = 74 (stays in 50-100)
Each is configured with:
mls aging fast time 8 threshold 3
mls aging long 480
mls aging normal 32
mls flow ip interface-full
mls flow ipx destination
mls nde sender version 5
mls rate-limit unicast cef receive 10000
mls qos
ip flow-export source Loopback0
ip flow-export version 5 peer-as
ip flow-export destination <IP> <PORT>
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list