[c-nsp] 6500 Netflow

Ian Cox icox at cisco.com
Thu Apr 17 12:43:22 EDT 2008 

Prior to 12.2(33)SXH netflow on the 6500 was enabled on a global 
basis. Which is different to all the router platforms where it is 
enabled on a per interface basis. In 12.2(33)SXH for the 6500 and 
12.2(33)SRA for the 7600 NDE was finally changed to be enabled on a 
per interface basis like other cisco platforms.


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/netflow.html#wp1174622
[snip]
Per-interface NDE

Cisco IOS Release 12.2(33)SXH and later releases support 
per-interface NDE, which enables PFC NetFlow data collection on a 
per-interface basis. With releases earlier than Release 12.2(33)SXH, 
NetFlow on the PFC could be only be enabled and disabled globally.

When you upgrade to a software release that supports the 
per-interface NDE feature, the system automatically enables 
per-interface NDE and configures the ip flow ingress command on every 
Layer 3 interface. This one-time action takes place on the first 
reload after the upgrade and maintains backward compatibility with 
the global NetFlow enable command. After the reload, you can 
configure the no ip flow ingress command on Layer 3 interfaces to 
selectively disable PFC and RP NetFlow data collection/export.

The per-interface NDE feature only applies to IPv4 unicast flows on 
Layer 3 interfaces. Flows for non-IPv4 protocols (such as IPv6 and 
MPLS) are not controlled by this feature

[end snip]

Ian


At 11:57 AM 4/17/2008 -0400, Jeff Fitzwater wrote:
>The command "ip flow-ingress supersedes "ip route-cache flow".  These
>commands are very version dependent.   We are now at 12.2(33)SXH and
>it is even different yet.   Supports per interface IP-FLOW-INGRESS.
>This becomes an issue when you TRY to have both MICRO_FLOW _POLICING
>and NDE at same time.
>
>What works in one version may not work in another.   We have had many
>headaches with NDE configs.
>
>
>
>Jeff Fitzwater
>OIT Network Systems
>Princeton University
>On Apr 17, 2008, at 11:49 AM, virendra rode // wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Paul Stewart wrote:
> >> That's it!  Thanks very much... "ip flow ingress" solved my
> >> problem...
> >>
> >> Paul
> > - -----------------------
> > Unless I'm missing something won't "ip route-cache flow" on the main
> > interface will overwrite "ip flow ingress" data collection selected
> > sub-interface(s)?
> >
> >
> > regards,
> > /virendra
> >
> >>
> >>
> >> -----Original Message-----
> >> From: Jeff Fitzwater [mailto:jfitz at Princeton.EDU]
> >> Sent: Wednesday, April 16, 2008 1:16 PM
> >> To: Paul Stewart
> >> Cc: 'cisco-nsp'
> >> Subject: Re: [c-nsp] 6500 Netflow
> >>
> >> Not sure what IOS you are running, which can make a difference, but
> >> you are probably only seeing route-processor flows and not mls
> >> switched flows.
> >> There should be an interface command like "ip flow-cache" or "ip flow
> >> ingress".     There are other commands that enable BRIDGED flows to
> >> be
> >> included,  (port to port within switch) but don't remember what they
> >> are.
> >>
> >> Jeff  Fitzwater
> >> OIT Network Systems
> >> Princeton University
> >>
> >>
> >> On Apr 16, 2008, at 12:20 PM, Paul Stewart wrote:
> >>
> >>> Hi there...
> >>>
> >>> I am trying to turn up netflow reporting on a 6500 - ran into this
> >>> before
> >>> and can't remember the solution....;)
> >>>
> >>> On the reporting server I'm not getting the correct levels of data -
> >>> almost
> >>> like it's sampling the data by default...
> >>>
> >>> Can someone tell me the missing piece here?  I've searched the 6500
> >>> docs and
> >>> don't see anything wrong....
> >>>
> >>> Config looks like this:
> >>>
> >>> ip flow-cache timeout active 1
> >>> mls flow ip interface-full
> >>> ip flow-export version 5 origin-as
> >>> ip flow-export destination xxx.xxx.xxx.xxx xxxx
> >>> mls rp ip
> >>> mls aging long 64
> >>> mls aging normal 32
> >>> mls flow ip interface-full
> >>> mls nde sender version 5
> >>> no mls acl tcam share-global
> >>>
> >>> Thanks ... the netflow reporting system works great against the
> >>> GSR's, only
> >>> having this problem with the 6500's
> >>>
> >>> Paul
> >>>
> >>>
> >>> _______________________________________________
> >>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.2 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQFIB3F3pbZvCIJx1bcRAvUiAKDMfUPnBBVrIO1af1r+vcFysr8i5gCg7imL
> > 5ArP8VUXsyDs9cJzPAHoLC4=
> > =49TK
> > -----END PGP SIGNATURE-----
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list