[c-nsp] 6500 not exporting layer 2 netflow data

Andy Ellsworth andy at dar.net
Tue Apr 29 10:28:45 EDT 2008 

I'm pulling my hair out with TAC's lack of understanding of this problem 
(I gave up on the first engineer, and the second engineer is parroting 
the same thing - they claim everything is working fine). However, I'm 
fairly new to netflow on the cat6k, so I figured I'd send this out for 
peer review just in case I'm overlooking something, before I ask for my 
third TAC engineer.

Our platform is Cat6509, Sup720-3BXL, 12.2(18)SXF10 (monolithic). This 
particular chassis is doing mostly layer 2 switching via two 6748-GE-TX 
w/CFCs, and is not currently doing much in the way of routing.

In the current configuration, the box sees all of my layer 2 flows 
correctly, but it does not export any of these flows to my netflow 
collector (verified via packet capture and wireshark's netflow protocol 
dissection). Layer 3 flows (those which traverse a routed interface, or 
terminate on the box directly e.g. ssh) are exported fine.

For starters, here's a snapshot of the current number of flows in the 
table. Take my word for it that most of these flows are of type "L2 - 
Dynamic".

 #show mls netflow ip count
 Displaying Netflow entries in Supervisor Earl

  Number of shortcuts = 3573

and here's the summary of the NDE config, showing that layer 2 export is 
enabled on all of the VLANs that exist on the box:

 #sh mls nde
 Netflow Data Export enabled
 Exporting flows to  10.100.253.210 (30002)
 Exporting flows from 10.100.253.8 (54259)
 Version: 7
 Layer2 flow creation is enabled on vlan 1,18,201,253-254
 Layer2 flow export is enabled on vlan 1,18,201,253-254
 Include Filter not configured
 Exclude Filter not configured
 Total Netflow Data Export Packets are:
    130 packets, 0 no packets, 510 records
 Total Netflow Data Export Send Errors:
        IPWRITE_NO_FIB = 0
        IPWRITE_ADJ_FAILED = 0
        IPWRITE_PROCESS = 0
        IPWRITE_ENQUEUE_FAILED = 0
        IPWRITE_IPC_FAILED = 0
        IPWRITE_OUTPUT_FAILED = 0
        IPWRITE_MTU_FAILED = 0
        IPWRITE_ENCAPFIX_FAILED = 0
 Netflow Aggregation Disabled

Note the very low number of Netflow Data Export packets (130 packets, 
510 records). NDE has been configured on this box for over a week now.

To me, this is not brain surgery:

 - the 6500 sees the L2 flows (verified via "show mls netflow ip")
 - the 6500 tells me that it's configured to export those L2 flows 
(verified via "show mls nde")
 - the 6500 does not, in fact, export those flows (verified via packet 
counts in "show mls nde" and via packet capture/decoding)

Despite laying all this out to TAC, they claim nothing's broken.

Anything obvious to check here? Can anyone confirm that they've gotten 
export of layer 2 flows to work correctly?

-Andy

More information about the cisco-nsp mailing list