[c-nsp] 6500 not exporting layer 2 netflow data

Tassos Chatzithomaoglou achatz at forthnet.gr
Tue Apr 29 11:56:21 EDT 2008 

If i understand correctly, you're doing netflow for bridged IP traffic.

If yes, do you have a a corresponding VLAN interface with an IP address as the one you're gathering netflow data from?

Maybe posting your mls/flow config would help a little more.

--
Tassos

Andy Ellsworth wrote on 29/4/2008 5:28 μμ:
> I'm pulling my hair out with TAC's lack of understanding of this problem 
> (I gave up on the first engineer, and the second engineer is parroting 
> the same thing - they claim everything is working fine). However, I'm 
> fairly new to netflow on the cat6k, so I figured I'd send this out for 
> peer review just in case I'm overlooking something, before I ask for my 
> third TAC engineer.
> 
> Our platform is Cat6509, Sup720-3BXL, 12.2(18)SXF10 (monolithic). This 
> particular chassis is doing mostly layer 2 switching via two 6748-GE-TX 
> w/CFCs, and is not currently doing much in the way of routing.
> 
> In the current configuration, the box sees all of my layer 2 flows 
> correctly, but it does not export any of these flows to my netflow 
> collector (verified via packet capture and wireshark's netflow protocol 
> dissection). Layer 3 flows (those which traverse a routed interface, or 
> terminate on the box directly e.g. ssh) are exported fine.
> 
> For starters, here's a snapshot of the current number of flows in the 
> table. Take my word for it that most of these flows are of type "L2 - 
> Dynamic".
> 
>  #show mls netflow ip count
>  Displaying Netflow entries in Supervisor Earl
> 
>   Number of shortcuts = 3573
> 
> and here's the summary of the NDE config, showing that layer 2 export is 
> enabled on all of the VLANs that exist on the box:
> 
>  #sh mls nde
>  Netflow Data Export enabled
>  Exporting flows to  10.100.253.210 (30002)
>  Exporting flows from 10.100.253.8 (54259)
>  Version: 7
>  Layer2 flow creation is enabled on vlan 1,18,201,253-254
>  Layer2 flow export is enabled on vlan 1,18,201,253-254
>  Include Filter not configured
>  Exclude Filter not configured
>  Total Netflow Data Export Packets are:
>     130 packets, 0 no packets, 510 records
>  Total Netflow Data Export Send Errors:
>         IPWRITE_NO_FIB = 0
>         IPWRITE_ADJ_FAILED = 0
>         IPWRITE_PROCESS = 0
>         IPWRITE_ENQUEUE_FAILED = 0
>         IPWRITE_IPC_FAILED = 0
>         IPWRITE_OUTPUT_FAILED = 0
>         IPWRITE_MTU_FAILED = 0
>         IPWRITE_ENCAPFIX_FAILED = 0
>  Netflow Aggregation Disabled
> 
> Note the very low number of Netflow Data Export packets (130 packets, 
> 510 records). NDE has been configured on this box for over a week now.
> 
> To me, this is not brain surgery:
> 
>  - the 6500 sees the L2 flows (verified via "show mls netflow ip")
>  - the 6500 tells me that it's configured to export those L2 flows 
> (verified via "show mls nde")
>  - the 6500 does not, in fact, export those flows (verified via packet 
> counts in "show mls nde" and via packet capture/decoding)
> 
> Despite laying all this out to TAC, they claim nothing's broken.
> 
> Anything obvious to check here? Can anyone confirm that they've gotten 
> export of layer 2 flows to work correctly?
> 
> -Andy
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list