[c-nsp] 6500 not exporting layer 2 netflow data

Jeff Fitzwater jfitz at Princeton.EDU
Wed Apr 30 14:09:16 EDT 2008 

Looking at your config again, I don't see the command which enables  
the PFC flows "mls netflow"  just those two words.

Jeff Fitzwater
OIT Network Systems
Princeton Univesity
On Apr 29, 2008, at 10:28 AM, Andy Ellsworth wrote:

> I'm pulling my hair out with TAC's lack of understanding of this  
> problem
> (I gave up on the first engineer, and the second engineer is parroting
> the same thing - they claim everything is working fine). However, I'm
> fairly new to netflow on the cat6k, so I figured I'd send this out for
> peer review just in case I'm overlooking something, before I ask for  
> my
> third TAC engineer.
>
> Our platform is Cat6509, Sup720-3BXL, 12.2(18)SXF10 (monolithic). This
> particular chassis is doing mostly layer 2 switching via two 6748-GE- 
> TX
> w/CFCs, and is not currently doing much in the way of routing.
>
> In the current configuration, the box sees all of my layer 2 flows
> correctly, but it does not export any of these flows to my netflow
> collector (verified via packet capture and wireshark's netflow  
> protocol
> dissection). Layer 3 flows (those which traverse a routed interface,  
> or
> terminate on the box directly e.g. ssh) are exported fine.
>
> For starters, here's a snapshot of the current number of flows in the
> table. Take my word for it that most of these flows are of type "L2 -
> Dynamic".
>
> #show mls netflow ip count
> Displaying Netflow entries in Supervisor Earl
>
>  Number of shortcuts = 3573
>
> and here's the summary of the NDE config, showing that layer 2  
> export is
> enabled on all of the VLANs that exist on the box:
>
> #sh mls nde
> Netflow Data Export enabled
> Exporting flows to  10.100.253.210 (30002)
> Exporting flows from 10.100.253.8 (54259)
> Version: 7
> Layer2 flow creation is enabled on vlan 1,18,201,253-254
> Layer2 flow export is enabled on vlan 1,18,201,253-254
> Include Filter not configured
> Exclude Filter not configured
> Total Netflow Data Export Packets are:
>    130 packets, 0 no packets, 510 records
> Total Netflow Data Export Send Errors:
>        IPWRITE_NO_FIB = 0
>        IPWRITE_ADJ_FAILED = 0
>        IPWRITE_PROCESS = 0
>        IPWRITE_ENQUEUE_FAILED = 0
>        IPWRITE_IPC_FAILED = 0
>        IPWRITE_OUTPUT_FAILED = 0
>        IPWRITE_MTU_FAILED = 0
>        IPWRITE_ENCAPFIX_FAILED = 0
> Netflow Aggregation Disabled
>
> Note the very low number of Netflow Data Export packets (130 packets,
> 510 records). NDE has been configured on this box for over a week now.
>
> To me, this is not brain surgery:
>
> - the 6500 sees the L2 flows (verified via "show mls netflow ip")
> - the 6500 tells me that it's configured to export those L2 flows
> (verified via "show mls nde")
> - the 6500 does not, in fact, export those flows (verified via packet
> counts in "show mls nde" and via packet capture/decoding)
>
> Despite laying all this out to TAC, they claim nothing's broken.
>
> Anything obvious to check here? Can anyone confirm that they've gotten
> export of layer 2 flows to work correctly?
>
> -Andy
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list