[c-nsp] ipv6 traffic layer2-switched netflow data export on c65k
Nick Hilliard
nick at inex.ie
Sun Jul 5 11:51:16 EDT 2009
Is there anyone out there who has managed to get layer2 netflow data export
working for l2 switched ipv6 traffic on a c65k? I've been beating my head
against a wall trying to get it to work and just can't seem to.
The box in question has a sup720/pfc3b and is running sxi1. The relevant
configuration is:
> ipv6 unicast-routing
> ip flow ingress layer2-switched vlan NNN
> mls netflow interface
> mls netflow usage notify 75 120
> mls flow ip interface-full
> mls flow ipv6 interface-full
> mls nde sender
> ip flow-export version 9
> ip flow-export destination x.x.x.x yyyy
> ip flow-aggregation cache destination-prefix
> interface VlanNNN
> ip address x.x.x.x y.y.y.y
> ip access-group N in
> ip access-group N out
> no ip proxy-arp
> ip flow ingress
> ipv6 address zz:zz::zz/64
> ipv6 enable
> end
With this configuration, I can see netflow v9 records for ipv4 L2 traffic
getting exported to the collector - indicating that NDE is working, and
exporting correctly-formed v9 records. NDE on the switch also says the
right sort of stuff:
> switch#sh mls nde
> Netflow Data Export enabled
> Exporting flows to x.x.x.x (yyyy)
> Exporting flows from x.x.x.x (zzzz)
> Version: 9
> Layer2 flow creation is enabled on vlan 10
> Layer2 flow export is enabled on vlan 10
> Include Filter not configured
> Exclude Filter not configured
> Total Netflow Data Export Packets are:
> 1331555 packets, 0 no packets, 42469446 records
> Total Netflow Data Export Send Errors:
> IPWRITE_NO_FIB = 0
> IPWRITE_ADJ_FAILED = 0
> IPWRITE_PROCESS = 0
> IPWRITE_ENQUEUE_FAILED = 0
> IPWRITE_IPC_FAILED = 0
> IPWRITE_OUTPUT_FAILED = 0
> IPWRITE_MTU_FAILED = 0
> IPWRITE_ENCAPFIX_FAILED = 0
> IPWRITE_CARD_FAILED = 0
> Netflow Aggregation Disabled
I'm also seeing ipv6 netflow data being collected on the switch - these
flows look ok to me.
> switch#sh mls netflow ipv6 nowrap
> Displaying Netflow entries in Active Supervisor EARL in module 5
> DstIP SrcIP Prot:SrcPort:DstPort Src i/f :AdjPtr Pkts Bytes Age LastSeen Attributes
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 2001:0:CF2E:3096:C10:13FA:C555:FD0D 2001:770:100:143::2 tcp :52212 :32385 Vl10 :0x0 20 21080 12 16:30:48 L2 - Dynamic
> 2001:678:4::2 2001:7C8:3:2::2 udp :21131 :dns Vl10 :0x0 1 83 4 16:30:45 L2 - Dynamic
> 2001:500:14:6036:AD::1 2001:7C8:42:1::2 udp :62258 :dns Vl10 :0x0 1 97 6 16:30:43 L2 - Dynamic
> 2001:7C8:42:1::2 2001:500:14:6036:AD::1 udp :dns :62258 Vl10 :0x0 1 146 6 16:30:43 L2 - Dynamic
[...]
... indicating that the pfc is actually collecting ipv6 netflow data.
However, there are no ipv6 netflow data records appearing on the netflow
collector. I've tried both flowd and nfcapd, just in case one of them was
playing silly buggers with v6 records, but neither of them is reporting any
ipv6 data records at all, just ipv4.
The relevant documentation suggests that this should work. Also, ipv6 NDE
for L3 traffic appears to work, from what I hear of other people.
Any suggestions here?
Nick
More information about the cisco-nsp
mailing list