[c-nsp] Netflow Collector shows minimal bandwidth from 6509
Justin Krejci
jkrejci at usinternet.com
Mon Jul 6 10:01:42 EDT 2009
List,
My netflow collector was running just fine with my previous 7206VXR-NPEG1.
After swapping out to a new 6509 (hardware specs below, same as discussed in
earliar LX vs LH thread) our netflow (ver 5) collector is reporting a
fraction (around 30-40% on inbound and around 0-1% on outbound) of the
traffic across the gig5/1 interface. The results of my netflow collector
indicate my netflow configuration is not setup properly though after reading
thru these Cisco documents it does not appear I am missing anything from the
config. I've tried playing around with various other configs but nothing
seems to work. Am I missing some config or is my hardware not going to give
me the data I am looking for?
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration
_example09186a0080721701.shtml
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configu
ration/guide/netflow.html
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native
/configuration/guide/nde.html
Though I did read this line from the first URL above that seems ominous for
me since I am looking for L3 traffic (router interface gig5/1)
The Policy Feature Card 3 (PFC3) and Policy Feature Card 2 (PFC2) do not use
the NetFlow table for Layer 3 switching in hardware.
Also when I run a tcpdump on the collector server for the netflow traffic
from this 6509 it shows traffic in small batches whereas on other netflow
collectors still receiving from 7206 routers it's a steady stream of UDP
packets.
Cat6509
IOS: Version 12.2(33)SXI
Mod Ports Card Type Model
--- ----- -------------------------------------- ---------------
1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX
5 2 Supervisor Engine 720 (Active) WS-SUP720-3BXL
Mod Sub-Module Model
---- --------------------------- --------------
1 Centralized Forwarding Card WS-F6700-CFC
5 Policy Feature Card 3 WS-F6K-PFC3BXL
5 MSFC3 Daughterboard WS-SUP720
6509#show run | inc mls
mls ip slb purge global
mls aging normal 120
mls exclude acl-deny
mls netflow interface
mls flow ip interface-full
no mls flow ipv6
mls nde sender version 5
mls cef error action freeze
6509#show run | inc flow-ex
ip flow-export source GigabitEthernet1/1
ip flow-export version 5
ip flow-export destination 10.255.244.71 9996
6509#show mls netflow flowmas
current ip flowmask for unicast: if-full
current ipv6 flowmask for unicast: null
6509#show mls netflow table-contention detailed
Earl in Module 5
Detailed Netflow CAM (TCAM and ICAM) Utilization
================================================
TCAM Utilization : 20%
ICAM Utilization : 1%
Netflow TCAM count : 54697
Netflow ICAM count : 2
Netflow Creation Failures : 0
Netflow CAM aliases : 0
6509#sh mls nde
Netflow Data Export enabled
Exporting flows to 10.255.244.71 (9996)
Exporting flows from 10.255.244.4 (56343)
Version: 5
Layer2 flow creation is disabled
Layer2 flow export is disabled
Include Filter not configured
Exclude Filter not configured
Total Netflow Data Export Packets are:
6640025 packets, 0 no packets, 192559651 records
Total Netflow Data Export Send Errors:
IPWRITE_NO_FIB = 0
IPWRITE_ADJ_FAILED = 0
IPWRITE_PROCESS = 0
IPWRITE_ENQUEUE_FAILED = 0
IPWRITE_IPC_FAILED = 0
IPWRITE_OUTPUT_FAILED = 0
IPWRITE_MTU_FAILED = 0
IPWRITE_ENCAPFIX_FAILED = 0
IPWRITE_CARD_FAILED = 0
Netflow Aggregation Disabled
interface GigabitEthernet5/1
ip flow ingress
ip flow egress
6509#show int g5/1 | inc 30 second
30 second input rate 102688000 bits/sec, 18410 packets/sec
30 second output rate 136059000 bits/sec, 30058 packets/sec
Sincerely and thanks,
Justin Krejci
More information about the cisco-nsp
mailing list