[c-nsp] Netflow Collector shows minimal bandwidth from 6509

Julio Arruda jarruda-cnsp at jarruda.com
Mon Jul 6 17:41:20 EDT 2009 

Justin Krejci wrote:
> Thanks,
> 
> ip flow ingress is already defined on my setup
> 
> We are trying to avoid sampling (currently we're not seeing any contention
> or other load issues)

As I understand, netflow sampling in the current 7600/6500 based gear, 
would not help with Netflow TCAM contention...

Is more on the lines of "after-the-fact", it will do some kind of 
sampling of the already collected information..
EARL8, like in the Nexus 7K, is supposed to do packet-sampling 'as other 
  boxes do', before creating the netflow entry.

> 
> Apparently when putting in "ip route-cache flow" it changes the syntax to
> "ip flow ingress"
> 
> conf t
> int g5/1
> no ip flow ingress
> no ip route-cache flow
> ip route-cache flow
> end
> show run | section interface GigabitEthernet5/1
> 
> yields: 
> ip flow ingress
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Kranz
> Sent: Monday, July 06, 2009 2:25 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Netflow Collector shows minimal bandwidth from 6509
> 
> We needed the following to see all of the flow data (we use sampling as
> well):
> 
> int x/x
>  ip flow ingress
>  ip route-cache flow
>  mls netflow sampling
> 
> Peter Kranz
> Founder/CEO - Unwired Ltd
> www.UnwiredLtd.com
> Desk: 510-868-1614 x100
> Mobile: 510-207-0000
> pkranz at unwiredltd.com
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Andreas Bourges
> Sent: Monday, July 06, 2009 7:39 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Netflow Collector shows minimal bandwidth from 6509
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> On Monday 06 July 2009 16:01:42 Justin Krejci wrote:
>>
>> interface GigabitEthernet5/1
>>
>>  ip flow ingress
>>
>>  ip flow egress
> 
> ...ip flow egress will only catch the software-processed flows. So you will 
> need to modify your netflow setup to enable ip flow ingress on all layer3 
> interfaces to catch all output traffic for gig5/1.
> 
> which doesn't explain why you're still missing 50% of your ingress flows ?!
> 
> 
> Regards,
> 
> Andy
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> 
> iEYEARECAAYFAkpSDH0ACgkQRrny/uOBVy43UACgoOdfbyaS8X8Td34Twi5OUJID
> RAEAnjZiiCWqdDBiNXavjk5DTkLBr+ei
> =9gLx
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list