[c-nsp] Netflow Collector shows minimal bandwidth from 6509
Tim Stevenson
tstevens at cisco.com
Mon Jul 6 21:13:03 EDT 2009
Yes, the syntax changed and ip route-cache flow is now changed to ip
flow ingress.
As others pointed out, c6k only supports ingress NF for unicast, so
ip flow egress will only capture egress flows that were software
routed (should be very few). Why you are only getting ~50% of the
ingress records is a puzzle. Might be a tough correllation exercise
to figure it out.
The config looks ok, only thing I can suggest is open a case.... :(
Tim
At 02:19 PM 7/6/2009, Justin Krejci noted:
>Thanks,
>
>ip flow ingress is already defined on my setup
>
>We are trying to avoid sampling (currently we're not seeing any contention
>or other load issues)
>
>Apparently when putting in "ip route-cache flow" it changes the syntax to
>"ip flow ingress"
>
>conf t
>int g5/1
>no ip flow ingress
>no ip route-cache flow
>ip route-cache flow
>end
>show run | section interface GigabitEthernet5/1
>
>yields:
>ip flow ingress
>
>
>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[<mailto:cisco-nsp-bounces at puck.nether.net>mailto:cisco-nsp-bounces at puck.nether.net]
>On Behalf Of Peter Kranz
>Sent: Monday, July 06, 2009 2:25 PM
>To: cisco-nsp at puck.nether.net
>Subject: Re: [c-nsp] Netflow Collector shows minimal bandwidth from 6509
>
>We needed the following to see all of the flow data (we use sampling as
>well):
>
>int x/x
> ip flow ingress
> ip route-cache flow
> mls netflow sampling
>
>Peter Kranz
>Founder/CEO - Unwired Ltd
>www.UnwiredLtd.com
>Desk: 510-868-1614 x100
>Mobile: 510-207-0000
>pkranz at unwiredltd.com
>
>
>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[<mailto:cisco-nsp-bounces at puck.nether.net>mailto:cisco-nsp-bounces at puck.nether.net]
>On Behalf Of Andreas Bourges
>Sent: Monday, July 06, 2009 7:39 AM
>To: cisco-nsp at puck.nether.net
>Subject: Re: [c-nsp] Netflow Collector shows minimal bandwidth from 6509
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi,
>
>On Monday 06 July 2009 16:01:42 Justin Krejci wrote:
> >
> >
> > interface GigabitEthernet5/1
> >
> > ip flow ingress
> >
> > ip flow egress
>
>...ip flow egress will only catch the software-processed flows. So you will
>need to modify your netflow setup to enable ip flow ingress on all layer3
>interfaces to catch all output traffic for gig5/1.
>
>which doesn't explain why you're still missing 50% of your ingress flows ?!
>
>
>Regards,
>
>Andy
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.9 (GNU/Linux)
>
>iEYEARECAAYFAkpSDH0ACgkQRrny/uOBVy43UACgoOdfbyaS8X8Td34Twi5OUJID
>RAEAnjZiiCWqdDBiNXavjk5DTkLBr+ei
>=9gLx
>-----END PGP SIGNATURE-----
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
><https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at
><http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
><https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at
><http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
><https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at
><http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list