[c-nsp] Netflow Collector shows minimal bandwidth from 6509

Tim Stevenson tstevens at cisco.com
Mon Jul 6 21:15:38 EDT 2009


At 02:41 PM 7/6/2009, Julio Arruda noted:

>Justin Krejci wrote:
> > Thanks,
> >
> > ip flow ingress is already defined on my setup
> >
> > We are trying to avoid sampling (currently we're not seeing any contention
> > or other load issues)
>
>As I understand, netflow sampling in the current 7600/6500 based gear,
>would not help with Netflow TCAM contention...
>
>Is more on the lines of "after-the-fact", it will do some kind of
>sampling of the already collected information..

Correct, it is a sampling of the flows that made it into the hw. It 
does not appear from the outputs that any significant contention is happening.


>EARL8, like in the Nexus 7K, is supposed to do packet-sampling 'as other
>   boxes do', before creating the netflow entry.

That it does, we do both full & sampled NF. Eg, with 1 in 1000 
sampling, 1 packet out of 1000 passing the interface in the specified 
direction (7k supports both ingress & egress NF) is sampled, and that 
packet creates/updates a flow entry in the hw table.

Once in the hw, the flow entry is treated as any other, ie, updated, 
aged, exported.


HTH,
Tim


> >
> > Apparently when putting in "ip route-cache flow" it changes the syntax to
> > "ip flow ingress"
> >
> > conf t
> > int g5/1
> > no ip flow ingress
> > no ip route-cache flow
> > ip route-cache flow
> > end
> > show run | section interface GigabitEthernet5/1
> >
> > yields:
> > ip flow ingress
> >
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > 
> [<mailto:cisco-nsp-bounces at puck.nether.net>mailto:cisco-nsp-bounces at puck.nether.net] 
> On Behalf Of Peter Kranz
> > Sent: Monday, July 06, 2009 2:25 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Netflow Collector shows minimal bandwidth from 6509
> >
> > We needed the following to see all of the flow data (we use sampling as
> > well):
> >
> > int x/x
> >  ip flow ingress
> >  ip route-cache flow
> >  mls netflow sampling
> >
> > Peter Kranz
> > Founder/CEO - Unwired Ltd
> > www.UnwiredLtd.com
> > Desk: 510-868-1614 x100
> > Mobile: 510-207-0000
> > pkranz at unwiredltd.com
> >
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > 
> [<mailto:cisco-nsp-bounces at puck.nether.net>mailto:cisco-nsp-bounces at puck.nether.net] 
> On Behalf Of Andreas Bourges
> > Sent: Monday, July 06, 2009 7:39 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Netflow Collector shows minimal bandwidth from 6509
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi,
> >
> > On Monday 06 July 2009 16:01:42 Justin Krejci wrote:
> >>
> >> interface GigabitEthernet5/1
> >>
> >>  ip flow ingress
> >>
> >>  ip flow egress
> >
> > ...ip flow egress will only catch the software-processed flows. So you will
> > need to modify your netflow setup to enable ip flow ingress on all layer3
> > interfaces to catch all output traffic for gig5/1.
> >
> > which doesn't explain why you're still missing 50% of your ingress flows ?!
> >
> >
> > Regards,
> >
> > Andy
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.9 (GNU/Linux)
> >
> > iEYEARECAAYFAkpSDH0ACgkQRrny/uOBVy43UACgoOdfbyaS8X8Td34Twi5OUJID
> > RAEAnjZiiCWqdDBiNXavjk5DTkLBr+ei
> > =9gLx
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > 
> <https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at 
> <http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > 
> <https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at 
> <http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > 
> <https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at 
> <http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
><https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at 
><http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/




Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.


More information about the cisco-nsp mailing list