[c-nsp] ASR 1000 series again: Netflow export

Elmar K. Bins elmi at 4ever.de
Thu May 14 05:06:38 EDT 2009 

Admitted, I am still running a Cisco Labs software version,
so my main concern is the question "has this been addressed
and fixed in an IOS version?"

The issue:

  I want to export netflow data over the management interface (Gi0)
  on an ASR1002 (this has to go through a VPN tunnel).

Configuration:

ip flow-export source GigabitEthernet0
ip flow-export destination 172.16.31.250 12001

rt#sh ip route vrf Mgmt-intf
S*    0.0.0.0/0 [1/0] via 172.16.199.1
(...)


But:

rt#sh ip flow export
Flow export v5 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Source(1)       ***.***.***.*** (GigabitEthernet0/0/0)
    Destination(1)  172.16.31.250 (12001)
  Version 5 flow records, origin-as
  Cache for as aggregation:
    Flow export is disabled
  8007185179 flows exported in 345108888 udp datagrams



Err - I specified the source interface, right? Stupid box!
Oh, btw - I cannot add a "vrf Mgmt-intf" to the flow-export
source statement...yes, I tried that ;)

So, what happens if we for example...

rt(config)#ip route 172.16.31.250 255.255.255.255 null0

rt#sh ip flow export
Flow export v5 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Source(1)       172.16.199.5 (Unknown)
    Destination(1)  172.16.31.250 (12001)
  Version 5 flow records, origin-as
  Cache for as aggregation:
    Flow export is disabled
  8007251179 flows exported in 345111724 udp datagrams


Eh? "Unknown"? Well, sure, in _that_ VRF yes. That's why
I'd like to change it...err...well...

Is this supposed to be this kind of stupid? Or has
that simply been fixed in later IOS versions (this
one is based on 12.2(33)XNB )?

There are of course more VRF issues on that platform.
Tacacs requires a special solution etc. etc...

So, if anyone can point me in the right direction or
just recommend the IOS this has been fixed in (still
have to check it for the Mac accounting/reboot issue
and the CEF balancing lopsidedness), your help is much
appreciated.

Cheers,
	Elmar.

PS: If anyone knows how to keep "write mem" from using
    like 20 seconds to save the config...

More information about the cisco-nsp mailing list