[c-nsp] Cisco 7600/6500 Netflow

Александр Чурсин achursin86 at gmail.com
Wed Jun 2 13:46:29 EDT 2010 

I reviewed thread "7600 + egress netflow + 12.2(33)SRE". There was mentioned
Cisco 7600 hasn't hardware support of egress netflow. Please, could anybody
give me links or materials approving that fact. I made little lab:

PC <--> Cisco 7606 (RSP720-3BXL) Gi5/2 on Sup

config from port:

interface GigabitEthernet5/2
 ip address 14.0.0.10 255.255.255.0
 ip flow ingress
 media-type rj45

PC 14.0.0.2

and cache output:

sh ip cache flow

-------------------------------------------------------------------------------
MSFC:
IP packet size distribution (342 total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448
480
   .000 .997 .002 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
.000

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes
  3 active, 4093 inactive, 18 added
  281 ager polls, 0 flow alloc failures
  Active flows timeout in 30 minutes
  Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 33992 bytes
  0 active, 1024 inactive, 0 added, 0 added to flow
  0 alloc failures, 0 force free
  1 chunk, 0 chunks added
  last clearing of statistics 00:02:47
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec)
Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-Telnet          16      0.1        37    40      3.7      13.5       4.1
ICMP                 1      0.0       249    60      1.5     263.9      15.7
Total:              17      0.1        50    46      5.3      28.2       4.8
 --More--
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP
Pkts
Gi5/2         14.0.0.2        Local         14.0.0.10       01 0000 0800
4
Gi5/2         14.0.0.2        Null          14.0.0.1        01 0000 0800
2
Gi5/2         14.0.0.2        Local         14.0.0.10       06 3CA4 0017
6

-------------------------------------------------------------------------------
PFC:

Displaying Hardware entries in Module 5
 SrcIf            SrcIPaddress          DstIPaddress      Pr       SrcP
DstP      Pkts
 Gi5/2            14.0.0.2              14.0.0.1          icmp     8
0         0
 Gi5/2            14.0.0.2              14.0.0.10         icmp     8
0         0
 Gi5/2            14.0.0.1              14.0.0.2          tcp      telnet
15517     11
 Gi5/2            14.0.0.2              14.0.0.10         tcp      15524
telnet    0
 Gi5/2            14.0.0.10             14.0.0.2          icmp     0
0         4
 Gi5/2            14.0.0.10             14.0.0.2          tcp      telnet
15524     82
 --               0.0.0.0               0.0.0.0           0        0
0         2903

Why we have both flows from and to the router from PFC (10.0.0.2 ->
10.0.0.10, 10.0.0.10 -> 10.0.0.2) and ingress counters equal zeros?  If ip
flow egress entered on the same interface there was no difference in traffic
captured to cache.

More information about the cisco-nsp mailing list