[c-nsp] Netflow on Sup720: software-switched flows not recorded

[Jeroen van Ingen]

Hi all,

Just wondering if this rings a bell with anyone: I know the Cat6k and
76xx have a lot of Netflow caveats, but we're running into an issue I
haven't seen mentioned before.

In short: Cat6509 with Sup720-3B running IOS 12.2(33)SXI2a and a second
box with SXI5. No DCFs in the systems. Both configured for netflow v9:
full flow w/ interface, no sampling; no L2 flows, L3 data only. Both
boxes are exporting lots of data, but only for flows that are hardware
switched. 

Only by accident we found out that software-switched flows (unsupp'd in
HW, such as packets with IP Options passing through the boxes) don't
show up in Netflow. Easy to test: run a "ping" with eg "Record Route"
option enabled and it doesn't show in the netflow export, but without
setting IP options, the icmp flow exported as expected.

We're pretty sure that software-switched flows were exported a few years
ago when we still ran SXF18 code and exported the flows in v5 format,
but we don't have any flow data from that period anymore.

Our supplier already mentioned CSCtf62507 but that doesn't seem related,
as that issue is listed as fixed-in SXI4 and we also see it happening on
SXI5.

Supplier already opened a TAC case, but since there's a lot of
knowledgeable folks out here, perhaps this shortcut can provide some
fast pointers :)


Regards,

Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands