[c-nsp] flexible netflow - ASR1K / vrf

CiscoNSP List cisconsp_list at hotmail.com
Sat Jan 10 14:28:50 EST 2015 

Just an update to this - I opened a TAC case, but it wasnt progressing (They were saying it was expected behaviour).

I showed them similar test to+through a 7200 (ping), and Netflow reported trafffic in both directions.


I also tried connecting a laptop directly to the ASR(No BDI Int), enabled FNF on that Interface, and voila, saw flows in both directions....so it appears to be an issue with BDI Interfaces/Netflow....TAC agree, and are currently looking at it as a potential bug..how long this will take is anyones guess.

Cheers.


> From: cisconsp_list at hotmail.com
> To: gert at greenie.muc.de; mrantoinemonnier at gmail.com
> Date: Thu, 8 Jan 2015 09:39:03 +1100
> CC: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] flexible netflow - ASR1K / vrf
> 
> Thanks for all the replies - I added a BDI int(And created/added it to a new test vrf) to one of the ASR's, and connected that to an ME3600(No IP's, just service ints), then connected the ME to a 4948 (trunk port), and created a vlan Int on the 4948 in the same subnet that is configured on the BDI Interface)...bit of an elaborate test, but I wanted to do some other testing with 4948 connected anyway!)
> 
> I applied "ip flow monitor mm_1 input" to both the BDI Int, and also the x-connect between the 2 ASR1K's, and could successfully ping from 4948->ASR1(BDI Int IP), and also to ASR2 with loop int in the same new vrf.
> 
> ping tests from 4948->ASR2 Loop, Im now seeing the VRF traffic, but it looks to only record it in one direction - i.e. SRC address is always the 4948's vlan IP, regardless of which direction I ping....the "bytes" recorded are correct, but my experience with netflow is the "old" style...(i.e. v5, then enabling ip flow ingress on the Ints you want to capture traffic flows).
> 
> With the "old" netflow, If I did a similar test to the above(i.e. ping from ASR2->4948), Id see netflow traffic with a source address of ASR2 loop / dst of 4948 vlan IP, and also the reverse (src of 4948 vlan IP, dst of ASR2 loop)....which is correct, as the 4948 would be responding back to the ASR. 
> Hotmail will undoubtedly screw up the formatting, but this is what Im now seeing....so it's "working", Im just not seeing the reverse traffic they way the old netflow used to display it.... 
> 
> show flow monitor mm_1 cache format table
> 
> IP VRF ID INPUT                IPV4 SRC ADDR    IPV4 DST ADDR    TRNS SRC PORT  TRNS DST PORT  intf input            intf output                bytes        pkts=============================  ===============  ===============  =============  =============  ====================  ====================  ==========  ==========4          (CUSTB)             10.10.10.2       11.11.11.1                   0           2048  BD300                 Gi0/0/3                   500000         500
> 
> 
> 
> > Date: Wed, 7 Jan 2015 16:10:06 +0100
> > From: gert at greenie.muc.de
> > To: mrantoinemonnier at gmail.com
> > CC: cisconsp_list at hotmail.com; cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] flexible netflow - ASR1K / vrf
> > 
> > Hi,
> > 
> > On Wed, Jan 07, 2015 at 01:44:50PM +0100, Antoine Monnier wrote:
> > > > If I create a test vrf and apply it to a loop interface on both routers,
> > > > and enable netflow on them
> > > >
> > > >  ip flow monitor mm_1 input
> > > >
> > > > Then ping between the loops (Using src IP of the loops), I see no flows if
> > > > I issue:
> > > >
> > > > show flow monitor mm_1 cache format table
> > 
> > Netflow needs to be enabled on the actual ingress interface on the router,
> > not on the loopback.  There's no "input" traffic on loopbacks (except if
> > you use them to bounce traffic around).
> > 
> > I have no idea whether ASR1k can do netflow for packets arriving MPLS-
> > encapsulated, though.
> > 
> > gert
> > -- 
> > USENET is *not* the non-clickable part of WWW!
> >                                                            //www.muc.de/~gert/
> > Gert Doering - Munich, Germany                             gert at greenie.muc.de
> > fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
>  		 	   		  
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list