Hi Thorstenn,

Can you please attach your running-config here? Command is 'show running-config'.

Thank you,

-Shachi

Hi Shachi,

i`ve make some tests and only if i choose as record "netflow-original" the error appears. Is this a generally problem?

I`ve now choosen "record ipv4 original-output" and now there is no error.

here is a part of running conf:

flow exporter test_export
  description test
  destination 172.16.10.10
  transport udp 9996
  source mgmt0
  version 9
    template data timeout 1200
    option exporter-stats timeout 1200
flow monitor MonitorTest
  description ipv4Monitor
  record ipv4 original-output
  exporter test_export
  timeout inactive 600
  timeout active 1800
  cache size 15000

here is the port-profile on which the netflow should work....

port-profile netflow_test
  vmware port-group
  switchport mode access
  ip flow monitor MonitorTest output
  no shutdown
  state enabled

now my only problem is to analyze the traffic... I`ve tried some tools like scrutinizer or Netflow Analyzer 7 but if i add the ip of the nexus the software could not add the device....

is there a cisco tool which i can try for this ?

I only want to monitor the outgoing internet traffic of some ports/port-profiles....

Glad to hear that you got past the error.

There is indeed a Cisco NetFlow collector which can be used to analyze this data: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/

Thanks,

-Shachi

I`ve no permission to download this software. :-/ Any other suggestion? Or a trial version?

Can you do a show run and show us the flow record for original-output? and for the one that was giving you errors?

thanks

louis

Here the record with the error

#show flow record netflow-original

Flow record netflow-original:
    Description: Traditional IPv4 input NetFlow with origin ASs
    No. of users: 0
    Template ID: 0
    Fields:
        match ipv4 source address
        match ipv4 destination address
        match ip protocol
        match ip tos
        match transport source-port
        match transport destination-port
        match interface input
        match interface output
        match flow direction
        collect routing source as
        collect routing destination as
        collect routing next-hop address ipv4
        collect transport tcp flags
        collect counter bytes
        collect counter packets
        collect timestamp sys-uptime first
        collect timestamp sys-uptime last

and here the record with NO error:

#show flow record netflow ipv4 original-output

Flow record ipv4 original-output:
    Description: Traditional IPv4 output NetFlow
    No. of users: 1
    Template ID: 258
    Fields:
        match ipv4 source address
        match ipv4 destination address
        match ip protocol
        match ip tos
        match transport source-port
        match transport destination-port
        match interface input
        match interface output
        match flow direction
        collect routing source as
        collect routing destination as
        collect routing next-hop address ipv4
        collect transport tcp flags
        collect counter bytes
        collect counter packets
        collect timestamp sys-uptime first
        collect timestamp sys-uptime last

I`ve assigned the "ip flow monitor" to a port-profile, is this possible or i have to assign it to a vethernet interface?

If i perform a "show flow interface" there is no result....

NEXUS# show flow interface
NEXUS#

NEXUS# show flow interface vethernet 1
NEXUS#

Here is the port-profile:

NEXUS# show port-profile name NETFLOW-TEST
port-profile NETFLOW-TEST
  description:
  status: enabled
  capability uplink: no
  capability l3control: no
  system vlans: none
  port-group: NETFLOW-TEST
  max-ports: 32
  inherit:
  config attributes:
    switchport mode access
    ip flow monitor Monitoring output
    no shutdown
  evaluated config attributes:
    switchport mode access
    ip flow monitor Monitoring output
    no shutdown
  assigned interfaces:
    Vethernet1
NEXUS#

as you can see an interface is assigned to this port-profile....

At the moment i`m not able to test if this work because i need a software for analyzing the nexus netflow.... :-/

Any idea ?

Ok, same error as before.....

I`ve disable the "inherit" on t he port-profile and assigned the flow monitor directly on the interface "vethernet 1" ....

NEXUS(config-if)# 2009 Sep  9 11:20:34 NEXUS-VSM-Primary %NFM-2-VERIFY_FAIL: Verify failed - Client 0xff010266, Reason: not enough memory, Interface: Vethernet1

:-(

If i remove the VM from the Vethernet1 and configure this interface for netflow..... there is no error......

Once i assign the VM to this Vethernet1 the "not enough memory" message appears....

i`m confused and need your help please

Hi Thorstenn,

Few questions for you:

1. What exactly you want to monitor here?

2. Are you getting this error with netflow-original flow record or with other flow records too?

3. Can you use following flow record and see if it works:

flow record rec
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match ip tos
  match transport source-port
  match transport destination-port
  collect transport tcp flags
  collect counter bytes
  collect counter packets
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
4. Lastly, can you please attach your running config here?

Thanks,

-Shachi

P.S.: About the netflow collector tool, there are quiet a bunch of them posted here: http://www.networkuptime.com/tools/netflow/ . Personally, I have tried nfsen.

1. What exactly you want to monitor here?

I`ve a port-profile NETFLOW-TEST:

port-profile NETFLOW-TEST
   description:
   status: enabled
   capability uplink: no
   capability l3control: no
   system vlans: none
   port-group: NETFLOW-TEST
   max-ports: 32
   inherit:
   config attributes:
     switchport mode access
     no shutdown
   evaluated config attributes:
     switchport mode access
     no shutdown
   assigned interfaces:
     Vethernet1

For this port-profile i want to monitor the internet traffic

2. Are you getting this error with netflow-original flow record or with other flow records too?

other records too

3. Can you use following flow record and see if it works:

Have created the "rec" record and assigned it to the monitor "MonitorTest"

Then i`ve assigned the flow monitor "MonitorTest" to the port-profile "NETFLOW-TEST"

result:

NEXUS(config-port-prof)# ip flow monitor MonitorTest output
2009 Sep  9 14:07:41 NEXUS-VSM-Primary %NFM-2-VERIFY_FAIL: Verify failed - Client 0xff010266, Reason: not enough memory, Interface: Vethernet1
NEXUS(config-port-prof)#

4. Lastly, can you please attach your running config here?

I`ve send you an pm with the running config (ok?)

About the netflow tool.....

I`m using "NTOP" and i think something from the nexus reached there but no packets, only the templates..... see attached screen

Hope this help to figure out what`s going on :-/

I`ve tried only this matches / collections:

        match ipv4 source address
        match ipv4 destination address
        match ip protocol
        match interface input
        match interface output
        match flow direction
        collect counter bytes
        collect counter packets
        collect timestamp sys-uptime first
        collect timestamp sys-uptime last

Now there is no error and i`m able to receive netflow data on a netflow collector. Maybe a bug with some matches on the nexus? What do you think?

I was just framing my reply, when yours came in.

I dont think its a bug with matches. However I noticed something in your running-config:

flow monitor MonitorTest
  description ipv4Monitor
  record rec
  exporter scrutinizer
  timeout inactive 600
  timeout active 1800
  cache size 15000

You seemed to have used a cache size of 15000 entries. Any reason to change the cache size? By default, it should be 4096.

Also can you run follwoing commands for me and send me the output:

show flow monitor

show flow interface

module vem x execute vemcmd show card
module vem x execute vemcmd show netflow interface
module vem x execute vemlog show all
module vem x execute vemdpalog show all

Note: 'x' in above command is module id, on which your vethernet port exists.

Thanks,

-Shachi

Thanks Shachi, the cache size was it. Now i can assign the netflow-original and other records....

I`ve configured this because of the manual ( http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/system_management/configuration/guide/system_9flow.html#wp1239994 )

I think you don`t need now the output of the other commands, right?

Thanks for help and best regards

Thorsten