Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
0
Helpful
1
Replies

Couldnot Export Netflow entries in the PFC (hardware switched)

Akhtar Samo
Level 1
Level 1

‎04-14-2011 01:59 AM

Hi,

On the Netflow Collector we are not able to see hardware switched flow entries in PFC, but software switched flow entries in MSFC can be seen. One thing which I have observed in the "show ip cache flow" output I see PFC as standby although the flow entries are there. We did the packet capture on the netflow collector but could not find hardware switched flow entries, so it seems that 6506 is not sending PFC entries.

Following is the configuration.

mls aging long 64
mls aging normal 32
mls netflow interface
mls flow ip interface-full
no mls flow ipv6
mls nde sender version 5
mls cef error action reset

ip flow-cache entries 128000
ip flow-cache timeout active 1

ip flow ingress layer2-switched vlan 10,20

ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 10.19.20.31 9996

show ip cache flow

-------------------------------------------------------------------------------

Displaying software-switched flow entries on the MSFC in Module 5:

IP packet size distribution (8679322 total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
   .132 .142 .325 .166 .082 .046 .019 .015 .006 .000 .001 .000 .001 .000 .013

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .001 .001 .001 .005 .035 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 8454644 bytes
  30 active, 127970 inactive, 1523126 added
  438002488 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 1040712 bytes
  30 active, 31970 inactive, 1522942 added, 1522942 added to flow
  0 alloc failures, 0 force free
  1 chunk, 1 chunk added
  last clearing of statistics 2w1d
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-FTP          40819      0.0        10    73      0.3       0.5       3.1
TCP-FTPD         40607      0.0         3    42      0.1       0.0       1.5
TCP-WWW           2071      0.0        10   918      0.0       5.1     164.8
TCP-other        39829      0.0        25   245      0.7       6.6     188.0
UDP-DNS           1579      0.0         3    92      0.0       6.7     293.7
UDP-NTP           3309      0.0         2    94      0.0     105.4     195.0
UDP-TFTP             2      0.0        10    52      0.0     169.3     131.2
UDP-Frag             5      0.0         1    57      0.0       1.0     299.5
UDP-other       576228      0.4         2   197      1.1      13.8     285.8
ICMP             55727      0.0         4   591      0.1     161.5     137.9
GRE              28899      0.0        45    28      0.9     285.4       1.0
IP-other        111838      0.0        34   129      2.9     292.4       8.0
Total:          900913      0.6         9   150      6.5      65.0     202.5

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Gi5/2         172.16.148.254  Tu2           10.191.32.12    2F 0000 0000     2
Gi5/2         172.16.195.254  Tu4           10.191.32.14    2F 0000 0000     2
Gi5/2         10.191.32.62    Vl10          10.191.32.12    2F 0000 0000     4

-------------------------------------------------------------------------------

Displaying hardware-switched flow entries in the PFC (Standby) Module 5:
SrcIf            SrcIPaddress     DstIf            DstIPaddress    Pr SrcP DstP  Pkts

Tu5              10.191.8.89      Vl10             10.190.102.240  2F 0000 0000  4780
Tu5              10.191.8.89      Vl10             10.190.103.89   2F 0000 0000  6218
Gi5/2            10.122.3.35      Tu4              172.16.33.97    06 008B 105F     1
Tu5              10.191.8.89      Vl10             10.190.102.123  2F 0000 0000    73
Tu5              10.124.24.45     Tu2              172.16.148.17   06 0E9F 008B     2
Tu5              10.124.114.221   Gi5/2            10.129.1.89     06 4E21 04D8   450
Gi5/2            10.70.72.8       Tu6              172.16.105.242  06 0050 0B3E     5

show module
Mod Ports Card Type                              Model             
--- ----- -------------------------------------- ------------------ -----------
  5    9  Supervisor Engine 32 8GE (Active)      WS-SUP32-GE-3B    
  6    9  Supervisor Engine 32 8GE (Hot)         WS-SUP32-GE-3B  

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  5  001f.6cfe.aba2 to 001f.6cfe.abad   4.6   12.2(18r)SX2 12.2(33)SXH3 Ok
  6  001f.9e9a.ae4c to 001f.9e9a.ae57   4.6   12.2(18r)SX2 12.2(33)SXH3 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
5  Policy Feature Card 3       WS-F6K-PFC3B               2.4    Ok
  5  Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A    4.0    Ok
  6  Policy Feature Card 3       WS-F6K-PFC3B               2.4    Ok
  6  Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A     4.0    Ok

I have gone through following documents but could not find any clue on why PFC entries are not exported.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/netflow.html#wp1080827

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml

Regards,

Akhtar

Labels:
0 Helpful
1 Reply 1

Akhtar Samo
Level 1
Level 1

‎04-18-2011 01:42 AM

Hi,

Just to further update this case with troubleshooting results.

1. I am able to recieve all flows sent from NDE 6506 Switch on NF Collector-A.

2. Only few flow are being received on NF CollectorB.

3. When comparing packet captured on NF Collector-A and B, I see only small size UDP packets(~350bytes) on NF Collector B, whereas on NF A I see packets more than 800 bytes...

This issue is surely pertaining to GRE+IPSEC. I have checked the forums and found issue of ""Self Generated Netflow packets not encrypted"" but my issue not seems to relevant b/c NDE 6506 which is exporting Netflow is not encrypting.......

Any thoughts !!

NDE 6506 Switch)----(CORE-6509)----(DC-WAN-1-6506)-----GRE+IPSEC------(DC-WAN-2-6506)------(CORE-6509)-----(DC-AGG)----(DC-ACC)---NF CollectorB

                                      |

                                      |

                                NF Collector-A

0 Helpful
Customers Also Viewed These Support Documents