02-06-2019 09:49 AM - edited 03-01-2019 04:16 AM
Hi Folks,
I am seeing an issue with NSOs handling of Cisco's Net Flow configuration. I created a simple template based service to configure all pieces of FNF configuration, configure Record, Exporter, Monitor and configure Monitor on an interface. All values are hardcoded and the only parameter in the service is a device name.
I deploy the service perfectly fine. However, when I immediately issue "no service..." it fails. The NSO tries to remove the Monitor before it removes monitor configuration on an interface. Here is the output of the NSO.
nsoftic@nso-hq-1(config)# services nedim-fnf test-fnf-csr1
nsoftic@nso-hq-1(config-nedim-fnf-test-fnf-csr1)# device csr1
nsoftic@nso-hq-1(config-nedim-fnf-test-fnf-csr1)# commit dry
cli {
local-node {
data devices {
device csr1 {
config {
ios:flow {
+ exporter FNF-EXPORTER {
+ destination {
+ address 10.11.14.22;
+ }
+ source {
+ GigabitEthernet 1;
+ }
+ transport {
+ udp 4739;
+ }
+ export-protocol ipfix;
+ option {
+ interface-table {
+ }
+ application-attributes {
+ }
+ application-table {
+ }
+ }
+ }
+ record FNF-RECORD {
+ match {
+ ipv4 {
+ tos;
+ protocol;
+ source {
+ address;
+ }
+ destination {
+ address;
+ }
+ }
+ transport {
+ source-port;
+ destination-port;
+ }
+ interface {
+ input {
+ }
+ output {
+ }
+ }
+ flow {
+ direction;
+ }
+ application {
+ name {
+ }
+ }
+ }
+ collect {
+ routing {
+ source {
+ as {
+ }
+ }
+ destination {
+ as {
+ }
+ }
+ next-hop {
+ address {
+ ipv4 {
+ }
+ }
+ }
+ }
+ ipv4 {
+ dscp;
+ id;
+ source {
+ mask {
+ }
+ prefix {
+ }
+ }
+ destination {
+ mask {
+ }
+ }
+ }
+ transport {
+ tcp {
+ flags {
+ }
+ }
+ }
+ counter {
+ bytes {
+ }
+ packets {
+ }
+ }
+ timestamp {
+ sys-uptime {
+ first;
+ last;
+ }
+ }
+ }
+ }
+ monitor FNF-MONITOR {
+ record FNF-RECORD;
+ exporter FNF-EXPORTER;
+ }
}
ios:interface {
GigabitEthernet 1 {
ip {
flow {
monitor input {
- name monitor-test;
+ name FNF-MONITOR;
}
monitor output {
- name monitor-test;
+ name FNF-MONITOR;
}
}
}
}
}
}
}
}
services {
+ nedim-fnf test-fnf-csr1 {
+ device csr1;
+ }
}
}
}
nsoftic@nso-hq-1(config-nedim-fnf-test-fnf-csr1)# commit
Commit complete.
nsoftic@nso-hq-1(config-nedim-fnf-test-fnf-csr1)# exit
nsoftic@nso-hq-1(config)# no services nedim-fnf test-fnf-csr1
nsoftic@nso-hq-1(config)# commit
Aborted: External error in the NED implementation for device csr1: command: no flow monitor FNF-MONITOR: % Flow Monitor: 'FNF-MONITOR' is in use. Remove from all interfaces before deleting
nsoftic@nso-hq-1(config)#
02-06-2019 09:52 AM
02-06-2019 12:18 PM
Hi,
Include the recreate steps, all packages required to reproduce, and device trace in raw format (preferably do a devices clear-trace and then perform recreate) then TAC should be able to have everything they need to reproduce the issue.
Also, what happens after you apply the service, then try to manually remove :
no flow monitor FNF-MONITOR
Does the real device allow it or also complains? All this information should be more than enough to successfully raise a TAC case with minimal back-and-forth :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community: