Hi everyone,
We switched the core devices from two cat 6500 to two nexus 7k and the most things work great but we got a strange problem with dhcp in combination with netflow. The Nexus 7k has a Sup2 and 3 x Fabric 2 Modules.
Mod Ports Module-Type Model Status
--- ----- ----------------------------------- ------------------ ----------
1 0 Supervisor module-2 N7K-SUP2 active *
3 48 1/10 Gbps Ethernet Module N7K-F248XP-25 ok
4 48 1/10 Gbps Ethernet Module N7K-F248XP-25 ok
Xbar Ports Module-Type Model Status
--- ----- ----------------------------------- ------------------ ----------
1 0 Fabric Module 2 N7K-C7009-FAB-2 ok
2 0 Fabric Module 2 N7K-C7009-FAB-2 ok
3 0 Fabric Module 2 N7K-C7009-FAB-2 ok
We currently use 2 VDCs on each of the two 7k, one is Layer3 only (Core) and the other is the Layer3/Layer2 boundry (Distribution), on the Core Layer3 only VDC Netflow works so far that it exports the flows, on the Distribution Layer3/Layer2 VDC we didnt manage that flows get exported.
Configuration Core:
flow exporter CA-NETFLOWCOLLECTOR
destination x.x.x.x
source loopback0
version 9
sampler PACKETWOLF
mode 1 out-of 100
flow monitor MONITOR-IPSS-TRAFFIC
record netflow-original
exporter CA-NETFLOWCOLLECTOR
interface Ethernet3/2
ip flow monitor MONITOR-IPSS-TRAFFIC input sampler PACKETWOLF
Flow exporter CA-NETFLOWCOLLECTOR:
Description: export netflow to CA netflow appliance
Destination: x.x.x.x
VRF: default (1)
Source Interface loopback0 (x.x.x.x)
Export Version 9
Sequence number 1351870
Exporter Statistics
Number of Flow Records Exported 0
Number of Templates Exported 0
Number of Export Packets Sent 0
Number of Export Bytes Sent 0
Number of Destination Unreachable Events 0
Number of No Buffer Events 0
Number of Packets Dropped (No Route to Host) 0
Number of Packets Dropped (other) 0
Number of Packets Dropped (LC to RP Error) 0
Number of Packets Dropped (Output Drops) 0
Time statistics were last cleared: Tue Apr 23 09:37:08 2013
Flow exporter CA-NETFLOWCOLLECTOR:
Description: export netflow to CA netflow appliance
Destination: x.x.x.x
VRF: default (1)
Source Interface loopback0 (x.x.x.x)
Export Version 9
Sequence number 1351870
Exporter Statistics
Number of Flow Records Exported 9
Number of Templates Exported 1
Number of Export Packets Sent 2
Number of Export Bytes Sent 588
Number of Destination Unreachable Events 0
Number of No Buffer Events 0
Number of Packets Dropped (No Route to Host) 0
Number of Packets Dropped (other) 0
Number of Packets Dropped (LC to RP Error) 0
Number of Packets Dropped (Output Drops) 0
Time statistics were last cleared: Tue Apr 23 09:37:08 2013
# show system internal access-list interface ethernet 3/2
slot 3
=======
Policies in ingress direction:
Policy type Policy Id Policy name
------------------------------------------------------------
Netflow Sampler 80000802
Netflow profiles in ingress direction:
TCAM Class Profile Flow Monitor
---------------------------------------
IPv4 2 MONITOR-IPSS-TRAFFIC
INSTANCE 0x0
---------------
Tcam 1 resource usage:
----------------------
Label_b = 0x201
Bank 1
------
IPv4 Class
Policies: Netflow Sampler() [Merged]
Netflow profile: 0
Netflow deny profile: 0
1 tcam entries
0 l4 protocol cam entries
0 mac etype/proto cam entries
0 lous
0 tcp flags table entries
0 adjacency entries
No egress policies
Netflow profiles in egress direction:
TCAM Class Profile Flow Monitor
---------------------------------------
slot 4
=======
ERROR: no ACL related hardware resources for vdc [2], interface [Ethernet3/2]
Configuration Dist:
flow exporter CA-NETFLOWCOLLECTOR
destination x.x.x.x
source loopback0
version 9
sampler PACKETWOLF
mode 1 out-of 100
flow monitor MONITOR-INTERVLAN-TRAFFIC
record netflow-original
exporter CA-NETFLOWCOLLECTOR
interface Vlan241
ip flow monitor MONITOR-INTERVLAN-TRAFFIC input sampler PACKETWOLF
.
.
ip dhcp relay address x.x.x.x
ip dhcp relay address x.x.x.x
Here is the difference that we also use dhcp relay. If i remove the netflow statment on the interface and add it again i get the following error:
(config-if)# ip flow monitor MONITOR-INTERVLAN-TRAFFIC input sampler PACKETWOLF
An additional 1:100 sampler, over the configured sampler is applicable for F2 ports
Verify failed - Client 0x82000146, Reason: Tcam Allocation Failure, : DHCP, Netflow Sampler (SVI), Interface: Vlan241
Verify failed - Client 0x83000146, Reason: Tcam Allocation Failure, : DHCP, Netflow Sampler (SVI), Interface: Vlan241
Is there any limitation that i'm not aware of?
More output from the Dist:
Flow exporter CA-NETFLOWCOLLECTOR:
Description: export netflow to CA netflow appliance
Destination: x.x.x.x
VRF: default (1)
Source Interface loopback0 (x.x.x.x)
Export Version 9
Exporter Statistics
Number of Flow Records Exported 0
Number of Templates Exported 0
Number of Export Packets Sent 0
Number of Export Bytes Sent 0
Number of Destination Unreachable Events 0
Number of No Buffer Events 0
Number of Packets Dropped (No Route to Host) 0
Number of Packets Dropped (other) 0
Number of Packets Dropped (LC to RP Error) 0
Number of Packets Dropped (Output Drops) 0
Time statistics were last cleared: Tue Apr 23 09:43:20 2013
show system internal access-list vlan 241
slot 3
=======
Policies in ingress direction:
Policy type Policy Id Policy name
------------------------------------------------------------
DHCP 4 Relay
Netflow profiles in ingress direction:
TCAM Class Profile Flow Monitor
---------------------------------------
INSTANCE 0x8
---------------
Tcam 1 resource usage:
----------------------
Label_b = 0x201
Bank 0
------
IPv4 Class
Policies: DHCP(Relay) [Merged]
Netflow profile: 0
Netflow deny profile: 0
5 tcam entries
0 l4 protocol cam entries
0 mac etype/proto cam entries
0 lous
0 tcp flags table entries
1 adjacency entries
INSTANCE 0xa
---------------
Tcam 1 resource usage:
----------------------
Label_b = 0x201
Bank 0
------
IPv4 Class
Policies: DHCP(Relay) [Merged]
Netflow profile: 0
Netflow deny profile: 0
5 tcam entries
0 l4 protocol cam entries
0 mac etype/proto cam entries
0 lous
0 tcp flags table entries
1 adjacency entries
INSTANCE 0xb
---------------
Tcam 1 resource usage:
----------------------
Label_b = 0x201
Bank 0
------
IPv4 Class
Policies: DHCP(Relay) [Merged]
Netflow profile: 0
Netflow deny profile: 0
5 tcam entries
0 l4 protocol cam entries
0 mac etype/proto cam entries
0 lous
0 tcp flags table entries
1 adjacency entries
No egress policies
Netflow profiles in egress direction:
TCAM Class Profile Flow Monitor
---------------------------------------
slot 4
=======
Policies in ingress direction:
Policy type Policy Id Policy name
------------------------------------------------------------
DHCP 4 Relay
Netflow profiles in ingress direction:
TCAM Class Profile Flow Monitor
---------------------------------------
INSTANCE 0x8
---------------
Tcam 1 resource usage:
----------------------
Label_b = 0x201
Bank 0
------
IPv4 Class
Policies: DHCP(Relay) [Merged]
Netflow profile: 0
Netflow deny profile: 0
5 tcam entries
0 l4 protocol cam entries
0 mac etype/proto cam entries
0 lous
0 tcp flags table entries
1 adjacency entries
No egress policies
Netflow profiles in egress direction:
TCAM Class Profile Flow Monitor
---------------------------------------
Regards
Richard
