Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
225
Views
0
Helpful
0
Replies

Cisco 6500, NetFlow and DFC

m.o.zolotyh
Level 1
Level 1

‎07-20-2016 11:06 AM - edited ‎03-07-2019 12:14 AM

Hello!

There is an NetFlow sensor on Cisco Catalyst 6509, configured such way:

mls netflow interface
mls flow ip interface-full

interface Vlan 25
ip address 10.16.56.10 255.255.255.0
ip flow ingress

ip flow-export version 5
ip flow-export destination 10.8.92.1 3001

and we use flow-tools on Ubuntu to collect traffic information.

Problem:

We get to few captured traffic. If we try show ip route-cache flow, then:


Displaying software-switched flow entries on the MSFC in Module 1/5:

IP packet size distribution (64287260 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.002 .637 .119 .187 .052 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes
2 active, 4094 inactive, 442709 added
12100727 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 33992 bytes
2 active, 1022 inactive, 442699 added, 442699 added to flow
0 alloc failures, 0 force free
1 chunk, 2 chunks added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 17 0.0 121 41 0.0 1.6 3.2
TCP-WWW 24036 0.0 140 49 0.7 6.1 15.1
TCP-SMTP 1 0.0 4 48 0.0 21.0 1.1
TCP-other 325947 0.0 111 50 8.4 3.6 15.4
UDP-DNS 1128 0.0 79 63 0.0 4.8 15.4
UDP-NTP 5215 0.0 122 76 0.1 0.4 15.5
UDP-other 86111 0.0 274 100 5.5 19.7 15.4
ICMP 252 0.0 244 60 0.0 30.2 15.4
Total: 442707 0.1 145 69 14.9 6.8 15.4

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Vl25 10.12.3.70 Vl25 192.168.1.100 11 CACD 0437 600
Vl25 10.32.192.178 Vl25 10.33.1.251 11 C895 00A1 189
.....
.....
Displaying hardware-switched flow entries in the DFC Module 2/4:
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Vl25 10.32.192.16 Vl18 94.50.196.219 11 CE42 A2B1 6
Vl25 10.32.192.16 Vl18 2.50.164.189 11 CE42 1AE9 1
.....

We see traffic "software-switched flow entries on the MSFC" on collector, but "hardware-switched flow entries in the DFC" not captured.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents