Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
991
Views
0
Helpful
3
Replies

Egress Netflow v9 and output packet marking order

abelkacem
Level 1
Level 1

‎08-18-2011 03:01 AM - edited ‎03-04-2019 01:19 PM

Hi all,

I need some help to solve a problem when using egress netflow (v9) and output marking.

The topologie :

Server <-----> R1 1>-----<1 R2 2>----<2 R3

R2 is a 7200 with c7200p-adventerprisek9-mz.124-15.T11.bin

What I'm doing :

- R2 forwards ping packets from Server to R3. When they arrive on R2, icmp packets are marked with CS3

- I change the DSCP to CS4 on R2 before forwarding packet to R3. I'm using for that an output service-policy on the R2-2 interface like this :

interface ATM2/0.36 point-to-point




 ip address 192.168.1.1 255.255.255.252
 ip flow ingress
 ip flow egress
 no ip mroute-cache
 snmp trap link-status
 pvc 1/36
  vbr-nrt 2040 2040 1
  tx-ring-limit 3
  oam-pvc manage
  oam retry 3 5 1
  service-policy output TDSL2C

- I export Netflow v9 data to a management device

What I'm getting:

- On R2, when I enter: sh ip cache verb flow I get this:

AT2/0.36      10.1.1.202    Gi0/3.427            10.255.255.208  01 60  10      10
R2-1            10.255.255.208  AT2/0.326*     10.1.1.202         01 60  10      10

10.255.255.208 is the Server

10.1.1.202 is R3

- As you can see, the line concerning the egress packet (with *) indicates a TOS of 60 in hex => DSCP CS3

- However, on R3 I have:

AT0/0.1        10.255.255.208  Local          10.1..202   01 80  10      10

which is correct (AT0/0.1 is R3-2)

My question:

- Why the egress netflow on R2 indicates a TOS of 60 instead of 80 as I would expect ?

In theory, egress netflow comes after QoS marking, so if I understand, normally on R2 I should have something like :

AT2/0.36      10.1.1.202         R2-1              10.255.255.208  01 60  10      10


R2-1            10.255.255.208  AT2/0.326*     10.1.1.202         01 80  10      10

but in practice I don't, I'm confused !

Labels:
0 Helpful
3 Replies 3

Amit Aneja
Level 3
Level 3

‎08-18-2011 01:41 PM

This should have worked with egress netflow & should have shown the correct DSCP values after marking. I have fixed similar cases using egress netflow.

What is the IOS on R2?

0 Helpful

abelkacem
Level 1
Level 1
In response to Amit Aneja

‎08-19-2011 12:48 AM

I totally agree with you, in theory this should work.

The IOS on R2 is c7200p-adventerprisek9-mz.124-15.T11.bin

This night I had a flash : may be the odd behaviour is normal with an ATM interface as the service-policy is applied to the PVC and not to the sub-interface itself, what do you think ?

thanks in advance

0 Helpful

Amit Aneja
Level 3
Level 3
In response to abelkacem

‎08-19-2011 01:24 PM

Can't say whether this beahvior is just with ATM or other interfaces. Guess, it needs some testing.

What I am sure about is that this is unexpected behavior. I tried to look for bugs on this, but couldn't find one. Looks like a new bug to me.

Regards,

Amit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card