12-20-2011 06:22 AM - edited 03-04-2019 02:42 PM
Hi we are marking traffic with a marking-service-policy on our LAN-Interface and we are also using ingress/egress Netflow.
I found a document where the order of operation is described. Please see the attached ooo.jpg
I this document it looks that ingress netflow works before the ingress qos-marging is done. That means in the ingress-netflow we only see the original incoming packets with the original DSCP-values, the DSCP-values after marking cannot be seen in the ingress netflow records ?
Is that true ?
Thx
Hubert
12-20-2011 12:04 PM
Hello Hubert.
Interesting question. HEre's the scenario i setup to see how things really work.
The topology is very simple.
R1 <10.0.0.0/30> R2 <20.0.0.0/30> R3
On R2, i applied a input Policy-map that marks packets coming with ip source address of R1 as af 11. As follows:
-----------------------
---> ACL:
R2#sh ip access-lists 1
Standard IP access list 1
10 permit 10.0.0.1
---> Class map :
R2#sh class-map
Class Map match-all MARK (id 1)
Match access-group 1
Class Map match-any class-default (id 0)
Match any
--- >Policy map:
R2#sh policy-map
Policy Map POLICY
Class MARK
set ip dscp af11
xxxxxxxxxxxx
If i run a ping from R1 towards any R2 connected link, i can see the packet being marked thru cache flow, as follows:
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
ICMP 3 0.0 2 100 0.1 0.0 15.3
Total: 3 0.0 2 100 0.1 0.0 15.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Se0/0 10.0.0.1 Local 20.0.0.2 01 28 10 5 <<<<<<<<<<< 28 in HEx = af11
0000 /0 0 0800 /0 0 0.0.0.0 100 0.2
R2#
If i run i ping from R1 towards R3 loopback i dont see the packets marked on R2, but i see it marked on R3 (as it comes with source 10.0.0.1 in R2 it should be marked.)
---> R2:
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
ICMP 4 0.0 3 100 0.0 0.1 15.2
Total: 4 0.0 3 100 0.0 0.1 15.2
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Se0/0 10.0.0.1 Se0/1 3.3.3.3 01 00 10 5 <<<<< 00 (no markings)
0000 /0 0 0800 /0 0 0.0.0.0 100 0.2
R2#
---> R3:
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
ICMP 4 0.0 5 100 0.0 0.2 15.2
Total: 4 0.0 5 100 0.0 0.2 15.2
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Se0/0 10.0.0.1 Local 3.3.3.3 01 28 10 5 <<<<< 28 (af11)
0000 /0 0 0800 /0 0 0.0.0.0 100 0.2
SO, it looks like that if your router is a transit router you wont see the packet marked in netflow ( only if it comes already marked by another device, like R1 in this example)
BUt, if the packet is destined to you, you will see the packet being marked, MAYBE because packets destined to you is always proccess switched.
let me know ytour thougts... hope this helps...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide