08-13-2010 02:21 AM - edited 03-04-2019 09:24 AM
Dear all,
I have a Catalyst 4507-E with supervisor V-10GE. In this switch I have anable netflow service to manage flow on network. The functionality is embedded in the supervisor engine. I use open source "Flow Tool" for flow capture, in this tool I configured capture flow every 5 minutes. And then when I open a terminal console into Catalyst 4507, I have received this errors every 5 minutes:
" *Aug 12 20:58:06.089: %C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost either due to hardware hash collisions or full hardware flow table. Stats lost for 24417 packets."
This is the output of show inventory command:
NAME: "Switch System", DESCR: "Cisco Systems, Inc. WS-C4507R-E 7 slot switch "
PID: WS-C4507R-E , VID: V02 , SN: FOX1412GCTW
NAME: "Clock Module", DESCR: "Clock Module"
PID: WS-X4K-CLOCK-E , VID: V01 , SN: JAE14180ERS
NAME: "Mux Buffer 1 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E , VID: V01 , SN: JAE14170GVA
NAME: "Mux Buffer 2 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E , VID: V01 , SN: JAE14170IHF
NAME: "Mux Buffer 5 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E , VID: V01 , SN: JAE14170DGE
NAME: "Mux Buffer 6 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E , VID: V01 , SN: JAE14170ASJ
NAME: "Mux Buffer 7 ", DESCR: "Mux Buffers for Redundancy Logic"
PID: WS-X4590-E , VID: V01 , SN: JAE14170AV6
NAME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45) with 24 10/100/1000 baseT ports"
PID: WS-X4424-GB-RJ45 , VID: V06 , SN: JAE1418012E
NAME: "Linecard(slot 3)", DESCR: "Supervisor V-10GE with 2 10GE X2 ports, and 4 1000BaseX SFP ports"
PID: WS-X4516-10GE , VID: V11 , SN: JAE14070LGD
NAME: "Linecard(slot 4)", DESCR: "Supervisor V-10GE with 2 10GE X2 ports, and 4 1000BaseX SFP ports"
PID: WS-X4516-10GE , VID: V11 , SN: JAE14070LIG
NAME: "Linecard(slot 7)", DESCR: "10/100/1000BaseT (RJ45) with 24 10/100/1000 baseT ports"
PID: WS-X4424-GB-RJ45 , VID: V06 , SN: JAE14180132
NAME: "Fan", DESCR: "FanTray"
PID: WS-X4597-E , VID: V02 , SN: FOX1412G4D3
NAME: "Power Supply 1", DESCR: "Power Supply ( AC 1400W )"
PID: PWR-C45-1400AC , VID: V04 , SN: AZS14060RRP
NAME: "Power Supply 2", DESCR: "Power Supply ( AC 1400W )"
PID: PWR-C45-1400AC , VID: V04 , SN: AZS14060RKA
So what is the problem and what I can do to resolve it ?
Thanks so much,
Trung.
Solved! Go to Solution.
08-13-2010 03:27 AM
Hello Nguyen,
>> " *Aug 12 20:58:06.089: %C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost either due to hardware hash collisions or full hardware flow table. Stats lost for 24417 packets."
the messages means that for the limited size of netflow cache on the device it has been not possible to collect data about all observed traffic flows.
Post a sh mls to see the flowmask
what is the flow mask that you are using ?
Depending on interaction with other features changing the flow mask could be a solution.
Hope to help
Giuseppe
08-13-2010 05:29 AM
Hi,
Agreed to above answer.. This is a informational message that cache is full, then somenetflow statistics will be lost.
Error Message C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost due to full hw
flow table. [char] [dec] packets.
Explanation This message indicates that if the cache is full, then some flow statistics will be lost. This message informs users about the total collected flow statistics. If the counter that tracks the lost statistics has overflowed, an accurate count of total lost flows is not available.
Recommended Action This is an informational message only. No action is required.
To overcome this issue you have to configure minimum flowmask,
The flow mask determines the granularity of the statistics gathered, which controls the size of the NetFlow table. The less-specific flow masks result in fewer entries in the NetFlow table and the most-specific flow masks result in the most NetFlow entries.
For example, if the flow mask is set to source-only, the NetFlow table contains only one entry per source IP address. The statistics for all flows from a given source are accumulated in the one entry. However, if the flow mask is configured as full, the NetFlow table contains one entry per full flow. Many entries may exist per source IP address, so the NetFlow table can become very large.
You can set the minimum specificity of the flow mask for the NetFlow table on the PFC. The actual flow mask may be more specific than the level configured in the mls flow ip command, if other configured features need a more specific flow mask (see the "Flow Mask Conflicts" section).
To set the minimum IP MLS flow mask, perform this task:
This example shows how to set the minimum IP MLS flow mask:
Router(config)# mls flow ip destination
08-13-2010 03:27 AM
Hello Nguyen,
>> " *Aug 12 20:58:06.089: %C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost either due to hardware hash collisions or full hardware flow table. Stats lost for 24417 packets."
the messages means that for the limited size of netflow cache on the device it has been not possible to collect data about all observed traffic flows.
Post a sh mls to see the flowmask
what is the flow mask that you are using ?
Depending on interaction with other features changing the flow mask could be a solution.
Hope to help
Giuseppe
08-13-2010 05:29 AM
Hi,
Agreed to above answer.. This is a informational message that cache is full, then somenetflow statistics will be lost.
Error Message C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost due to full hw
flow table. [char] [dec] packets.
Explanation This message indicates that if the cache is full, then some flow statistics will be lost. This message informs users about the total collected flow statistics. If the counter that tracks the lost statistics has overflowed, an accurate count of total lost flows is not available.
Recommended Action This is an informational message only. No action is required.
To overcome this issue you have to configure minimum flowmask,
The flow mask determines the granularity of the statistics gathered, which controls the size of the NetFlow table. The less-specific flow masks result in fewer entries in the NetFlow table and the most-specific flow masks result in the most NetFlow entries.
For example, if the flow mask is set to source-only, the NetFlow table contains only one entry per source IP address. The statistics for all flows from a given source are accumulated in the one entry. However, if the flow mask is configured as full, the NetFlow table contains one entry per full flow. Many entries may exist per source IP address, so the NetFlow table can become very large.
You can set the minimum specificity of the flow mask for the NetFlow table on the PFC. The actual flow mask may be more specific than the level configured in the mls flow ip command, if other configured features need a more specific flow mask (see the "Flow Mask Conflicts" section).
To set the minimum IP MLS flow mask, perform this task:
This example shows how to set the minimum IP MLS flow mask:
Router(config)# mls flow ip destination
08-15-2010 07:58 PM
Dear Uttam & Giuseppe,
Thank you very much about support. I have understanded the problem. In my DC, the flow is very large, I have used 70% bandwidth of 10Gig uplink connect to Internet. I have used flow mask apply to source IP only for capture flow from server in DC to Internet.
Sorry for late reply, I don't have Internet Access at the weekend.
Thanks so much again
Trung.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide