Re: cisco 3850 flexible netflow match ip address

paul amaral · ‎02-03-2020

Hi, Im running into an issue where the flexible netflow on the 3850 is not working 100%. If i create a flow record and omit match ip address destination/source it works, however if i create and flow record with match ip address dest/source netflow and will give me an error when i try to apply it to the interface.

.Feb 3 10:17:55: %FMFP-3-OBJ_DWNLD_TO_DP_FAILED: Switch 1 R0/0: fman_fp_image: [FNF Object] type:IF
_BIND name:flow_monitor_1-0-NETFLOW_MONITOR_RECORD-4029145718-0-1-10 fnf-id:2000009 real-id:9 info:if
h =10 mon-id:2000016 samp-id:0 dir:1 traffic:0 sub_traffic:0x0 efp_id:3 download to DP failed

this is a very simple record,

flow record NETFLOW_MONITOR_RECORD
match ipv4 destination address
!
!
flow monitor flow_monitor_1
cache timeout active 30
record NETFLOW_MONITOR_RECORD

If i omit the dest/source match it works, any idea if I'm running into a bug here, i can't check with cisco.

This makes troubeshooting much more difficult.

Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 16 WS-C3850-12XS 16.6.6 CAT3K_CAA-UNIVERSALK9 BUNDLE

thanks Paul

Mark Malone · ‎02-03-2020

Hi
Im seeing this looks similar to your failed alert based on same package releases so i would think your hitting something alright

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi03188/?rfs=iqvred

Removing and reapplying the FNF on 3650 running 16.6.2 many times can cause the exporter to fail.
CSCvi03188
Description
Symptom:
The issue is observed on 3650 and 3850 on in CU environment running 16.6.2 with "match ipv4 version" removed from the FNF record. CU removed the config more that 20 times and the Exporter stopped working while observing the below error messages in the logs:

189768: Feb 16 2018 16:23:25.521 UTC: %FMFP-3-OBJ_DWNLD_TO_DP_FAILED: Switch 2 R0/0: fman_fp_image: [FNF Object] type:IF_BIND name:FNF-MONITOR-IN-0-FNF-RECORD-IN-1614463892-0-1-7 fnf-id:2000433 real-id:433 info:ifh =7 mon-id:2000022 samp-id:0 dir:1 traffic:0 sub_traffic:0x0 efp_id:3 download to DP failed
189769: Feb 16 2018 16:23:25.575 UTC: %FMFP-3-OBJ_DWNLD_TO_DP_FAILED: Switch 3 R0/0: fman_fp_image: [FNF Object] type:IF_BIND name:FNF-MONITOR-IN-0-FNF-RECORD-IN-1614463892-0-1-7 fnf-id:2000433 real-id:433 info:ifh =7 mon-id:2000022 samp-id:0 dir:1 traffic:0 sub_traffic:0x0 efp_id:3 download to DP failed

Conditions:
3650/3850 running 16.6.2 code and FNF configuration removed and re added multiple times.

Workaround:
Adding "match ipv4 version" to the Record is removing the error messages and fixing the Exporter.

Further Problem Description:

Customer Visible
Was the description about this Bug Helpful?
(0)
Details
Last Modified:
Sep 13,2019
Status:
Terminated
Severity:
3 Moderate
Product:
(1)
Cisco Catalyst 3650 Series Switches
Support Cases:
2
Known Affected Releases:
(1)
16.6.2
Known Fixed Releases:
(0)
No release planned to fix this bug
Download software for Cisco Catalyst 3650 Series Switches

paul amaral · ‎02-03-2020

Hi, thank for the reply, I'm using version 16.6.6 and even with the match ipv4 version added to the record i get the same error and there is no cache on the flow record. It just is not letting me use match ipv4 destination/source address.

Mark Malone · ‎02-03-2020

Hi
yes but that bugs not fixed , its still open so versions after the named version 16.6.2 could be effected too

There are multiple bug reports if you just google the start of the output so more than likely your hitting a software issue , you could try a different release as you dont have support with TAC to get the exact bug id and hopefully an upgrade to another good new release will fix it

"%FMFP-3-OBJ_DWNLD_TO_DP_FAILED:"