Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2397
Views
5
Helpful
6
Replies

Cisco 4500X VSS Flexible Netflow, export not working on standby switch

eddvan
Level 1
Level 1

‎08-19-2013 07:25 AM - edited ‎03-07-2019 03:00 PM

Hi,

I have 2 WS-C4500X-16's with enterprise services license, running IOS XE 3.4.1SG, in a VSS configuration.

I have flexible netflow configured, conform to the software configuration guide, chapter 63, VSS environment.

Contrary to what the configuration guide states in point 19, that both the VSS active and VSS standby switches independently export flows to the same or different Netflow collectors, my netflow collectors seems only to receive flow data from the active supervisor.

I can see in the standby-switch that there are actually flows in the cache but it simply can't send them to the collector (I can't ping the collector from the  standby sup).

The problem is, as far as I can tell, that the standby switch / standby supervisor cannot reach the collector via IP, as it has no active IP interfaces (until it becomes the active supervisor).

What am I missing ?

How can I get flow export working from the standby sup also ?

Thanks,

Eddy

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-19-2013 07:53 AM

I wouldn't expect anything to come from the VSS standby switch. I think the Netflow chapter is a bit poorly written in that regard. The flows coming from the active supervisor should reflect traffic flowing via either/both switches, per the application of the flow monitors to interfaces.

As noted in the VSS chapter "The VSS active supervisor engine runs the Layer 2 and Layer 3 protocols and features for the VSS and manages all ports on both switches."

0 Helpful

eddvan
Level 1
Level 1
In response to Marvin Rhoads

‎08-20-2013 12:37 AM

Thanks Martin.

I'd expect that behaviour too. But documentation (Chapter 63, Configuring Flexible netflow) clearly states otherwise.

As a matter of fact, I do not see any entries in the cache of the active sup for the interfaces on the standby-switch, only for the interfaces on the local switch.

The other way around, on the standby-switch console, I don't see cache entries for the active switch, only the local switch.

This is consistent with the documentation. But no export occurs on VSS standby switch.

Denis Orlov
Level 1
Level 1

‎09-01-2016 03:38 AM

Hi. We faced with this problem too.

What we have at this time:

1) Two 4500x in VSS.

SW-C4500X-CORE#sh switch virtual 

Executing the command on VSS member switch role = VSS Active, id = 1


Switch mode                  : Virtual Switch
Virtual switch domain number : 20
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby

Executing the command on VSS member switch role = VSS Standby, id = 2


Switch mode                  : Virtual Switch
Virtual switch domain number : 20
Local switch number          : 2
Local switch operational role: Virtual Switch Standby
Peer switch number           : 1
Peer switch operational role : Virtual Switch Active
SW-C4500X-CORE#

SW-C4500X-CORE#sh switch virtual role 

Executing the command on VSS member switch role = VSS Active, id = 1

RRP information for Instance 1

--------------------------------------------------------------------
Valid  Flags   Peer      Preferred  Reserved
               Count     Peer       Peer

--------------------------------------------------------------------
TRUE    V        1           1          1

Switch  Switch Status  Preempt       Priority  Role     Local   Remote
        Number         Oper(Conf)    Oper(Conf)         SID     SID
--------------------------------------------------------------------
LOCAL   1      UP      FALSE(N )     110(110)  ACTIVE   0       0   
REMOTE  2      UP      FALSE(N )     100(100)  STANDBY  2456    7573

Peer 0 represents the local switch

Flags : V - Valid 
In dual-active recovery mode: No


Executing the command on VSS member switch role = VSS Standby, id = 2

RRP information for Instance 2

--------------------------------------------------------------------
Valid  Flags   Peer      Preferred  Reserved
               Count     Peer       Peer

--------------------------------------------------------------------
TRUE    V        1           1          1

Switch  Switch Status  Preempt       Priority  Role     Local   Remote
        Number         Oper(Conf)    Oper(Conf)         SID     SID
--------------------------------------------------------------------
LOCAL   2      UP      FALSE(N )     100(100)  STANDBY  0       0   
REMOTE  1      UP      FALSE(N )     110(110)  ACTIVE   7573    2456

Peer 0 represents the local switch

Flags : V - Valid 
In dual-active recovery mode: No

SW-C4500X-CORE#

SW-C4500X-CORE#sh switch virtual redundancy 

Executing the command on VSS member switch role = VSS Active, id = 1


                  My Switch Id = 1
                Peer Switch Id = 2
        Last switchover reason = none
    Configured Redundancy Mode = Stateful Switchover
     Operating Redundancy Mode = Stateful Switchover

Switch 1 Slot 1 Processor Information :
-----------------------------------------------
        Current Software state = ACTIVE
                 Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch  Software (cat4500e-UNIVERSALK9-M), Version 15.2(5)E, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 19-Jul-16 15:19 by prod_rel_team
                          BOOT = bootflash:cat4500e-universalk9.SPA.03.09.00.E.152-5.E.bin,1;
        Configuration register = 0x2102
                  Fabric State = ACTIVE
           Control Plane State = ACTIVE

Switch 2 Slot 1 Processor Information :
-----------------------------------------------
        Current Software state = STANDBY HOT (switchover target)
                 Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch  Software (cat4500e-UNIVERSALK9-M), Version 15.2(5)E, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 19-Jul-16 15:19 by pro
                          BOOT = bootflash:cat4500e-universalk9.SPA.03.09.00.E.152-5.E.bin,1;
        Configuration register = 0x2102
                  Fabric State = ACTIVE
           Control Plane State = STANDBY


Executing the command on VSS member switch role = VSS Standby, id = 2

show virtual switch redundancy is not supported on the standby
SW-C4500X-CORE#

2) We trying to get net-flow data about traffic using Flexible NetFlow.

Our FNF config looks like this

<...>
flow record r1
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect interface input
 collect interface output
 collect counter bytes
 collect counter packets
!         
!         
flow exporter nfcoll
 destination 192.168.6.52
 transport udp 9996
!         
!         
flow monitor m1
 exporter nfcoll
 cache timeout active 60
 record r1
!         
!         
<...>
interface TenGigabitEthernet2/2/1
 no switchport
 ip flow monitor m1 input
 ip address 10.255.3.2 255.255.255.252
!
<...>

3) After that we prepare our netflow collectro for recieving netflow data.

As a result we realized, that netflow data from interface Te2/2/1 is not exported.

More over when we try to view local netflow cache on active switch via CLI - we see nothing.

And soon we realize that no flow data collected on interface, that belong to stanntdby switch.

Netwflow data collected on active switch interfcaces only.

4) Also we try to view netflow status on standby box.

SW-C4500X-CORE#remote login module 11
Connecting to standby virtual console 
Type "exit" or "quit" to end this session


SW-C4500X-CORE-standby-console#sh flow interface     
SW-C4500X-CORE-standby-console#

So, as you can see: netflow monitor is not applied on our interface.

Now we trying to understand: is this a BUG or may be we incorrect configure netflow.

Please, somebody clarify this situation.

0 Helpful

spinol
Level 1
Level 1
In response to Denis Orlov

‎03-30-2017 02:00 AM

Hi:

I'm having the same problem too.

On the standby switch, I can see the flows in the cache with the command:

MXPARCORE1-standby-console#show flow monitor m1 cache

But no flows are exported to the collector.

Anyone has more news about this issue?

Best Regards,

Salva.

0 Helpful

Denis Orlov
Level 1
Level 1
In response to spinol

‎03-30-2017 02:28 AM

Hi, we found a solution accidently.

We just did manual switchover (#redundancy force-switchover).

After that standby switch become active and we see, that we recieve correct netflow data.

Then we do manual switchover back again. After that we recieve correct netflow data.

I don't know it this a bug or a feature :)

Try to do this and write about results. Hope this will help you.

0 Helpful

spinol
Level 1
Level 1
In response to Denis Orlov

‎06-01-2017 06:28 AM

Sorry for not answering before, but the devices are now in production and is difficult to get a maintenance window....

I did the redundancy failover and started receiving netflow data for the new active switch, but I didn't receive data from interfaces of the standby switch. Doing the failover again I returned to the original situation. So at the end, after the two failovers I only recieve netflow data from the interfaces of the active switch :-(

Best Regards,

Salva.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card