08-19-2013 07:25 AM - edited 03-07-2019 03:00 PM
Hi,
I have 2 WS-C4500X-16's with enterprise services license, running IOS XE 3.4.1SG, in a VSS configuration.
I have flexible netflow configured, conform to the software configuration guide, chapter 63, VSS environment.
Contrary to what the configuration guide states in point 19, that both the VSS active and VSS standby switches independently export flows to the same or different Netflow collectors, my netflow collectors seems only to receive flow data from the active supervisor.
I can see in the standby-switch that there are actually flows in the cache but it simply can't send them to the collector (I can't ping the collector from the standby sup).
The problem is, as far as I can tell, that the standby switch / standby supervisor cannot reach the collector via IP, as it has no active IP interfaces (until it becomes the active supervisor).
What am I missing ?
How can I get flow export working from the standby sup also ?
Thanks,
Eddy
08-19-2013 07:53 AM
I wouldn't expect anything to come from the VSS standby switch. I think the Netflow chapter is a bit poorly written in that regard. The flows coming from the active supervisor should reflect traffic flowing via either/both switches, per the application of the flow monitors to interfaces.
As noted in the VSS chapter "The VSS active supervisor engine runs the Layer 2 and Layer 3 protocols and features for the VSS and manages all ports on both switches."
08-20-2013 12:37 AM
Thanks Martin.
I'd expect that behaviour too. But documentation (Chapter 63, Configuring Flexible netflow) clearly states otherwise.
As a matter of fact, I do not see any entries in the cache of the active sup for the interfaces on the standby-switch, only for the interfaces on the local switch.
The other way around, on the standby-switch console, I don't see cache entries for the active switch, only the local switch.
This is consistent with the documentation. But no export occurs on VSS standby switch.
09-01-2016 03:38 AM
Hi. We faced with this problem too.
What we have at this time:
1) Two 4500x in VSS.
SW-C4500X-CORE#sh switch virtual Executing the command on VSS member switch role = VSS Active, id = 1 Switch mode : Virtual Switch Virtual switch domain number : 20 Local switch number : 1 Local switch operational role: Virtual Switch Active Peer switch number : 2 Peer switch operational role : Virtual Switch Standby Executing the command on VSS member switch role = VSS Standby, id = 2 Switch mode : Virtual Switch Virtual switch domain number : 20 Local switch number : 2 Local switch operational role: Virtual Switch Standby Peer switch number : 1 Peer switch operational role : Virtual Switch Active SW-C4500X-CORE#
SW-C4500X-CORE#sh switch virtual role Executing the command on VSS member switch role = VSS Active, id = 1 RRP information for Instance 1 -------------------------------------------------------------------- Valid Flags Peer Preferred Reserved Count Peer Peer -------------------------------------------------------------------- TRUE V 1 1 1 Switch Switch Status Preempt Priority Role Local Remote Number Oper(Conf) Oper(Conf) SID SID -------------------------------------------------------------------- LOCAL 1 UP FALSE(N ) 110(110) ACTIVE 0 0 REMOTE 2 UP FALSE(N ) 100(100) STANDBY 2456 7573 Peer 0 represents the local switch Flags : V - Valid In dual-active recovery mode: No Executing the command on VSS member switch role = VSS Standby, id = 2 RRP information for Instance 2 -------------------------------------------------------------------- Valid Flags Peer Preferred Reserved Count Peer Peer -------------------------------------------------------------------- TRUE V 1 1 1 Switch Switch Status Preempt Priority Role Local Remote Number Oper(Conf) Oper(Conf) SID SID -------------------------------------------------------------------- LOCAL 2 UP FALSE(N ) 100(100) STANDBY 0 0 REMOTE 1 UP FALSE(N ) 110(110) ACTIVE 7573 2456 Peer 0 represents the local switch Flags : V - Valid In dual-active recovery mode: No SW-C4500X-CORE#
SW-C4500X-CORE#sh switch virtual redundancy Executing the command on VSS member switch role = VSS Active, id = 1 My Switch Id = 1 Peer Switch Id = 2 Last switchover reason = none Configured Redundancy Mode = Stateful Switchover Operating Redundancy Mode = Stateful Switchover Switch 1 Slot 1 Processor Information : ----------------------------------------------- Current Software state = ACTIVE Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 15.2(5)E, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Tue 19-Jul-16 15:19 by prod_rel_team BOOT = bootflash:cat4500e-universalk9.SPA.03.09.00.E.152-5.E.bin,1; Configuration register = 0x2102 Fabric State = ACTIVE Control Plane State = ACTIVE Switch 2 Slot 1 Processor Information : ----------------------------------------------- Current Software state = STANDBY HOT (switchover target) Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 15.2(5)E, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Tue 19-Jul-16 15:19 by pro BOOT = bootflash:cat4500e-universalk9.SPA.03.09.00.E.152-5.E.bin,1; Configuration register = 0x2102 Fabric State = ACTIVE Control Plane State = STANDBY Executing the command on VSS member switch role = VSS Standby, id = 2 show virtual switch redundancy is not supported on the standby SW-C4500X-CORE#
2) We trying to get net-flow data about traffic using Flexible NetFlow.
Our FNF config looks like this
<...> flow record r1 match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port collect interface input collect interface output collect counter bytes collect counter packets ! ! flow exporter nfcoll destination 192.168.6.52 transport udp 9996 ! ! flow monitor m1 exporter nfcoll cache timeout active 60 record r1 ! ! <...> interface TenGigabitEthernet2/2/1 no switchport ip flow monitor m1 input ip address 10.255.3.2 255.255.255.252 ! <...>
3) After that we prepare our netflow collectro for recieving netflow data.
As a result we realized, that netflow data from interface Te2/2/1 is not exported.
More over when we try to view local netflow cache on active switch via CLI - we see nothing.
And soon we realize that no flow data collected on interface, that belong to stanntdby switch.
Netwflow data collected on active switch interfcaces only.
4) Also we try to view netflow status on standby box.
SW-C4500X-CORE#remote login module 11 Connecting to standby virtual console Type "exit" or "quit" to end this session SW-C4500X-CORE-standby-console#sh flow interface SW-C4500X-CORE-standby-console#
So, as you can see: netflow monitor is not applied on our interface.
Now we trying to understand: is this a BUG or may be we incorrect configure netflow.
Please, somebody clarify this situation.
03-30-2017 02:00 AM
Hi:
I'm having the same problem too.
On the standby switch, I can see the flows in the cache with the command:
MXPARCORE1-standby-console#show flow monitor m1 cache
But no flows are exported to the collector.
Anyone has more news about this issue?
Best Regards,
Salva.
03-30-2017 02:28 AM
Hi, we found a solution accidently.
We just did manual switchover (#redundancy force-switchover).
After that standby switch become active and we see, that we recieve correct netflow data.
Then we do manual switchover back again. After that we recieve correct netflow data.
I don't know it this a bug or a feature :)
Try to do this and write about results. Hope this will help you.
06-01-2017 06:28 AM
Sorry for not answering before, but the devices are now in production and is difficult to get a maintenance window....
I did the redundancy failover and started receiving netflow data for the new active switch, but I didn't receive data from interfaces of the standby switch. Doing the failover again I returned to the original situation. So at the end, after the two failovers I only recieve netflow data from the interfaces of the active switch :-(
Best Regards,
Salva.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide