Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1308
Views
0
Helpful
0
Replies

Flexible NetFlow - Empty Cache

amm.jwalker
Level 1
Level 1

‎03-18-2013 06:48 AM - last edited on ‎03-25-2019 04:24 PM by Community Manager

I've been experiencing problems with flexible netflow on a 2811 running 15.1(3)T4. The cache seems to fill up quickly (in a matter of hours?) and then gets completely stuck. I'm not sure if this might be a problem with my config or an IOS caveat. It does seem to be related to DMVPN though.

2811 with DMVPN:

amm-isr1#sh flow monitor STANDARD_MONITOR cache 
  Cache type:                               Normal
  Cache size:                                 8192
  Current entries:                      4294967294
  High Watermark:                       4294967295
  Flows added:                              360359
  Flows not added:                          244614
  Flows aged:                               352167
    - Active timeout      (    60 secs)       3951
    - Inactive timeout    (    15 secs)     330556
    - Event aged                                 0
    - Watermark aged                         17660
    - Emergency aged                             0
There are no cache entries to display.
amm-isr1#sh flow monitor STANDARD_MONITOR 
Flow Monitor STANDARD_MONITOR:
  Description:       User defined
  Flow Record:       STANDARD_RECORD
  Flow Exporter:     SCRUTINIZER
  Cache:
    Type:              normal
    Status:            allocated
    Size:              8192 entries / 917560 bytes
    Inactive Timeout:  15 secs
    Active Timeout:    60 secs
    Update Timeout:    1800 secs
amm-isr1#sh flow monitor STANDARD_MONITOR stat
  Cache type:                               Normal
  Cache size:                                 8192
  Current entries:                      4294967294
  High Watermark:                       4294967295
  Flows added:                              360359
  Flows not added:                          244614
  Flows aged:                               352167
    - Active timeout      (    60 secs)       3951
    - Inactive timeout    (    15 secs)     330556
    - Event aged                                 0
    - Watermark aged                         17660
    - Emergency aged                             0

Netflow config:

amm-isr1#sh run | begin flow record
flow record STANDARD_RECORD
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input
 match flow direction
 match application name
 collect datalink mac source address input
 collect datalink mac destination address input
 collect routing destination as
 collect routing next-hop address ipv4
 collect ipv4 dscp
 collect ipv4 id
 collect ipv4 source prefix
 collect ipv4 source mask
 collect ipv4 destination prefix
 collect ipv4 destination mask
 collect transport tcp source-port
 collect transport tcp destination-port
 collect transport tcp flags
 collect transport udp source-port
 collect transport udp destination-port
 collect interface output
 collect flow sampler
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter SCRUTINIZER
 destination 10.2.40.25
 source Loopback0
 transport udp 2055


 template data timeout 60


 option interface-table


 option exporter-stats


 option application-table


!


!


flow monitor STANDARD_MONITOR


 record STANDARD_RECORD


 exporter SCRUTINIZER


 cache timeout active 60


 cache entries 8192


!

DMVPN interface config:

amm-isr1#sh run | begin interface Tunnel0
interface Tunnel0
 description DMVPN SPOKE
 bandwidth 10000
 ip address 172.16.1.2 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip flow monitor STANDARD_MONITOR input
 ip flow monitor STANDARD_MONITOR output
 ip pim nbma-mode
 ip pim sparse-dense-mode
 ip nhrp authentication ******
 ip nhrp group DMVPN_GROUP_MT
 ip nhrp map multicast dynamic
 ip nhrp map multicast ******
 ip nhrp map 172.16.1.1 ******
 ip nhrp network-id 1
 ip nhrp nhs 172.16.1.1
 ip tcp adjust-mss 1360
 load-interval 30
 delay 2000
 qos pre-classify
 tunnel source FastEthernet0/0.1
 tunnel mode gre multipoint
 tunnel key 0
 tunnel protection ipsec profile VTI_PROF
!

Note, I'm running the exact same netflow configuration on 1 2821 with 15.1(3)T4 and 2 2911s with 15.2(4)M2. Interestingly enough, the watermark value on routers with DMVPN is maxed while normal otherwise:

2821 (with DMVPN):

dfh-isr1#sh flow monitor STANDARD_MONITOR statistics 
  Cache type:                               Normal
  Cache size:                                 4096
  Current entries:                             567
  High Watermark:                       4294967295
  Flows added:                            73883592
  Flows aged:                             73882837
    - Active timeout      (    60 secs)    6175577
    - Inactive timeout    (    15 secs)   67707260
    - Event aged                                 0
    - Watermark aged                             0
    - Emergency aged                             0

2911 (with DMVPN):

dfh-isr1#sh flow monitor STANDARD_MONITOR statistics 
  Cache type:                               Normal
  Cache size:                                 4096
  Current entries:                            1100
  High Watermark:                       4294967295
  Flows added:                           139226115
  Flows not added:                            1696
  Flows aged:                            139224969
    - Active timeout      (    60 secs)   11894919
    - Inactive timeout    (    15 secs)  127240921
    - Event aged                                 0
    - Watermark aged                         67659
    - Emergency aged                         21470

2911 (without DMVPN):

dfh-isr2#sh flow monitor STANDARD_MONITOR statistics 
  Cache type:                               Normal
  Cache size:                                 4096
  Current entries:                             520
  High Watermark:                             3961
  Flows added:                           111800119
  Flows aged:                            111799569
    - Active timeout      (    60 secs)   11270227
    - Inactive timeout    (    15 secs)  100529225
    - Event aged                                 0
    - Watermark aged                           117
    - Emergency aged                             0

To me, this certainly looks like a DMVPN related issue, but I'm not sure what the fix is. There's an open caveat on 15.1, CSCud86954, but that involves conditions that don't apply to my config (PBR matching IPSEC traffic). Any ideas?

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card