cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12245
Views
20
Helpful
11
Replies

Nexus 7k, F248XP-25, DHCP Relay and Netflow Problem

Richard Strnad
Level 4
Level 4

Hi everyone,

We switched the core devices from two cat 6500 to two nexus 7k and the most things work great but we got a strange problem with dhcp in combination with netflow. The Nexus 7k has a Sup2 and 3 x Fabric 2 Modules.

Mod  Ports  Module-Type                         Model              Status

---  -----  ----------------------------------- ------------------ ----------

1    0      Supervisor module-2                 N7K-SUP2           active *

3    48     1/10 Gbps Ethernet Module           N7K-F248XP-25      ok

4    48     1/10 Gbps Ethernet Module           N7K-F248XP-25      ok

Xbar Ports  Module-Type                         Model              Status

---  -----  ----------------------------------- ------------------ ----------

1    0      Fabric Module 2                     N7K-C7009-FAB-2    ok

2    0      Fabric Module 2                     N7K-C7009-FAB-2    ok

3    0      Fabric Module 2                     N7K-C7009-FAB-2    ok

We currently use 2 VDCs on each of the two 7k, one is Layer3 only (Core) and the other is the Layer3/Layer2 boundry (Distribution), on the Core Layer3 only VDC Netflow works so far that it exports the flows, on the Distribution Layer3/Layer2 VDC we didnt manage that flows get exported.

Configuration Core:

flow exporter CA-NETFLOWCOLLECTOR

  destination x.x.x.x

  source loopback0

  version 9

sampler PACKETWOLF

  mode 1 out-of 100

flow monitor MONITOR-IPSS-TRAFFIC

  record netflow-original

  exporter CA-NETFLOWCOLLECTOR

interface Ethernet3/2

  ip flow monitor MONITOR-IPSS-TRAFFIC input sampler PACKETWOLF

Flow exporter CA-NETFLOWCOLLECTOR:

    Description: export netflow to CA netflow appliance

    Destination: x.x.x.x

    VRF: default (1)

    Source Interface loopback0 (x.x.x.x)

    Export Version 9

        Sequence number 1351870

    Exporter Statistics

        Number of Flow Records Exported 0

        Number of Templates Exported 0

        Number of Export Packets Sent 0

        Number of Export Bytes Sent 0

        Number of Destination Unreachable Events 0

        Number of No Buffer Events 0

        Number of Packets Dropped (No Route to Host) 0

        Number of Packets Dropped (other) 0

        Number of Packets Dropped (LC to RP Error) 0

        Number of Packets Dropped (Output Drops) 0

        Time statistics were last cleared: Tue Apr 23 09:37:08 2013

Flow exporter CA-NETFLOWCOLLECTOR:

    Description: export netflow to CA netflow appliance

    Destination: x.x.x.x

    VRF: default (1)

    Source Interface loopback0 (x.x.x.x)

    Export Version 9

        Sequence number 1351870

    Exporter Statistics

        Number of Flow Records Exported 9

        Number of Templates Exported 1

        Number of Export Packets Sent 2

        Number of Export Bytes Sent 588

        Number of Destination Unreachable Events 0

        Number of No Buffer Events 0

        Number of Packets Dropped (No Route to Host) 0

        Number of Packets Dropped (other) 0

        Number of Packets Dropped (LC to RP Error) 0

        Number of Packets Dropped (Output Drops) 0

        Time statistics were last cleared: Tue Apr 23 09:37:08 2013

# show system internal access-list interface ethernet 3/2

slot  3

=======

Policies in ingress direction:

         Policy type              Policy Id      Policy name

------------------------------------------------------------

    Netflow Sampler                 80000802         

Netflow profiles in ingress direction:

  TCAM Class    Profile    Flow Monitor

---------------------------------------

      IPv4            2    MONITOR-IPSS-TRAFFIC

INSTANCE 0x0

---------------

  Tcam 1 resource usage:

  ----------------------

   Label_b = 0x201

   Bank 1

   ------

     IPv4 Class

       Policies:  Netflow Sampler()  [Merged]

       Netflow profile: 0

       Netflow deny profile: 0

       1 tcam entries

   0 l4 protocol cam entries

   0 mac etype/proto cam entries

   0 lous

   0 tcp flags table entries

   0 adjacency entries

No egress policies

Netflow profiles in egress direction:

  TCAM Class    Profile    Flow Monitor

---------------------------------------

slot  4

=======

ERROR: no ACL related hardware resources for  vdc [2], interface [Ethernet3/2]

Configuration Dist:

flow exporter CA-NETFLOWCOLLECTOR

  destination x.x.x.x

  source loopback0

  version 9

sampler PACKETWOLF

  mode 1 out-of 100

flow monitor MONITOR-INTERVLAN-TRAFFIC

  record netflow-original

  exporter CA-NETFLOWCOLLECTOR

interface Vlan241

  ip flow monitor MONITOR-INTERVLAN-TRAFFIC input sampler PACKETWOLF

  .

  .

  ip dhcp relay address x.x.x.x

  ip dhcp relay address x.x.x.x

Here is the difference that we also use dhcp relay. If i remove the netflow statment on the interface and add it again i get the following error:

(config-if)#   ip flow monitor MONITOR-INTERVLAN-TRAFFIC input sampler PACKETWOLF

An additional 1:100 sampler, over the configured sampler is applicable for F2 ports

Verify failed - Client 0x82000146, Reason: Tcam Allocation Failure,  : DHCP, Netflow Sampler (SVI), Interface: Vlan241

Verify failed - Client 0x83000146, Reason: Tcam Allocation Failure,  : DHCP, Netflow Sampler (SVI), Interface: Vlan241

Is there any limitation that i'm not aware of?

More output from the Dist:


Flow exporter CA-NETFLOWCOLLECTOR:

    Description: export netflow to CA netflow appliance

    Destination: x.x.x.x

    VRF: default (1)

    Source Interface loopback0 (x.x.x.x)

    Export Version 9

    Exporter Statistics

        Number of Flow Records Exported 0

        Number of Templates Exported 0

        Number of Export Packets Sent 0

        Number of Export Bytes Sent 0

        Number of Destination Unreachable Events 0

        Number of No Buffer Events 0

        Number of Packets Dropped (No Route to Host) 0

        Number of Packets Dropped (other) 0

        Number of Packets Dropped (LC to RP Error) 0

        Number of Packets Dropped (Output Drops) 0

        Time statistics were last cleared: Tue Apr 23 09:43:20 2013

show system internal access-list vlan 241

slot  3

=======

Policies in ingress direction:

         Policy type              Policy Id      Policy name

------------------------------------------------------------

    DHCP                               4          Relay

Netflow profiles in ingress direction:

  TCAM Class    Profile    Flow Monitor

---------------------------------------

INSTANCE 0x8

---------------

  Tcam 1 resource usage:

  ----------------------

   Label_b = 0x201

   Bank 0

   ------

     IPv4 Class

       Policies:  DHCP(Relay)  [Merged]

       Netflow profile: 0

       Netflow deny profile: 0

       5 tcam entries

   0 l4 protocol cam entries

   0 mac etype/proto cam entries

   0 lous

   0 tcp flags table entries

   1 adjacency entries

INSTANCE 0xa

---------------

  Tcam 1 resource usage:

  ----------------------

   Label_b = 0x201

   Bank 0

   ------

     IPv4 Class

       Policies:  DHCP(Relay)  [Merged]

       Netflow profile: 0

       Netflow deny profile: 0

       5 tcam entries

   0 l4 protocol cam entries

   0 mac etype/proto cam entries

   0 lous

   0 tcp flags table entries

   1 adjacency entries

INSTANCE 0xb

---------------

  Tcam 1 resource usage:

  ----------------------

   Label_b = 0x201

   Bank 0

   ------

     IPv4 Class

       Policies:  DHCP(Relay)  [Merged]

       Netflow profile: 0

       Netflow deny profile: 0

       5 tcam entries

   0 l4 protocol cam entries

   0 mac etype/proto cam entries

   0 lous

   0 tcp flags table entries

   1 adjacency entries

No egress policies

Netflow profiles in egress direction:

  TCAM Class    Profile    Flow Monitor

---------------------------------------

slot  4

=======

Policies in ingress direction:

         Policy type              Policy Id      Policy name

------------------------------------------------------------

    DHCP                               4          Relay

Netflow profiles in ingress direction:

  TCAM Class    Profile    Flow Monitor

---------------------------------------

INSTANCE 0x8

---------------

  Tcam 1 resource usage:

  ----------------------

   Label_b = 0x201

   Bank 0

   ------

     IPv4 Class

       Policies:  DHCP(Relay)  [Merged]

       Netflow profile: 0

       Netflow deny profile: 0

       5 tcam entries

   0 l4 protocol cam entries

   0 mac etype/proto cam entries

   0 lous

   0 tcp flags table entries

   1 adjacency entries

No egress policies

Netflow profiles in egress direction:

  TCAM Class    Profile    Flow Monitor

---------------------------------------

Regards

Richard

11 Replies 11

Richard Strnad
Level 4
Level 4

Got the following answer from tac:

I did a bit of research & found that as of now netflow & dhcl relay is not supported together.  This will be supported in 6.2
 
There is an enhancement bug already filed for the same. Bug id is CSCtf36357.

To Fix this.

 

we need 2 things

 

1) Code 6.2(6)

2) In default VDC, enable hardware access-list resource feature bank-mapping.

Thanks manaik, bank-mapping did the trick! In the default vdc configure: "hardware access-list resource feature bank-mapping" and then I was able to have netflow and dhcp relay on the same interface.

I found another thread on the subject as well: https://supportforums.cisco.com/discussion/12075471/nexus-7k-dhcp-relay-w-ingress-netflow-sampling

Again, thanks alot!

I just noticed the changes from yesterday 6 Jan 2014.

It seems that this bug has been fixed in NXOS 6.2(2).

Is there a chance that the bug will be fixed in the 6.1.(x) train aswell?

We are experiencing this issue on our Nexus 7K's and we are running NX-OS 6.2(2a).  Does not look like this is fixed yet.

Hi Guys,

The fix was planned originally for 6.2.2 but was pushed to 6.2.6 due some other priorities. This has been fixed in 6.2.6.

Please see the release notes.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/62_nx-os_release_note.html#wp648748

Cheers,

-amit singh

Just removed the DHCP relays from my interface Vlan and was able to add the ip flow monitor with no issue.  Tried adding the dhcp relays back and recevied:

ERROR: Hardware programming failed. Reason: Tcam Allocation Failure

Removed the ip flow monitor and was able to add back the dhcp relays.  Looks like it is not fixed yet.  I am at 6.2.6.

Just to confirm, upgraded to 6.2.6 to get around having to add the hardware ACL.  The ACL was still required after the upgrade.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

This seems to still be a problem. We currently on Nexus 7704 chassi with N77-F348XP-23 with NX-OS version 6.2(8). When will this be fixed?

Edit: This is not a bug, you just need to configure "hardware access-list resource feature bank-mapping"

Hi m.o.andersson_2

Sorry for bother you, but do you I'm having the same problem on Nexus 7706 after migration form Cisco C6509. I want to allow DHCP relay and netflow on the same interface. If I run this command "(config)# hardware access-list resource feature bank-mapping". Does it impact the network in some way?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco