Re: SWITCH 4507_R PRESENT PROBLEMS WITH NETFLOW _ PROCESSOR V_10

ROGER FERNANDO MAJO ZACARIAS · ‎05-13-2011

Dear Sirs,

We have installed a switch core CISCO 4507R_E with a SUP V-10GE (X2).

We choosed this model of processor because it support NETFLOW by default.

But at this time the switch is showing the next alarm in the log:

060650: *May 13 06:09:48.194 GMT: %C4K_HWNETFLOWMAN-4-FLOWSLOSTERR: Netflow stats lost either due to hardware hash collisions or full hardware flow table. Stats lost for 24 packets.

And we have some question regard of:

Is this alarm affecting or degrading the performance of the switch 4507R_E?
What can we do to resolve this problem?
1. change IOS
2. increase memory

We are annexing the sh ver, sh modules and sh log (see atached files).

Waiting your sooner answer.

Attn.

Roger Majo

kapathak · ‎05-20-2011

Hello!

Lets have a look at what "show platform hardware netflow statistics utilization" tells us

ROGER FERNANDO MAJO ZACARIAS · ‎05-20-2011

Hello Kapit,

This is the screenshoot of the command:

show platform hardware netflow statistics utilization

4507R_E#show platform hardware netflow statistics utilization

Netflow Hardware Table Bucket Usage Statistics

JtagId:          271192137
Buckets w/ X    Bucket Count     Used Entry Count
Used Entries    (% of Buckets) (% of Entries)
------------    --------------- ----------------
     0          8192 (100.0)     0      ( 0.0)
     1          0    ( 0.0)     0      ( 0.0)
     2          0    ( 0.0)     0      ( 0.0)
     3          0    ( 0.0)     0      ( 0.0)
     4          0    ( 0.0)     0      ( 0.0)
     5          0    ( 0.0)     0      ( 0.0)
     6          0    ( 0.0)     0      ( 0.0)
     7          0    ( 0.0)     0      ( 0.0)
     8          0    ( 0.0)     0      ( 0.0)
     9          0    ( 0.0)     0      ( 0.0)
    10          0    ( 0.0)     0      ( 0.0)
    11          0    ( 0.0)     0      ( 0.0)
    12          0    ( 0.0)     0      ( 0.0)
    13          0    ( 0.0)     0      ( 0.0)
    14          0    ( 0.0)     0      ( 0.0)
    15          0    ( 0.0)     0      ( 0.0)
    16          0    ( 0.0)     0      ( 0.0)
Total Used      0    ( 0.0)     0      ( 0.0)
Total Free      N/A              131072 (100.0)

Current Netflow statistics lost due to full hw flow table: 3295
Netflow statistics lost due to full hw flow table since flow collection enabled: 106451
Total Netflow statistics lost due to full hw flow table: 106451

4507R_E#
4507R_E#

At this moment we have the netflow configuration disabled at cisco switch 4507R_E.

Waiting your sooner answer.

Attn.

Rofer Majo

kapathak · ‎05-20-2011

After disabling netflow on the device, I assume that these errors have stopped. These messages you see shouldn't be performance impacting, they just indicate that the device didn't collect netflow data for all of the flows since the TCAM was probably full.

You can try reconfiguring the timeout values for active/inactive flows. This will force entries out of the cache sooner.

ip flow-cache timeout   

This has a tendency to increase CPU Utilization so please make sure that your current utilization permits enabling this.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/54sg/configuration/guide/nfswitch.html#wp1022037 
"The effective size of the hardware flow cache 
table is 65,000 flows. (The hardware flow cache for the Supervisor 
Engine V-10GE is 85,000 flows.) If more than 85,000 flows are active 
simultaneously, statistics may be lost for some of the flows.
"

Cheers!

SWITCH 4507_R PRESENT PROBLEMS WITH NETFLOW _ PROCESSOR V_10GE