that makes total sense Aaron,

AARON WEINTRAUB · ‎12-15-2015

So we can look at the live netflow cache via something like:

show flow monitor nf_v4 cache match interface egress eq te0/0/0/15 location 0/0/cpu0

and that gets us a table of flows.

However, when I try to do this via matching on an IP address:

show flow monitor nf_v4 cache match interface egress eq te0/0/0/15 ipv4 destination address eq 1.1.1.1/32 location 0/0/cpu0

then no matches come up. I verified immediately before and after looking at the cache that there are flows to this address, so I'm not sure how the parser is trying to match. In the table they don't have the '/32' on them, just the raw IP address. It's also strange that there's a range command allowed here, 1.0.0.0/32 range 1.1.255.255/32 doesn't even make any sense.

xthuijs · ‎12-26-2015

hi aaron,

yeah seems like an issue with the command, when I check the implementation the backend is not there to support the filter on ip addr it seems. if this needs to be taken care of, then have peter file a ddts for you and we should be able to get it going.

in the interim, a pipe include on the regular full cache command can be a way out.

cheers!

xander

AARON WEINTRAUB · ‎12-28-2015

Yes, we could use the pipe/include, but then we wouldn't be able to look for things in a /22 or something like that. Being able to specify a range on the command line would be really helpful.

xthuijs · ‎12-29-2015

that makes total sense Aaron, especially when you have a million entries in your cache, doing the filter via cli (as opposed to regex) has something user friendliness associated with it :)

Did you get to speak with Peter on filing a ddts for this one bug and second enhancement (as needed)?

xander

netflow cache matching for IP address not working