12-15-2015 05:33 AM
So we can look at the live netflow cache via something like:
show flow monitor nf_v4 cache match interface egress eq te0/0/0/15 location 0/0/cpu0
and that gets us a table of flows.
However, when I try to do this via matching on an IP address:
show flow monitor nf_v4 cache match interface egress eq te0/0/0/15 ipv4 destination address eq 1.1.1.1/32 location 0/0/cpu0
then no matches come up. I verified immediately before and after looking at the cache that there are flows to this address, so I'm not sure how the parser is trying to match. In the table they don't have the '/32' on them, just the raw IP address. It's also strange that there's a range command allowed here, 1.0.0.0/32 range 1.1.255.255/32 doesn't even make any sense.
12-26-2015 05:45 AM
hi aaron,
yeah seems like an issue with the command, when I check the implementation the backend is not there to support the filter on ip addr it seems. if this needs to be taken care of, then have peter file a ddts for you and we should be able to get it going.
in the interim, a pipe include on the regular full cache command can be a way out.
cheers!
xander
12-28-2015 07:36 AM
Yes, we could use the pipe/include, but then we wouldn't be able to look for things in a /22 or something like that. Being able to specify a range on the command line would be really helpful.
12-29-2015 05:05 AM
that makes total sense Aaron, especially when you have a million entries in your cache, doing the filter via cli (as opposed to regex) has something user friendliness associated with it :)
Did you get to speak with Peter on filing a ddts for this one bug and second enhancement (as needed)?
xander
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide