Jump to content

Cisco Netflow Notes (Sup720)


wildweaselmi
 Share

Recommended Posts

The SUP720 is a very poor netflow platform.



There has been extensive discussion about this problem in cisco-nsp over the past several years. Basically, there is too little netflow tcam on this card to deal with anything more than a couple of gigs of traffic. You can help things by setting the aging timer to be very aggressive, and by getting DFCs (although these are a rather expensive option). Sampling won't generally help, as the sampling is done in software, after the data has been collected.



What I will do is pass along some OID's to poll that will show you the


TCAM table utilization and how many flow "misses" you are experiencing


because the SUP720 is horribly undersized.



Active flows


.1.3.6.1.4.1.9.9.97.1.4.1.1.5



Flow Learn Failures


.1.3.6.1.4.1.9.9.97.1.4.1.1.6



Total Packets being L3 switched by box


.1.3.6.1.4.1.9.9.97.1.4.1.1.1



Like I said before about sampling... turn it off. It does nothing for


you and doesn't help the situation. Heck, turn it off and watch the


CPU... I suspect you won't see much of a change at all.


Link to comment
Share on other sites

An example of how to configure a switch for netflow



Switch(config)#interface Vlan101


Switch(config-if)#ip address 10.10.101.1 255.255.255.0


Switch(config-if)#exit



Switch(config)#interface Vlan200


Switch(config-if)#ip address 10.10.200.1 255.255.255.0


Switch(config-if)#exit



Switch(config)#interface loopback 0


Switch(config-if)#ip address 10.10.1.1 255.255.255.255


Switch(config-if)#exit



Switch(config)#interface Gigabit 1/1


Switch(config-if)#description WAN Router


Switch(config-if)#no switchport


Switch(config-if)#ip address 10.10.200.1 255.255.255.0


Switch(config-if)#exit




!--- This configuration shows that


!--- the VLANs are configured with IP addresses.





!


Switch(config)#mls netflow




!--- Enables NetFlow on the PFC.



!


Switch(config)#mls flow ip full




!--- Configures flow mask on the PFC.


!--- In this example, flow mask is configured as full.



!


Switch(config)#interface Vlan101


Switch(config-if)#ip route-cache flow


Switch(config-if)#exit



Switch(config)#interface Vlan200


Switch(config-if)#ip route-cache flow


Switch(config-if)#exit



Switch(config)#interface Gigabit 1/1


Switch(config-if)#ip route-cache flow


Switch(config-if)#exit






!--- Enables NetFlow on the MSFC.




Switch(config)#ip flow ingress layer2-switched vlan 101,200



!--- Enables NetFlow for Layer 2-switched traffic on the PFC.


!--- It also enables the NDE for Layer 2-switched traffic on the PFC.[/code]


Link to comment
Share on other sites

  • 2 weeks later...

Just enabled netflow on a router (2821) running (C2800NM-ADVSECURITYK9-M), Version 12.4(2)XA, RELEASE SOFTWARE (fc3) and this is what was entered.

config t

interface GigabitEthernet0/0

ip route-cache flow

ip flow-export source GigabitEthernet0/0

ip flow-export version 5

ip flow-export destination 10.58.128.39 2185

snmp-server community zahsys RO

end

copy running-config startup-config[/code]

Link to comment
Share on other sites

 Share

×
×
  • Create New...