I would highly recommend turning off sampling. It does you no service on a 6509 because the "samples" are pulled out of the netflow TCAM. The TCAM is severely limited depending on which version on 720 you have (max in the table on a BXL is 256K with a 90% hash efficiency). When sampling is turned on it samples OUT of the table and not INTO the table. Therefore sampling does nothing other than not report all traffic and reduce the load on your netflow collector.
mls netflow captures all traffic that is hardware switched, so make sure to catch anything that is CPU routed turn on "ip route-cache flow" on all possible interfaces that flows may be coming inbound.
On Apr 5, 2007, at 9:20 PM, Monty Ree wrote:
Hello, all.I have operated several servers. But after I have setup flow-tools, I can find only inbound traffic is seen.(all request is seen, but I can't find any reply packet) My config is below. -. cisco 6509 sup720 native ios mls ip multicast flow-stat-timer 9 mls aging long 64 mls aging normal 60 mls flow ip full no mls flow ipv6 mls nde sender version 5 mls sampling time-based 1024 mls cef error action freeze interface GigabitEthernet9/1 ip address 1.1.1.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow mls netflow sampling ip flow-export version 5 peer-as ip flow-export destination 2.2.2.2 2055 What's the matter and how can I solve this problem??? Thanks for your time.. _________________________________________________________________ 메신저에서 문자를 바로 보내보세요 http://phonebuddy.msn.co.kr/ _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
