All,
It seems I have made a rather stupid mistake in understanding how Netflow
for the 7600/65k works. On these platforms
Traffic can be forwarded in one of two ways, either by the MSFC ("software")
or by the PFC ("hardware").
Netflow can be configured for both of these elements in the router. Only
flows that cannot be switched by the PFC
for some reason are switched by the MSFC.
Netflow for the MSFC is configured by adding the regular <ip flow ingress>
and <ip cache-flow> commands to the interface
to be monitored.
Netflow for the PFC is configured by adding <mls nde sender version x> and
<mls flow ip full | etc> under global config mode.
I thought both configurations were necessary to allow netflow collection for
the single interface I was testing with.....this
is not the case. Having configured both, the MSFC was indeed collecting
accurate netflow data for my test port through
the MSFC configuration, but, it was also collecting netflow data for the
ENTIRE router through the MLS cache
which works with the PFC! Hence I was looking at 6 gigabits of traffic,
which is the actual total amount of data being
PFC switched through the system!
Checked the measurements against SNMP and I am glad to see NFSen is spot on!
Next stop: using masks :-)
Cheers,
Reinier
--------------------------------------------------
From: "Reinier Hamstra" <[EMAIL PROTECTED]>
Sent: Thursday, December 20, 2007 8:05 AM
To: <[email protected]>
Subject: Re: [Nfsen-discuss] NFSen graphs displaying highly
inaccuratetraffic volumes
> Using the following configuration:
>
> mls aging long 64
> mls aging fast threshold 128 time 128
> mls aging normal 300
> mls flow ip full
> no mls flow ipv6
> mls nde sender version 5
> ip flow-cache entries 131072
> mls netflow usage notify 95 3000
>
> All configurations are done under the <mls> configuration section because
> the 7600/65k uses timers configured for the mls cache instead of the
> netflow
> cache directly. Configuration choices are explained below.
>
> mls aging long 64 - this setting provides the least irratic graphs. Long
> aging provides aging against timer-wraparound issues that can cause
> inaccurate
> results.
>
> mls aging fast threshold 128 time 128 set to the maximum allowed
> parameters for Time and Packet count. I have not yet had the chance to
> tweak
> these
> parameters. Fast aging eliminates very short duration flows that switch
> few
> packets.
>
> mls aging normal 300 set to equal the
> default
> netflow export time as advised by I believe Peter Haag.
>
> mls flow ip full - using a Full
> flow mask
>
> ip flow-cache entries 131072 - mls cache size has been set
> to
> maximum size for PFC3BXL
>
> mls netflow usage notify 95 3000 collecting netflow cache
> utilization
>
> Additional notes:
> - No sampling configured. I need the full flows to be dependable and
> accurate before I will trust/implement sampled information
> - Netflow table utilization is often at 99%.
> - <show ip cache flow> command output shows many inactive entries. I
> have
> tried to solve this through aggressive aging through adjusting Fast aging
> to minimum parameter value. This causes a huge amount of Flows/sec to
> be
> registered, accompanied by ofcourse a large amount of extra netflow
> export traffic.
>
>
>
>
>
> --------------------------------------------------
> From: "hjan" <[EMAIL PROTECTED]>
> Sent: Wednesday, December 19, 2007 4:38 PM
> To: "Reinier Hamstra" <[EMAIL PROTECTED]>
> Subject: Re: [Nfsen-discuss] NFSen graphs displaying highly inaccurate
> traffic volumes
>
>>
>>
>> Reinier Hamstra ha scritto:
>>> Hi guys,
>>>
>>> I am currently test-monitoring a single 1gbit/s edge port on a 7600
>>> peering router. Flow export, collection and presentation are all
>>> functioning. The problem is that NFSen is graphing traffic volumes of
>>> several Gbits/s in the default Live profile. No other profiles are
>>> configured. Peak volume confirmed by CLI and SNMP is max 450Mbit/s. Any
>>> ideas why I am not seeing accurate Traffic volumes? Any help would be
>>> greatly appreciated!
>>
>>
>> Netflow on 7600 could be a pain the ass.
>> Could you post your 7600 netflow configuration ?
>>
>> Regards,
>> Gianluca
>>
>
> -------------------------------------------------------------------------
> SF.Net email is sponsored by:
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services
> for just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Nfsen-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
