“Why don’t I see my VLAN traffic?”  was the question one of our customers asked me the other day. Although other Cisco models were exporting flows properly, it seemed that all of his Cisco 7600s were under reporting traffic.

Cisco Systems 7600 router options

I knew then that it was some kind of configuration issue that was preventing Scrutinizer from receiving all the flows from his VLANs as he was getting some flows, but not all. All we saw were a few ICMP conversations (ping) and a very small amount of EIGRP traffic.

I asked if this was a pure router or if there was switching involved. He said “pure router”. I was intrigued, so we launched a GotoMeeting to check out his config.

I looked at our Netflow configuration page, but didn’t see anything relating to the 7600s in particular (which we will update).

We reviewed his Cisco router configuration and it looked good at first. He had the export destination, version, and timeout entries. He also had the IP flow ingress command on all of his interfaces. This router does not accept the ip route-cache flow command, only the ip flow ingress .

I decided to go back to the basics and confirm the symptom which was VLANs understating utilization. Luckily, he had reports created in the Denika SNMP Performance Trender for SNMP Reporting on the same ports. This was huge because it allowed me to verify which interfaces were under reporting. His VLANs were in fact transferring much more traffic than what Scrutinizer was seeing in the NetFlow packets. I decided to confirm the claim that it was only his VLANs under reporting and guess what? It wasn’t. I found two physical interfaces that were also understating utilization. I knew then that we were missing something with the global commands.

We went back and reviewed his global commands and again everything looked okay until I checked the Cisco 7600 Series Configuration Guide. Here’s an excerpt from that document:

Configuring Per-Interface NetFlow and NDE
Following is a summary of the steps you must perform to configure per-interface NetFlow and NDE on Cisco 7600 routers. Detailed procedures for each step are provided in the sections later in this chapter.

1. If you plan to export NetFlow statistics, globally enable NDE on the router by issuing the following commands:

configure terminal
ip flow-export destination
ip flow-export version
mls nde sender version

2. Enable NetFlow on individual interfaces by issuing the following commands:

configure terminal
interface
ip flow ingress

Ok, it looks like we’re missing the “mls nde sender version” line.  The options were version 5 or 7, and so we chose 5 to match the export version (netflow v5) and the utilization immediately shot up. We did one final check to compare the SNMP port utilization reports to NetFlow Port utilization and it closely matched.

So don’t forget to add the mls nde sender line in your 7600 configuration, or you won’t get the right numbers.

 

Steve Cunha author pic

Steve

Stephen joined Plixer in 2011. Steve’s efforts over the years have helped many customer gain better Visibility and Network Analytics. With more than 5 years of successful technology consultation, Steve has become a thought leader, focusing on how Scrutinizer can be part of a system incorporating other solutions such as Gigamon, Statseeker, Uptime, InfoBlox and Splunk. Firm believer that most organizations will have a larger SDN implementation and greater leveraging the Cloud in the next few years. Steve resides in Scarborough, ME with his wife and two sons.

Related

Leave a Reply