[flow-tools] Cat6500 and Netflow

[Andrew Fort]

Shane Dawalt wrote:
> 
>  Well, these sup2 are about 2 years old now.  <sigh>
> 
>  I have the ip fast aging setting down as low as it will go (32).  My 
> guess is that reducing the ip long-duration aging setting probably won't 
> do much good.  I guess I could probably apply a filter.  (Gee, I guess 
> that means if I change to a full-flow mask, I will probably start 
> dropping lots of flows.)
> 
>  Shane

seems likely enough.  netflow on internet mix traffic on anything other 
than a sup720-3bxl is not recommended, and even then, it seems prudent 
not to recommend it if you were billing on that traffic.

the other problem is that on the software that's out there now for all 
sups, and likely 'always' on the sup720-3a/sup2, you can't disable flow 
tcam population for specific interfaces, i.e., it's on all the time.

So, if you have a lot of IP interfaces on the box, and you only care 
about netflow'ing one (or two) of them, you can't prune the amount of 
stuff ending up in the netflow tcam, further exaserbating the problem.

e.g., I have no 'ip route-cache flow' or 'ip flow ingress' anywhere on 
my 7609-sup720 (pfc3a), but i get flow stats (though not packet size 
dist or flow switching cache stats, since that's 'disabled').

crusty#sh ip cach fl
IP packet size distribution (0 total packets):
    1-32   64   96  128  160  192  224  256  288  320  352  384  416 
448  480
    .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 
.000 .000

     512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
    .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 0 bytes
   0 active, 0 inactive, 0 added
   0 ager polls, 0 flow alloc failures
   Active flows timeout in 30 minutes
   Inactive flows timeout in 15 seconds
   last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) 
Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP 
  Pkts

Displaying Hardware entries in Module 1
  SrcIf            SrcIPaddress          DstIPaddress      Pr       SrcP 
      DstP      Pkts
  Vl179            220.130.39.237        220.101.4.220     tcp      3393 
      135       3
  Vl179            24.207.193.248        131.244.3.55      tcp      2053 
      smtp      3
  Vl179            203.103.165.70        202.44.98.24      udp 
58940     dns       1


-andrew