标签为 ‘Netflow’的文章

ASR9k Netflow and QOS order in the inbound direction

My customer match a issue that business traffics take IP6,7 flag, then the traffics auto mapping to EXP6,7 that cause control police congestion, and ISIS flapping due to BFD flap. So they want to check which traffics have incorrect flag by netflow, so need to check ording for netflow and QOS at input direction. I check some documents, nobody notice that, so the article will show test info, you can check if you need. Finaly test result: At ingress direction, packets will be cached first by netflow, then do other action in QOS.

Btw, due to auto mapping from TOS to EXP by range, e.g: TOS 192-223 will map to EXP6; TOS 223-255 will map to EXP7. So if we want to check the issue by netflow, suggest filter EXP data, as in my follow test, check by follow command:

RP/0/RSP1/CPU0:ASR9006-G#sh flow monitor test-mpls cache brief location 0/0/cpu0 | i 7-0
Fri Jan  8 04:57:39.604 UTC
      LDP        30000-7-0        40034-7-1           -                -                -                -          Te0/0/0/2       Te0/0/0/1       Fwd                  3888         36           Egr      0xff     icmp     0          2048


Flexible NetFlow configuration example

flow record test
 match ipv4 dscp
 match ipv4 source address
 match ipv4 destination address
 collect counter bytes
 collect counter packets
 collect policy qos classification hierarchy   
>>>for flex netflow qos feature need config "platform qos performance-monitor" and reload


Netflow V9


2013-10-14: ASR9K NetFlow White Paper

1. Template:

在v9的版本中,引进了template这个概念,这个东西感觉像个索引,告诉网管netflow的架构,默认export时间为1800s,也就是30mi,在抓netflow报文时,如果没有抓下template,那么你会发现通过wireshark无法解开cflow的报文,你也就没发分析了。另外template分两种,一种是正常的数据flow,另一种是option的flow,这就带来了强大的扩展。在下面的信息里,我把template的timeout改成了10s,cache timeout没改,所以你发现短时间内没有抓到任何flow流量: