[Flow-tools] netflow on 6509 sup720?

Andrew Mabe amabe at mcnc.org
Thu Apr 5 21:42:19 EDT 2007 


I would highly recommend turning off sampling.  It does you no  
service on a 6509 because the "samples" are pulled out of the netflow  
TCAM.  The TCAM is severely limited depending on which version on 720  
you have (max in the table on a BXL is 256K with a 90% hash  
efficiency).  When sampling is turned on it samples OUT of the table  
and not INTO the table.  Therefore sampling does nothing other than  
not report all traffic and reduce the load on your netflow collector.

mls netflow captures all traffic that is hardware switched, so make  
sure to catch anything that is CPU routed turn on "ip route-cache  
flow" on all possible interfaces that flows may be coming inbound.



On Apr 5, 2007, at 9:20 PM, Monty Ree wrote:

> Hello, all.
>
> I have operated several servers. But after I have setup flow-tools,  
> I can find only inbound traffic is seen.
> (all request is seen, but I can't find any reply packet)
>
> My config is below.
>
> -. cisco 6509 sup720 native ios
> mls ip multicast flow-stat-timer 9  mls aging long 64
> mls aging normal 60
> mls flow ip full
> no mls flow ipv6
> mls nde sender version 5
> mls sampling time-based 1024
> mls cef error action freeze
>
> interface GigabitEthernet9/1
> ip address 1.1.1.1 255.255.255.252
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> mls netflow sampling
>
> ip flow-export version 5 peer-as
> ip flow-export destination 2.2.2.2 2055
>
>
> What's the matter and how can I solve this problem???
>
> Thanks for your time..
>
> _________________________________________________________________
> 메신저에서 문자를 바로 보내보세요 http://phonebuddy.msn.co.kr/
> _______________________________________________
> Flow-tools mailing list
> flow-tools at splintered.net
> http://mailman.splintered.net/mailman/listinfo/flow-tools

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2411 bytes
Desc: not available
Url : http://mailman.splintered.net/pipermail/flow-tools/attachments/20070405/34f027f3/smime.bin

More information about the Flow-tools mailing list