[flow-tools] Catalyst 6509's && GSR/Juniper
Christian Bauer
Christian.Bauer@NEFonline.de
Wed, 11 Dec 2002 09:22:17 +0100
--------------060509070605070306030608
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
HI 6509 and 76xx users...
we are using both types of machines and want to account
the traffic through this routers.
problem is, that SUP-2 has alwas MLS switched on and you are not
able to disable the generation of netflow-data from some ports.
result is: you NEED to export your flowdata with srcIF-index.
then you are able to build filters where you accept only data from
interfaces witch you want.
i build such a system and principially it works fine.
but the 7609 has many problems.
we made many tests in our lab.. and all works fine.. (some problems with
exporting the correct srcIFindex.. but this occours only for the
interface wich
the default route is pointing to. in a BGP system - no problem)
then we inserted the 7609 in our backbone.. and big surprise...
accounting is NOT correct.. the machine exported too less data..
problem are definitley NOT lost flows.
we had some prio1 cases running on cisco...
and they working really hard on our problems.
it seems that we are running into hardware limitations.
they talk about 'unofficial' numbers of max. flow-data-records per minute.
this numbers are about 1,2 mio records per minute if you set the export mask
to sourceIP or destinationIP ONLY.
with source and destinationIF and PortNumbers they talk about 400.000
flow exports
per minute.
and just at this moment we got an official mail from cisco..
they write, that we have NO misconfiguration or a bug in CatOS (we are
running
hybrid-mode).
you can check if you are already in trouble by using:
sh mls debug
if you have an increasing number of 'Netflow full errors' than you will
loose accounting data.. fatal if you use this for customer billing.
(like we do :-((( )
we have no idea how to solve or workaround this problem.
cisco promised us, that this machine is the right solution for our
needs...
our 6509 with SUP-1 has not enough performance for this job...
maybe some people here are able to bother cisco with
opening cases.. maybe they will notice, that we are NOT
the only users on this plante using a 7609 with netflow-accounting?!?!??!
in the past my meaning about cisco-software development wents to nearly
the same step as Micro$oft...
maybe anyone here has some ideas how to account a whole backbone
per IP in a consistent way...
we have many 10 mbit customers.. some 100mbit..
and a hand full of GBit customers...
we are talking of about 500-600 mbits/second in our backbone at
this moment. and we arrived already the netflow-limit... very ugly...
so long
chris
>Hi Ian
>
>I assume you mean switch from CATOS completely.
>
>Mmmm, how stable is IOS for CATOS these days? Is CATOS even supported still?
>
>/me remembers back to the dim and distant past and a very ill native IOS
>6509 he saw :-(
>
>Got any urls for the differences i'm likely to see? between the two?
>
>Lasty, would you recommend netflow accounting from the core switches? or
>rather from 7xxx/GSR's at the edges?
>
>We could potentially see upto 7-800Mb/sec of traffic into the network from
>various edges.
>
>Regards
>
>Darren
>
>----- Original Message -----
>From: "Ian Cox" <icox@cisco.com>
>To: "Darren Smith" <data@barrysworld.com>; <flow-tools@splintered.net>
>Sent: Tuesday, December 10, 2002 6:29 PM
>Subject: Re: [flow-tools] Catalyst 6509's && GSR/Juniper
>
>
>>At 05:32 PM 12/10/2002 +0000, Darren Smith wrote:
>>
>>>Hi folks
>>>
>>>We currently have Cisco 6509's with MSFC-2, SUP-2 & PFC-2's in the core
>>>
>of
>
>>>our network in a CATOS+IOS environment (currently '7.1(2)' &
>>>
>'12.1(11b)E')
>
>>>I got told netflow was terribly broken on 6509's in the past? Has this
>>>
>now
>
>>>changed? If so? has anyone got any recommendations on CATOS/IOS releases
>>>
>on
>
>>>these to enable netflow to work reliably?
>>>
>>>If it still doesn't work properly, i've been looking at upgrades to Cisco
>>>7600's at the network edges or potentially GSR/JUNIPER equipment.
>>>
>>>Is there anything I need to be aware of from a Netflow Accounting Point
>>>
>Of
>
>>>View on GSR/Juniper platforms? Or do the exports happen the same as
>>>
>regular
>
>>>cisco routers?
>>>
>>If you want AS numbers then you need to change the OS on the 6500s to run
>>IOS. In 12.1(13)E many enhancements were made to netflow.
>>
>>
>http://www/en/US/products/hw/switches/ps708/products_configuration_guide_cha
>pter09186a008007e6f0.html
>
>>
>>Ian
>>
>>
>>>Any insight you could give is appreciated.
>>>
>>>Best Regards
>>>
>>>Darren Smith
>>>Game Digital Ltd
>>>
>>>
>>>_______________________________________________
>>>flow-tools@splintered.net
>>>http://www.splintered.net/sw/flow-tools
>>>
>>_______________________________________________
>>flow-tools@splintered.net
>>http://www.splintered.net/sw/flow-tools
>>
>
>
>_______________________________________________
>flow-tools@splintered.net
>http://www.splintered.net/sw/flow-tools
>
--
NEFkom Telekommunikation GmbH & Co.
Spittlertorgraben 13 Tel. 0911/1808-18
D-90429 Nuernberg Fax. 0911/1808-409
http://www.NEFkom.de mailto:Christian.Bauer@NEFkom.de
--------------060509070605070306030608
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html>
<head>
</head>
<body>
HI 6509 and 76xx users...<br>
<br>
we are using both types of machines and want to account<br>
the traffic through this routers.<br>
problem is, that SUP-2 has alwas MLS switched on and you are not<br>
able to disable the generation of netflow-data from some ports.<br>
result is: you NEED to export your flowdata with srcIF-index.<br>
then you are able to build filters where you accept only data from<br>
interfaces witch you want.<br>
i build such a system and principially it works fine.<br>
but the 7609 has many problems. <br>
we made many tests in our lab.. and all works fine.. (some problems with<br>
exporting the correct srcIFindex.. but this occours only for the interface
wich<br>
the default route is pointing to. in a BGP system - no problem)<br>
then we inserted the 7609 in our backbone.. and big surprise...<br>
accounting is NOT correct.. the machine exported too less data..<br>
problem are definitley NOT lost flows.<br>
<br>
we had some prio1 cases running on cisco...<br>
and they working really hard on our problems.<br>
<br>
it seems that we are running into hardware limitations.<br>
they talk about 'unofficial' numbers of max. flow-data-records per minute.<br>
this numbers are about 1,2 mio records per minute if you set the export mask<br>
to sourceIP or destinationIP ONLY.<br>
with source and destinationIF and PortNumbers they talk about 400.000 flow
exports<br>
per minute.<br>
<br>
and just at this moment we got an official mail from cisco..<br>
they write, that we have NO misconfiguration or a bug in CatOS (we are running<br>
hybrid-mode).<br>
<br>
you can check if you are already in trouble by using:
<pre wrap="">sh mls debug</pre>
if you have an increasing number of 'Netflow full errors' than you will<br>
loose accounting data.. fatal if you use this for customer billing. (like
we do :-((( )<br>
<br>
we have no idea how to solve or workaround this problem.<br>
cisco promised us, that this machine is the right solution for our<br>
needs...<br>
<br>
our 6509 with SUP-1 has not enough performance for this job...<br>
<br>
maybe some people here are able to bother cisco with<br>
opening cases.. maybe they will notice, that we are NOT<br>
the only users on this plante using a 7609 with netflow-accounting?!?!??!<br>
<br>
in the past my meaning about cisco-software development wents to nearly<br>
the same step as Micro$oft...<br>
<br>
maybe anyone here has some ideas how to account a whole backbone<br>
per IP in a consistent way...<br>
we have many 10 mbit customers.. some 100mbit..<br>
and a hand full of GBit customers... <br>
we are talking of about 500-600 mbits/second in our backbone at<br>
this moment. and we arrived already the netflow-limit... very ugly...<br>
<br>
so long<br>
<br>
chris<br>
<br>
<br>
<blockquote type="cite" cite="mid:000d01c2a083$f534bfb0$02bbddd5@phatpipe.net">
<pre wrap="">Hi Ian<br><br>I assume you mean switch from CATOS completely.<br><br>Mmmm, how stable is IOS for CATOS these days? Is CATOS even supported still?<br><br>/me remembers back to the dim and distant past and a very ill native IOS<br>6509 he saw :-(<br><br>Got any urls for the differences i'm likely to see? between the two?<br><br>Lasty, would you recommend netflow accounting from the core switches? or<br>rather from 7xxx/GSR's at the edges?<br><br>We could potentially see upto 7-800Mb/sec of traffic into the network from<br>various edges.<br><br>Regards<br><br>Darren<br><br>----- Original Message -----<br>From: "Ian Cox" <a class="moz-txt-link-rfc2396E" href="mailto:icox@cisco.com"><icox@cisco.com></a><br>To: "Darren Smith" <a class="moz-txt-link-rfc2396E" href="mailto:data@barrysworld.com"><data@barrysworld.com></a>; <a class="moz-txt-link-rfc2396E" href="mailto:flow-tools@splintered.net"><flow-tools@splintered.net></a><br>Sent: Tuesday, December
10, 2002 6:29 PM<br>Subject: Re: [flow-tools] Catalyst 6509's && GSR/Juniper<br><br><br></pre>
<blockquote type="cite">
<pre wrap="">At 05:32 PM 12/10/2002 +0000, Darren Smith wrote:<br></pre>
<blockquote type="cite">
<pre wrap="">Hi folks<br><br>We currently have Cisco 6509's with MSFC-2, SUP-2 & PFC-2's in the core<br></pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->of<br></pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">our network in a CATOS+IOS environment (currently '7.1(2)' &<br></pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->'12.1(11b)E')<br></pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">I got told netflow was terribly broken on 6509's in the past? Has this<br></pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->now<br></pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">changed? If so? has anyone got any recommendations on CATOS/IOS releases<br></pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->on<br></pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">these to enable netflow to work reliably?<br><br>If it still doesn't work properly, i've been looking at upgrades to Cisco<br>7600's at the network edges or potentially GSR/JUNIPER equipment.<br><br>Is there anything I need to be aware of from a Netflow Accounting Point<br></pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->Of<br></pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">View on GSR/Juniper platforms? Or do the exports happen the same as<br></pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->regular<br></pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">cisco routers?<br></pre>
</blockquote>
<pre wrap="">If you want AS numbers then you need to change the OS on the 6500s to run<br>IOS. In 12.1(13)E many enhancements were made to netflow.<br><br><br></pre>
</blockquote>
<pre wrap=""><!----><a class="moz-txt-link-freetext" href="http://www/en/US/products/hw/switches/ps708/products_configuration_guide_cha">http://www/en/US/products/hw/switches/ps708/products_configuration_guide_cha</a><br>pter09186a008007e6f0.html<br></pre>
<blockquote type="cite">
<pre wrap=""><br>Ian<br><br><br></pre>
<blockquote type="cite">
<pre wrap="">Any insight you could give is appreciated.<br><br>Best Regards<br><br>Darren Smith<br>Game Digital Ltd<br><br><br>_______________________________________________<br><a class="moz-txt-link-abbreviated" href="mailto:flow-tools@splintered.net">flow-tools@splintered.net</a><br><a class="moz-txt-link-freetext" href="http://www.splintered.net/sw/flow-tools">http://www.splintered.net/sw/flow-tools</a><br></pre>
</blockquote>
<pre wrap="">_______________________________________________<br><a class="moz-txt-link-abbreviated" href="mailto:flow-tools@splintered.net">flow-tools@splintered.net</a><br><a class="moz-txt-link-freetext" href="http://www.splintered.net/sw/flow-tools">http://www.splintered.net/sw/flow-tools</a><br><br></pre>
</blockquote>
<pre wrap=""><!----><br><br>_______________________________________________<br><a class="moz-txt-link-abbreviated" href="mailto:flow-tools@splintered.net">flow-tools@splintered.net</a><br><a class="moz-txt-link-freetext" href="http://www.splintered.net/sw/flow-tools">http://www.splintered.net/sw/flow-tools</a><br><br></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="$mailwrapcol">--
NEFkom Telekommunikation GmbH & Co.
Spittlertorgraben 13 Tel. 0911/1808-18
D-90429 Nuernberg Fax. 0911/1808-409
<a class="moz-txt-link-freetext" href="http://www.NEFkom.de">http://www.NEFkom.de</a> <a class="moz-txt-link-freetext" href="mailto:Christian.Bauer@NEFkom.de">mailto:Christian.Bauer@NEFkom.de</a>
</pre>
<br>
</body>
</html>
--------------060509070605070306030608--