Cisco Systems WSC4500X16SFP Manual De Usuario
38-5
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 38 Configuring NetFlow
Overview of NetFlow Statistics Collection
Assigning the Input Interface and Input Related Inferred Fields
Similarly, the input interface and the source AS number for the source IP address are determined by
looking up the FIB entry in the default FIB table based on the source IP address. Therefore, the input
interface is based solely on the source IP address and a reverse lookup is done to determine to which
interface a packet with this IP destination address needs to be routed. This process assumes that the
forwarding paths are symmetrical. However, if this process yields multiple input interfaces, a
deterministic algorithm will be applied to pick one of them the one with the lowest IP address. Although
this process typically yields correct values, there are scenarios where the values are inaccurate:
looking up the FIB entry in the default FIB table based on the source IP address. Therefore, the input
interface is based solely on the source IP address and a reverse lookup is done to determine to which
interface a packet with this IP destination address needs to be routed. This process assumes that the
forwarding paths are symmetrical. However, if this process yields multiple input interfaces, a
deterministic algorithm will be applied to pick one of them the one with the lowest IP address. Although
this process typically yields correct values, there are scenarios where the values are inaccurate:
•
If load balancing is being applied by an upstream adjacent switch, one input interface must be
chosen arbitrarily out of the multiple input interfaces available. This action is necessary because the
input interface that would be used depends on the type of load balancing algorithm being deployed
by the adjacent upstream switch. It is not always feasible to know the algorithm. Therefore, all flow
statistics will be attributed to one input interface. Software selects the interface with the lowest IP
subnet number.
chosen arbitrarily out of the multiple input interfaces available. This action is necessary because the
input interface that would be used depends on the type of load balancing algorithm being deployed
by the adjacent upstream switch. It is not always feasible to know the algorithm. Therefore, all flow
statistics will be attributed to one input interface. Software selects the interface with the lowest IP
subnet number.
•
In an asymmetric routing scheme in which the traffic for an IP subnet might be received on one
interface and sent on another, the inferences noted previously for selecting an input interface, based
on a reverse lookup, would be incorrect and cannot be verified.
interface and sent on another, the inferences noted previously for selecting an input interface, based
on a reverse lookup, would be incorrect and cannot be verified.
•
If PBR or VRF is enabled on the switch and the flow is destined to an address that resides in the
PBR or VRF range or is sourced from an address that resides in the PBR or VRF range, the
information will be incorrect. In this case, the input and output interface will most likely point to
the default route (if configured) or will have no value at all (NULL)
PBR or VRF range or is sourced from an address that resides in the PBR or VRF range, the
information will be incorrect. In this case, the input and output interface will most likely point to
the default route (if configured) or will have no value at all (NULL)
•
If VRF is enabled on the switch on some interfaces and the flow comes from a VRF interface, the
information will be incorrect. In this case, the input and output interface will most likely point to
the default route (if configured) or will have no value (NULL).
information will be incorrect. In this case, the input and output interface will most likely point to
the default route (if configured) or will have no value (NULL).
Note
The Supervisor Engine V-10GE provides the input interface information via hardware, improving the
accuracy of NetFlow information.
accuracy of NetFlow information.
Feature Interaction of Netflow Statistics with UBRL and Microflow Policing
On systems with Supervisor Engine V-10GE, there is a feature interaction between Netflow Statistics
and UBRL (User Based Rate Limiting). As part of correctly configuring UBRL on a given interface, the
class-map must specify a flow-mask. In turn, this flow mask is used to create hardware-based netflow
statistics for the flow. By default, for traditional full-flow netflow statistics, the full-flow mask is used.
With UBRL, however, the masks can differ. If UBRL is configured on a given interface, the statistics are
collected based on the mask configured for UBRL. Consequently, the system will not collect full-flow
statistics for traffic transiting an interface configured with UBRL. For more details, refer to the
and UBRL (User Based Rate Limiting). As part of correctly configuring UBRL on a given interface, the
class-map must specify a flow-mask. In turn, this flow mask is used to create hardware-based netflow
statistics for the flow. By default, for traditional full-flow netflow statistics, the full-flow mask is used.
With UBRL, however, the masks can differ. If UBRL is configured on a given interface, the statistics are
collected based on the mask configured for UBRL. Consequently, the system will not collect full-flow
statistics for traffic transiting an interface configured with UBRL. For more details, refer to the
VLAN Statistics
With NetFlow support, you can report Layer 2 output VLAN statistics, as well as VLAN statistics for
routed traffic in and out of a VLAN.
routed traffic in and out of a VLAN.