MPLS Netflow Egress 12.2(25)S

Similar Messages

• MPLS VPN / BGP Netflow Issue

  I have followed all of the configuration steps given for egress accounting with netflow on a MPLS VPN link. However, it is only showing flows coming into the router. I need to be able to account both ways- any recommendations? Config below:
  interface Multilink12
  mtu 1580
  ip address XX.XX.XX.XX 255.255.255.252
  no ip redirects
  no ip unreachables
  ip pim sparse-mode
  ip route-cache flow
  mpls netflow egress
  mpls label protocol ldp
  mpls ip
  ppp multilink
  ppp multilink group 12
  ip flow-export source FastEthernet0/0/0.10
  ip flow-export version 5
  ip flow-export destination XX.XX.XX.XX 9996
  IP packet size distribution (10730093 total packets):
  1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
  .000 .098 .645 .011 .016 .012 .009 .010 .000 .001 .000 .001 .000 .000 .000
  512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
  .000 .000 .000 .002 .185 .000 .000 .000 .000 .000 .000
  IP Flow Switching Cache, 4456704 bytes
  4 active, 65532 inactive, 464700 added
  6109192 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  Inactive flows timeout in 15 seconds
  IP Sub Flow Cache, 336520 bytes
  0 active, 16384 inactive, 20706 added, 20706 added to flow
  0 alloc failures, 0 force free
  1 chunk, 1 chunk added
  last clearing of statistics never
  Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
  -------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
  TCP-Telnet 7 0.0 20 233 0.0 7.0 11.3
  TCP-FTP 3 0.0 1 40 0.0 0.4 1.6
  TCP-WWW 5757 0.0 6 389 0.0 1.1 3.0
  TCP-SMTP 7 0.0 1 40 0.0 0.7 1.6
  TCP-X 244 0.0 1 54 0.0 0.0 1.5
  TCP-other 304762 0.2 7 346 1.6 2.2 4.8
  UDP-DNS 346 0.0 1 127 0.0 0.0 15.4
  UDP-NTP 3323 0.0 1 80 0.0 0.0 15.4
  UDP-other 131041 0.0 62 341 5.4 17.6 13.2
  ICMP 64291 0.0 1 79 0.0 0.0 15.4
  Total: 509781 0.3 21 341 7.1 5.9 8.3
  SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
  Mu12 10.50.66.218 Null 10.105.0.1 11 0675 00A1 84
  Mu12 10.50.66.218 Null 10.105.19.10 11 0675 00A1 2
  Mu12 10.50.66.218 Null 10.105.19.3 11 0675 00A1 4
  Mu12 10.50.66.42 Null 10.105.19.10 06 0B3C 01BD 12

  Update on this- Im now receiving all traffic incoming into the interface, but am tracking only about 10% of the outgoing traffic- revised config below:
  ip flow-cache timeout active 1
  ip flow-cache mpls label-positions 1 2 3
  ipv6 flow-cache mpls label-positions 1 2 3
  interface Multilink12
  mtu 1580
  ip address XX.XX.XX.XX 255.255.255.252
  no ip redirects
  no ip unreachables
  ip flow ingress
  ip flow egress
  ip pim sparse-mode
  ip route-cache flow
  mpls netflow egress
  mpls label protocol ldp
  mpls ip
  ppp multilink
  ppp multilink group 12
  service-policy output cbwfq-voice20per
  ip flow-export source FastEthernet0/0/0.10
  ip flow-export version 9 origin-as
  ip flow-export destination XX.XX.XX.XX 9996

• Performance end to end testing and comparison between MPLS VPN and VPLS VPN

  Hi,
  I am student of MSc Network Security and as for my project which is " Comparison between MPLS L3 VPN and VPLS VPN, performance monitoring by end to end testing " I have heard a lot of buzz about VPLS as becoming NGN, I wanted to exppore that and produce a comparison report of which technology is better. To accomplish this I am using GNS3, with respect to the MPLS L3 VPN lab setup that is not a problem but I am stuck at the VPLS part how to setup that ? I have searched but unable to find any cost effective mean, even it is not possible in the university lab as we dont have 7600 series
  I would appreciate any support, guidence, advice.
  Thanks
  Shahbaz

  Hi Shahbaz,
  I am not completely sure I understand your request.
  MPLS VPN and VPLS are 2 technologies meant to address to different needs, L3 VPN as opposed as L2 VPN. Not completely sure how you would compare them in terms of performance. Would you compare the performance of a F1 racing car with a Rally racing car?
  From the ISP point of view there is little difference (if we don't want to consider the specific inherent peculiarities of each technology) , as in the very basic scenarios we can boil down to the following basic operations for both:
  Ingress PE impose 2 labels (at least)
  Core Ps swap top most MPLS label
  Egress PE removes last label exposing underlying packet or frame.
  So whether the LSRs deal with underlying L2 frames or L3 IP packets there is no real difference in terms of performance (actually the P routers don't even notice any difference).
  About simulators, I am not aware of anyone able to simulate a L2 VPN (AtoM or VPLS).
  Riccardo

• Netflow on Cisco 7600

  Hi All.
  It is known that SUP720-3B on Cisco 76xx doesn't support ip flow egress on interfaces.
  In the last IOS in cisco feature navigator versions I see netflow egress accounting support (see picture bellow).
  Somebody tested this feature? It really works?
  Thanks.
  Konstantin

  Hi Prima,
  This question has been already answered several times and the answer is still the same :-) : it's not supported on 7600 platform due to hardware limitation.
  HTH
  Laurent.

• 7500 nat and netflow

  Hello!
  I'm running cisco 7507 and have a problem with netflow v5 and nat.
  After 2-3 days Netflow engine stops collecting incoming traffic for ip addresses whis are translated.
  Sh ip cache flow stops showing theese packets.
  I tried debigging netflow and haven't seend any errors.
  The only thing i noticed is repeating
  "IPFLOW: Sending capture config message to all LC", but i think it is normal.
  I'm using "ip netflow egress" and "ip netflow ingress" to collect traffic on interfaces.
  On IP addresses, that is not being translated, netflow is working fine.
  "Sh run" and "sh ver" are included in attachments.
  Best regards,
  Oleg.

  I think in your case, the way that NetFlow is implemented has it do the flow lookup and creation (NetFlow) stage prior to
  the feature lookup (NAT) stage on the incoming traffic. Therefore, the NetFlow record will be created prior to NAT and you'll get the external addresses in your flow record. As a workaround, you could think about enabling NetFlow on the LAN interface(s) and collect the traffic that's being sent out to your serial interface, thereby creating flow records with internal NAT addresses. Depending on what you want to achieve and the nature of the traffic this may or may not work
  Please refer the following URL for info on netflow collector.
  http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm#xtocid2867938

• ME 6524 LLQConfiguration Help Required

  I am having hard time in configuring LLQ on a ME 6524. I am getting following error:
  priority command is not supported in output direction for this interface
  Configuration failed!
  I am new to this platform, kindly suggest....
  Below is required info and my QOS policy:
   mls qos
  ip access-list extended VC-IPs
   permit ip host 10.110.210.144 host 10.158.227.15
   exit
  class-map match-any RTP
   match protocol rtp
   exit
  class-map match-any VC
   match access-group name VC-IPs
   exit
  policy-map VC-QOS
   class RTP
   priority 2000000
   set ip dscp ef
   exit
   class VC
   bandwidth 2000000
   set ip dscp af41
   exit
   class class-default
   fair-queue
   random-detect
   exit
  int gi1/2
   service-policy out VC-QOS
   exit
  end
  priority command is not supported in output direction for this interface
  Configuration failed!
  DEL-6524-01#sh int gi1/2 capabilities
  GigabitEthernet1/2
    Model:                 ME-C6524GT-8S
    Type:                  10/100/1000BaseT
    Speed:                 10,100,1000,auto
    Duplex:                half,full
    Trunk encap. type:     802.1Q,ISL
    Trunk mode:            on,off,desirable,nonegotiate
    Channel:               yes
    Broadcast suppression: none
    Flowcontrol:           rx-(off,on,desired),tx-(off,on,desired)
    Membership:            static
    Fast Start:            yes
    QOS scheduling:        rx-(1q2t), tx-(1p3q8t)
    QOS queueing mode:     rx-(cos), tx-(cos)
    CoS rewrite:           yes
    ToS rewrite:           yes
    Inline power:          no
    Inline power policing: no
    SPAN:                  source/destination
    UDLD                   yes
    Link Debounce:         yes
    Link Debounce Time:    no
    Ports on ASIC:         1-12
    Remote switch uplink:  no
    Dot1x:                 yes
    Port-Security:         yes
  DEL-6524-01#sh int gi1/2
  GigabitEthernet1/2 is up, line protocol is up (connected)
    Hardware is C6k 1000Mb 802.3, address is 5475.d066.2936 (bia 5475.d066.2936)
    Description: SPECTRANET 70 Mbps Link from Delhi BSZ to Mumbai CST - 10.10.100.2
    Internet address is 10.10.100.2/30
    MTU 1500 bytes, BW 71680 Kbit, DLY 100 usec,
       reliability 255/255, txload 14/255, rxload 16/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, media type is 10/100/1000BaseT
    input flow-control is off, output flow-control is off
    Clock mode is auto
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters 3w6d
    Input queue: 0/75/3/3 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    30 second input rate 4760000 bits/sec, 3585 packets/sec
    30 second output rate 4122000 bits/sec, 3441 packets/sec
    L2 Switched: ucast: 1993601 pkt, 247523714 bytes - mcast: 1 pkt, 64 bytes
    L3 in Switched: ucast: 8796674958 pkt, 2056594112735 bytes - mcast: 0 pkt, 0 bytes mcast
    L3 out Switched: ucast: 9305831488 pkt, 2381278643432 bytes mcast: 0 pkt, 0 bytes
       8829433964 packets input, 2059985043121 bytes, 0 no buffer
       Received 40007 broadcasts (0 IP multicasts)
       0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
       0 watchdog, 0 multicast, 0 pause input
       0 input packets with dribble condition detected
       9341111134 packets output, 2384759833734 bytes, 0 underruns
       0 output errors, 0 collisions, 0 interface resets
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier, 0 PAUSE output
       0 output buffer failures, 0 output buffers swapped out
  DEL-6524-01#sh ip int gi1/2
  GigabitEthernet1/2 is up, line protocol is up
    Internet address is 10.10.100.2/30
    Broadcast address is 255.255.255.255
    Address determined by non-volatile memory
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound  access list is not set
    Proxy ARP is enabled
    Local Proxy ARP is disabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP Flow switching is disabled
    IP CEF switching is enabled
    IP CEF switching turbo vector
    IP Null turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast, CEF
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Probe proxy name replies are disabled
    Policy routing is disabled
    Network address translation is disabled
    BGP Policy Mapping is disabled
    Input features: Ingress-NetFlow
    Output features: IP Post Routing Processing, Post-Ingress-NetFlow, Egress-Netflow, HW Shortcut Installation
    Post encapsulation features: MTU Processing, IP Protocol Output Counter, IP Sendself Check, HW Shortcut Installation
    Sampled Netflow is disabled
    IP Routed Flow creation is enabled in netflow table
    IP Bridged Flow creation is disabled in netflow table
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
    IP multicast multilayer switching is disabled
  DEL-6524-01#sh version
  Cisco IOS Software, s6523_rp Software (s6523_rp-ADVIPSERVICESK9-M), Version 12.2(33)SXH7, RELEASE SOFTWARE (fc3)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2010 by Cisco Systems, Inc.
  Compiled Fri 12-Mar-10 04:46 by prod_rel_team
  ROM: System Bootstrap, Version 12.2(17r)SX3, RELEASE SOFTWARE (fc1)
   DEL-6524-01 uptime is 1 year, 12 weeks, 6 days, 4 hours, 5 minutes
  Uptime for this control processor is 1 year, 12 weeks, 6 days, 4 hours, 7 minutes
  Time since DEL-6524-01 switched to active is 1 year, 12 weeks, 6 days, 4 hours, 5 minutes
  System returned to ROM by  power cycle at 12:26:40 UTC Tue Oct 11 2011 (SP by power-on)
  System restarted at 17:18:48 IST Thu Jun 6 2013
  System image file is "sup-bootflash:s6523-advipservicesk9-mz.122-33.SXH7.bin"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco ME-C6524GT-8S (R7000) processor (revision 1.6) with 983040K/65536K bytes of memory.
  Processor board ID SAL1443XPW1
  R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
  Last reset from power-on
  1 Virtual Ethernet interface
  32 Gigabit Ethernet interfaces
  1915K bytes of non-volatile configuration memory.
  65536K bytes of Flash internal SIMM (Sector size 256K).
  Configuration register is 0x2102

  Hey Deepak,
  Regarding the error message, check the configuration guide for 12.2SX release. It looks like priority command is not supported under policy map. Check the following link:
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/qos.html#wp1581702
  HTH.
  Regards,
  RS.

• Prioritization within QoS queue possible?

  Our company runs QoS over an MPLS WAN, but I am personally new to the technology. Given that our provider only allows four queues (EF, AF31, AF21, and BE), we have configured four corresponding policies. This seems somewhat limiting, given the number of queues Cisco actually supports. Here's the question; Is it possible to further prioritize traffic within a given queue?
  Say for example, we want to place a certain traffic type within AF31, but we do not want to adversely impact other traffic within the queue. By the same token, we do not want to move either of these traffic types to EF. Can we control, in a more granular manner, prioritization within a respective queue? Any clarification you can provide would be greatly appreciated.

  As Laurent also describes, it's usually possible to fully manage congestion to MPLS (generally easy if you control the CE router). With MPLS, though, where the limitations of the provider's QoS model are most troublesome is upon MPLS cloud egress. It's possible to indirectly control this if you logically manage your MPLS cloud as you might with frame-relay or ATM. Unfortuanately, this is often impractical if you have more than a few nodes and have a logical mesh topology vs. hub and spoke.
  PS:
  Some MPLS providers allow you to select from various "profiles" of QoS model choices. This can be very helpful if traffic ratios vary between sites. Also, some MPLS vendor QoS models also provide support for different drop thresholds within some classes.

• High bridge domain (BD) utlization

  Hello,
  is there any way to know which brdige domain/P2P Xconnect is getting more utlizaiton or traffic.
  since many BD are sharing the same physical interface there is a need to know which BD is getting more of link bandwidh.
  Mohamed.

  Hi Mohammed,
  You can run mpls netflow on the core facing interface and based on the VC label you can figure out which pseudowire is getting lot of traffic.
  other way to check would be "sh l2vpn bridge-domain bd-name xxx detail" and look at the
  Statistics:
          packets: received 0, sent 0
          bytes: received 0, sent 0
  which will be cumbersome if you have lot of p2p in the network.
  HTH,
  Chander

• Can MPLS aware Netflow ver. 9 be enabled on the catalyst switches 6500

  HI, I'm working for KOREA TELECOM, and currently providing MPLS VPN.
  We're planning to provide our customer with traffic report using NetFlow..
  I read some documents which reads Netflow ver.9 can be enabled on Cisco GSR 12000 Series, but no mention about catalyst switches. So, I ' m curious about that Netflow ver 9 can be activated on catalyst 6500 series.. because the point where switch is located already have mpls encapsulated packet ( mpls vpn packet).
  Thank you , in advance.

  NetFlow is now integral to Cisco 6500. A configuration we recommend is as below:
  mls netflow     // This enables NetFlow on the Supervisor.
  mls nde sender version 7
  mls aging long 64  // This breaks up long-lived flows into (roughly) one-minute segments.
  mls aging normal 32  // This ensures that flows that have finished are exported in a timely manner.
  mls flow ip interface-full
  mls nde interface
  The  next two commands will help to enable NetFlow data export for  bridged  traffic which is optional. You can specify the list of VLANs  here to  enable bridged traffic.
  ip flow ingress layer2-switched vlan
  ip flow export layer2-switched vlan
  Apart from this, NetFlow has to be enabled on the MSFC using the below commands.
  ip flow egress       // This command has to be executed on all the L3/VLAN interfaces.
  ip flow-export destination {hostname|ip_address} 9996  // The hostname or IP address of the flow server
  ip flow-export source {interface} // The interface through which NetFlow packets are exported. eg: Loopback0
  ip flow-export version 9
  ip flow-cache timeout active 1
  snmp-server ifindex persist
  The new Cisco Flexible NetFlow actually allows for export of MPLS specific information (I believe it is stack lables) in addition to information on IP Address, port, etc. But you will need a tool that can support these additional fields. Otherwise you can view IP, port, protocol, etc related information from MPLS links.
  Regards,
  Don Thomas Jacob
  ManageEngine NetFlow Analyzer

• Netflow not reporting Egress traffic on 6509 Vlan

  Hi...
  We have a pair of 6509 working in a VSS configuration (IOS 12.2(33)SX5). The 6509s connect to a pair of ASAs (7.2 code) running in an Active/Standby setup. These ASAs in turn connect to routers going to remote sites. I have configured Netflow on the following VLANS,
  VLAN 10 - Servers Vlan
  VLAN 9 - Transit/ASA VLAN (connects ASAs to 6509s). All traffic originating from any VLAN on the 6509 crosses this VLAN in order to reach remote                 sites and vice versa
  I configured the netflow source VLAN 11 although I am not collecing any netflow from it.
  Although I have been getting lots of Netflow info, I noticed that netflow for traffic originating from any user VLAN on the 6509s going to any remote site via TRANSIT/ASA VLAN(9) does not get reported, I even tested with 4 GB traffic but no result. Only reverse traffic (i.e. from remote site to user VLAN) is reported as it traverses the Transit VLAN (9).
  I read somewhere that egress netflow is not supported in 6500, but isnt traffic originating from a user vlan to a remote site via the transit VLAN (9) considered ingress with respect to the transit VLAN (9)? 
  I would like to know whether bidirectional Netflow is supported on 6500 VLANS. I have mimimum control on routers beyond the ASAs, and since these ASAs run 7.2 code netflow is not supported, and Monitoring this Transit Vlan gives me extremely useful info.
  I do get netflow biderectional traffic from the Server Vlan 10, but I think it is correlated by the netflow collector from vlans 9 and 10
  Below is a show run | inc flow
  ip flow-cache timeout active 1
  ip flow ingress layer2-switched vlan 9,10
  mls netflow interface
  mls flow ip interface-full
  interface vlan 9
  ip flow ingress
  ip flow egress
  interface vla 10
  ip flow ingress
  ip flow egress
  ip flow-export source vlan11
  ip flow-export version 9
  ip flow-export destination 10.10.10.10 2055
  All help is appreciated.
  Thanks

  Hi,
  So if I want to capture traffic out only one specific interface is there any option to do that in catalyst 6500.
  If I made only that specific interface in another vlan and if under the interface vlan , I give "ip flow ingress" will this capture the outgoing traffic through the interface while it is doing intervlan routing. Also is it must to give ip address in that vlan interface ? Please clarify.

• Netflow on CRS (MPLS problem)

  Hi all,
  I have configured netflow on CRS platfom, but it seems it doesn't capture/export any mpls information(traffic) on mpls enabled interfaces. My configuration is:
  flow monitor-map xxxxxxx
   record mpls ipv4-fields
   exporter xxxxxxx
   cache entries 10000
   cache timeout active 30
   cache timeout inactive 15
  sampler-map xxxxxxx
   random 1 out-of 1500
  flow exporter-map xxxxxxx
   version v9
    options interface-table timeout 60
    options sampler-table timeout 60
    template timeout 60
    template data timeout 60
    template options timeout 60
   transport udp 9950
   source Loopback0
   destination xxxxxxx
  interface Bundle-Etherx.xx
   description test
   mtu 9200
   ipv4 mtu 9000
   ipv4 address x.x.x.x
   ipv6 mtu 9000
   ipv6 address x6.x6.x6.x6
   flow ipv6 monitor x6monitor sampler x ingress
   flow mpls monitor MPLSmonitor sampler x ingress
   dot1q vlan x
  This is show command for that interface:
  RP/0/RP0/CPU0:CN-Srce-00-RO#show flow monitor MPLSmonitor cache match interface ingress eq bundle-ether 1.155 location 0/7/CPU0
  Fri Aug 29 13:09:57.352 MET
  Cache summary for Flow Monitor CN-NetFlow-MPLSmonitor:
  Cache size:                          10000
  Current entries:                         0
  High Watermark:                       9500
  Flows added:                       3335609
  Flows not added:                         0
  Ager Polls:                       27241668
    - Active timeout                   65946
    - Inactive timeout               3244005
    - TCP FIN flag                     25658
    - Watermark aged                       0
    - Emergency aged                       0
    - Counter wrap aged                    0
    - Total                          3335609
  Periodic export:
    - Counter wrap                         0
    - TCP FIN flag                         0
  Flows exported                     3335609
  Matching entries:                        0
  I have also configured ipv4 and ipv6 monitor maps on few other interfaces and I can see netflow info of that type of traffic.
  Tnx for your help.
  Best regards,
  RJ.

  Hi Marcin,
  Unfortunately, if you try to sample an MPLS+IPv4 packet and only send the IPv4 part in the records, it's not possible with IOS-XR,
  Best Regards,
  N.

• MPLS-Aware Netflow support on some GSR Eth linecards

  Does anyone know if the following linecards will support MPLS-aware Netflow?
  The platform is a GSR 12410 with PRP-1 running IOS 12.0(32)SY1 (this release do sopport MPLS-Aware Netflow)
  * 4GE-SFP-LC 4 Port ISE Gigabit Ethernet
  * SPA-2X1GE 2-port Gigabit Ethernet Shared Port Adapter (on SIP-401)
  * SPA-8XE1FE-TX-V2 8-port Fast Ethernet TX Shared Port Adapter (on SIP-401)
  Which of those is considered as "Modular GE"? ("Modular GE" interfaces have some limitations in the feature MPLS-aware Netflow)
  Thanks in advance
  Gustavo Paz
  Systems Engineer at Softnet Logicalis

  Both the SIP -401 will support MPLS aware net flow as they support V9 except for the Gig ISE which I believe doesnt.
  Also find a Netflow Solutions Guide for Reference:
  http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html
  SIP 401 DataSheet
  http://www.cisco.com/en/US/products/hw/routers/ps167/products_data_sheet0900aecd80465682.html
  Gig ISE Data Sheet
  http://www.cisco.com/en/US/products/hw/routers/ps167/products_data_sheet0900aecd803f856f.html

• Egress NetFlow on 7600

  Is "ip flow egress" supported on this platform? Is it possible to collect bidir stats if Netflow configured as follows:
  interface vlan ...
  ip flow ingress
  ip flow egress

  Rather, it depends on the version of the IOS you're running:
  http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#wp1012951
  " If your router is running Cisco IOS release 12.2(14)S or a later release, or Cisco IOS Release 12.2(15)T or a later release, NetFlow accounting might be enabled through the use of the ip flow ingress command instead of the ip route-cache flow command.
  12.3(11)T
  The egress keyword was added."
  Unless there's new advances, I don't think you can apply both "ingress" and "egress" on the same interface. NetFlow is based on unidirectional flow records.

• NetFlow on MPLS PE

  Hi,
  I have a customer requiring NetFlow data sent to them from the PE router. Is there a way to enable NetFlow only for a specific VRF?

  Hi Carlos,
  Thanks a lot for the response. It is quite helpful. This doc describes a case in which NetFlow is sent to provider collector.
  I want the NetFlow source interface and destination collector address are in the same VPN so that it can be sent to the customer collector. Otherwise, because of IP address space overlapping, it's quite complex to 'NAT' addresses to get to the customer destination via the backbone netowrk.
  Thanks again.

• URGENT: QoS Design on Data Center MPLS - MediaNet Question...

  Hello,
  I am posting this in hopes I can get some guidance from anyone who has done this in the field.  We have a large enterprise customer with 21 sites all around the world, they have Verizon MPLS and are experiencing QoS related issues on their WAN regarding Video/Voice.  We have proposed remediating their network acccording to the Enterprise QoS SRND 3.3 and the new MediaNet SRND to account for Video and TP QoS (     
  http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html )
  Here is the problem/question that was proposed in our presales meeting and I honestly don't know where to look for an answer... I am not asking for anyone to design a solution for me, just merely point me in the right direction:
  The Data Center has a ~40MB MPLS Connection ( full mesh ) into the cloud ( Verizon )
  Site A has a 8MB connection
  Site B has a 4MB connection
  I know on the Service policy and the interfaces at SiteA and SiteB I can assign "Bandwidth xxxx" and use ~95% of the bandwidth to do queuing and shaping/policing ect.  I am not concerned with SiteA and SiteB, that I think I can handle...
  Question was posed from the customer, "How can we ensure at the DataCenter level the 40MB MPLS is "chopped" up so that only 8MB of the total speed goes to SiteA ALONG with an attached QoS policy designed for that specific site, as well as ensure only 4MB goes to SiteB with an attached QoS policy.
  So I am looking for a way to allocate bandwith per site on the DC 40MB connection going into the cloud ( so that SiteB cannot use more than 4MB ) and attach a MediaNet specific QoS Service policy to that site.  The customer does not have seperate MPLS circuits for each site, they all come into the DC on 40MB shared ethernet connection ( no VC, or dedicated circuits to other sites ). 
  Any thoughts on if this is possible? 
  Thanks!
  Alex

  This is an example I have seen and I hope that is useful to you.
  Site A
  Subnet: 172.16.1.0/24
  Site B
  Subnet:172.16.2.0/24
  HeadOffice:
  ip access-list extended Site_A
  permit ip any 172.16.1.0 0.0.0.255
  ip access-list extended Site_B
  permit ip any 172.16.2.0 0.0.0.255
  class-map match-any Site_A
  match access-group name Site_A
  class-map match-any Site_B
  match access-group name Site_B
  policy-map To_Spokes
  class Site_A
  shape average 8000000
  service-policy Sub_Policy(Optional)
  class Site_B
    shape average 4000000
    service-policy Sub_Policy(Optional)
  class class-default
    shape average 28000000
    service-policy Sub_Policy(Optional)
  Interface G0/0
  Description To MPLS cloud
  bandwidth 40000000
  service-policy output To_Spokes
  interface G0/1
    Description To HeadOffice
  bandwidth 40000000
  service-policy output To_Spokes
  It would be greatly appreciated if someone can correct this or improve it as I am still learning.
  Please see the netflow graph from one of our routers using a similar policy as above.