NetFlow on MPLS PE
Hi,
I have a customer requiring NetFlow data sent to them from the PE router. Is there a way to enable NetFlow only for a specific VRF?
Hi Carlos,
Thanks a lot for the response. It is quite helpful. This doc describes a case in which NetFlow is sent to provider collector.
I want the NetFlow source interface and destination collector address are in the same VPN so that it can be sent to the customer collector. Otherwise, because of IP address space overlapping, it's quite complex to 'NAT' addresses to get to the customer destination via the backbone netowrk.
Thanks again.
Similar Messages
-
Hi,
Anybody knows how to configure mpls netflow egress for a cisco router running 12.2(25)S service provider image ?
The following link says there is a restriction for it:
http://www.cisco.com/en/US/partner/products/ps6350/products_configuration_guide_chapter09186a00805e1253.html#wp1043334
The MPLS Egress NetFlow Accounting feature is not supported in Cisco IOS Release 12.2(25)S and later. Use the Egress NetFlow Accounting feature, which captures either IP or MPLS packets as they leave the router.
I haven't found out how to exactly configure this feature because the ip flow egress work is not working.
Anybody care to shed some light ?
Thanks in advance,
Luis RuedaNetflow was in ingress technology, in which the flows that were captured were flows that entered the interface. Flows leaving the interface were not captured. Also, it was an IP technology, hence non IP traffic were not captured.
With the introduction of MPLS VPN, traffic from remote PEs were recieved on the egress PE as labelled traffic. Hence, they were not captured by Netflow (Without MPLS, enabling netflow on the WAN interface of the egress PE would have allowed the traffic be captured).
MPLS Egress Netflow Accounting patched the situation above by allowing Netflow to capture the flow, when the mpls packet was untagged. This feature was introduced in 12.0(20)S. see
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_white_paper09186a00800b3d18.shtml
It is configured with the command mpls netflow egress
To make things better, they bettered the netflow technology and allowed it to captured egress traffic. With it capturing outgoing traffic, the mpls egress netflow feature was not needed again. Or to put it in another way, Egress Netflow Accounting, replaced MPLS Egress Netflow. See
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802d41ea.html
This is configured with the command
ip flow egress
For using these features, check your IOS properly and see which one it supports. I have succesfully used the MPLS Netflow Egress. -
I have followed all of the configuration steps given for egress accounting with netflow on a MPLS VPN link. However, it is only showing flows coming into the router. I need to be able to account both ways- any recommendations? Config below:
interface Multilink12
mtu 1580
ip address XX.XX.XX.XX 255.255.255.252
no ip redirects
no ip unreachables
ip pim sparse-mode
ip route-cache flow
mpls netflow egress
mpls label protocol ldp
mpls ip
ppp multilink
ppp multilink group 12
ip flow-export source FastEthernet0/0/0.10
ip flow-export version 5
ip flow-export destination XX.XX.XX.XX 9996
IP packet size distribution (10730093 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .098 .645 .011 .016 .012 .009 .010 .000 .001 .000 .001 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .002 .185 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
4 active, 65532 inactive, 464700 added
6109192 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 336520 bytes
0 active, 16384 inactive, 20706 added, 20706 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 7 0.0 20 233 0.0 7.0 11.3
TCP-FTP 3 0.0 1 40 0.0 0.4 1.6
TCP-WWW 5757 0.0 6 389 0.0 1.1 3.0
TCP-SMTP 7 0.0 1 40 0.0 0.7 1.6
TCP-X 244 0.0 1 54 0.0 0.0 1.5
TCP-other 304762 0.2 7 346 1.6 2.2 4.8
UDP-DNS 346 0.0 1 127 0.0 0.0 15.4
UDP-NTP 3323 0.0 1 80 0.0 0.0 15.4
UDP-other 131041 0.0 62 341 5.4 17.6 13.2
ICMP 64291 0.0 1 79 0.0 0.0 15.4
Total: 509781 0.3 21 341 7.1 5.9 8.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Mu12 10.50.66.218 Null 10.105.0.1 11 0675 00A1 84
Mu12 10.50.66.218 Null 10.105.19.10 11 0675 00A1 2
Mu12 10.50.66.218 Null 10.105.19.3 11 0675 00A1 4
Mu12 10.50.66.42 Null 10.105.19.10 06 0B3C 01BD 12Update on this- Im now receiving all traffic incoming into the interface, but am tracking only about 10% of the outgoing traffic- revised config below:
ip flow-cache timeout active 1
ip flow-cache mpls label-positions 1 2 3
ipv6 flow-cache mpls label-positions 1 2 3
interface Multilink12
mtu 1580
ip address XX.XX.XX.XX 255.255.255.252
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-mode
ip route-cache flow
mpls netflow egress
mpls label protocol ldp
mpls ip
ppp multilink
ppp multilink group 12
service-policy output cbwfq-voice20per
ip flow-export source FastEthernet0/0/0.10
ip flow-export version 9 origin-as
ip flow-export destination XX.XX.XX.XX 9996 -
Hi all,
I have configured netflow on CRS platfom, but it seems it doesn't capture/export any mpls information(traffic) on mpls enabled interfaces. My configuration is:
flow monitor-map xxxxxxx
record mpls ipv4-fields
exporter xxxxxxx
cache entries 10000
cache timeout active 30
cache timeout inactive 15
sampler-map xxxxxxx
random 1 out-of 1500
flow exporter-map xxxxxxx
version v9
options interface-table timeout 60
options sampler-table timeout 60
template timeout 60
template data timeout 60
template options timeout 60
transport udp 9950
source Loopback0
destination xxxxxxx
interface Bundle-Etherx.xx
description test
mtu 9200
ipv4 mtu 9000
ipv4 address x.x.x.x
ipv6 mtu 9000
ipv6 address x6.x6.x6.x6
flow ipv6 monitor x6monitor sampler x ingress
flow mpls monitor MPLSmonitor sampler x ingress
dot1q vlan x
This is show command for that interface:
RP/0/RP0/CPU0:CN-Srce-00-RO#show flow monitor MPLSmonitor cache match interface ingress eq bundle-ether 1.155 location 0/7/CPU0
Fri Aug 29 13:09:57.352 MET
Cache summary for Flow Monitor CN-NetFlow-MPLSmonitor:
Cache size: 10000
Current entries: 0
High Watermark: 9500
Flows added: 3335609
Flows not added: 0
Ager Polls: 27241668
- Active timeout 65946
- Inactive timeout 3244005
- TCP FIN flag 25658
- Watermark aged 0
- Emergency aged 0
- Counter wrap aged 0
- Total 3335609
Periodic export:
- Counter wrap 0
- TCP FIN flag 0
Flows exported 3335609
Matching entries: 0
I have also configured ipv4 and ipv6 monitor maps on few other interfaces and I can see netflow info of that type of traffic.
Tnx for your help.
Best regards,
RJ.Hi Marcin,
Unfortunately, if you try to sample an MPLS+IPv4 packet and only send the IPv4 part in the records, it's not possible with IOS-XR,
Best Regards,
N. -
MPLS-Aware Netflow support on some GSR Eth linecards
Does anyone know if the following linecards will support MPLS-aware Netflow?
The platform is a GSR 12410 with PRP-1 running IOS 12.0(32)SY1 (this release do sopport MPLS-Aware Netflow)
* 4GE-SFP-LC 4 Port ISE Gigabit Ethernet
* SPA-2X1GE 2-port Gigabit Ethernet Shared Port Adapter (on SIP-401)
* SPA-8XE1FE-TX-V2 8-port Fast Ethernet TX Shared Port Adapter (on SIP-401)
Which of those is considered as "Modular GE"? ("Modular GE" interfaces have some limitations in the feature MPLS-aware Netflow)
Thanks in advance
Gustavo Paz
Systems Engineer at Softnet LogicalisBoth the SIP -401 will support MPLS aware net flow as they support V9 except for the Gig ISE which I believe doesnt.
Also find a Netflow Solutions Guide for Reference:
http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html
SIP 401 DataSheet
http://www.cisco.com/en/US/products/hw/routers/ps167/products_data_sheet0900aecd80465682.html
Gig ISE Data Sheet
http://www.cisco.com/en/US/products/hw/routers/ps167/products_data_sheet0900aecd803f856f.html -
Can MPLS aware Netflow ver. 9 be enabled on the catalyst switches 6500
HI, I'm working for KOREA TELECOM, and currently providing MPLS VPN.
We're planning to provide our customer with traffic report using NetFlow..
I read some documents which reads Netflow ver.9 can be enabled on Cisco GSR 12000 Series, but no mention about catalyst switches. So, I ' m curious about that Netflow ver 9 can be activated on catalyst 6500 series.. because the point where switch is located already have mpls encapsulated packet ( mpls vpn packet).
Thank you , in advance.NetFlow is now integral to Cisco 6500. A configuration we recommend is as below:
mls netflow // This enables NetFlow on the Supervisor.
mls nde sender version 7
mls aging long 64 // This breaks up long-lived flows into (roughly) one-minute segments.
mls aging normal 32 // This ensures that flows that have finished are exported in a timely manner.
mls flow ip interface-full
mls nde interface
The next two commands will help to enable NetFlow data export for bridged traffic which is optional. You can specify the list of VLANs here to enable bridged traffic.
ip flow ingress layer2-switched vlan
ip flow export layer2-switched vlan
Apart from this, NetFlow has to be enabled on the MSFC using the below commands.
ip flow egress // This command has to be executed on all the L3/VLAN interfaces.
ip flow-export destination {hostname|ip_address} 9996 // The hostname or IP address of the flow server
ip flow-export source {interface} // The interface through which NetFlow packets are exported. eg: Loopback0
ip flow-export version 9
ip flow-cache timeout active 1
snmp-server ifindex persist
The new Cisco Flexible NetFlow actually allows for export of MPLS specific information (I believe it is stack lables) in addition to information on IP Address, port, etc. But you will need a tool that can support these additional fields. Otherwise you can view IP, port, protocol, etc related information from MPLS links.
Regards,
Don Thomas Jacob
ManageEngine NetFlow Analyzer -
URGENT: QoS Design on Data Center MPLS - MediaNet Question...
Hello,
I am posting this in hopes I can get some guidance from anyone who has done this in the field. We have a large enterprise customer with 21 sites all around the world, they have Verizon MPLS and are experiencing QoS related issues on their WAN regarding Video/Voice. We have proposed remediating their network acccording to the Enterprise QoS SRND 3.3 and the new MediaNet SRND to account for Video and TP QoS (
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html )
Here is the problem/question that was proposed in our presales meeting and I honestly don't know where to look for an answer... I am not asking for anyone to design a solution for me, just merely point me in the right direction:
The Data Center has a ~40MB MPLS Connection ( full mesh ) into the cloud ( Verizon )
Site A has a 8MB connection
Site B has a 4MB connection
I know on the Service policy and the interfaces at SiteA and SiteB I can assign "Bandwidth xxxx" and use ~95% of the bandwidth to do queuing and shaping/policing ect. I am not concerned with SiteA and SiteB, that I think I can handle...
Question was posed from the customer, "How can we ensure at the DataCenter level the 40MB MPLS is "chopped" up so that only 8MB of the total speed goes to SiteA ALONG with an attached QoS policy designed for that specific site, as well as ensure only 4MB goes to SiteB with an attached QoS policy.
So I am looking for a way to allocate bandwith per site on the DC 40MB connection going into the cloud ( so that SiteB cannot use more than 4MB ) and attach a MediaNet specific QoS Service policy to that site. The customer does not have seperate MPLS circuits for each site, they all come into the DC on 40MB shared ethernet connection ( no VC, or dedicated circuits to other sites ).
Any thoughts on if this is possible?
Thanks!
AlexThis is an example I have seen and I hope that is useful to you.
Site A
Subnet: 172.16.1.0/24
Site B
Subnet:172.16.2.0/24
HeadOffice:
ip access-list extended Site_A
permit ip any 172.16.1.0 0.0.0.255
ip access-list extended Site_B
permit ip any 172.16.2.0 0.0.0.255
class-map match-any Site_A
match access-group name Site_A
class-map match-any Site_B
match access-group name Site_B
policy-map To_Spokes
class Site_A
shape average 8000000
service-policy Sub_Policy(Optional)
class Site_B
shape average 4000000
service-policy Sub_Policy(Optional)
class class-default
shape average 28000000
service-policy Sub_Policy(Optional)
Interface G0/0
Description To MPLS cloud
bandwidth 40000000
service-policy output To_Spokes
interface G0/1
Description To HeadOffice
bandwidth 40000000
service-policy output To_Spokes
It would be greatly appreciated if someone can correct this or improve it as I am still learning.
Please see the netflow graph from one of our routers using a similar policy as above. -
Mars with Netflow on Interface VRF (on Router)
Mars is collecting Netflow information from Interface VRF on Router, my question is that whether Mars will see the traffic inside of the VRF or not, or it will see only netflow traffic on Global routing (core MPLS devices).
This router is PE, and connected to CE (Customer's device).
interface GigabitEthernet5/2
ip vrf forwarding ktb
ip address 10.0.1.210 255.255.255.252
ip flow ingress
ip flow-export version 5
ip flow-export destination 10.1.50.103 2055Refer to the document Top Issues for the Cisco Security Monitoring, Analysis, and Response System for more information
http://www.cisco.com/en/US/products/ps6241/prod_troubleshooting_guide09186a008062f36e.html -
SLA monitoring of MPLS service
Hi Guys..we have MPLS links to about 5 offices around the globe, Bandwidth is around 2 mb across all links, managed by a single ISP. Now we have had various outages recently and we do not have transparency of the average bandwidth. The ISP has his own portal but it doesn't work when needed the most. They have an option where we can pay for getting SNMP feeds but there is no provisioning for capturing Netflow. I guess thay use that for their own portal purposes.
The routers at the CPE side (our side), are managed by the ISP.
What tools/applications I can use on my side to maintain visibility over the MPLS links provided to us?Hi,
You can make use of the "IP SLA" features between your CPE devices. Though CPE's are connected via MPLS VPN network the enterprise network (your network)is actually unaware of MPLS technology and all you need for IP SLA to work is the ip reachability between devices. CPE to CPE "IP SLA" can be configured which will give you lot of informations that can be gathered. It also has MIB and OID values associated with it. So you can use a free network monitoring tool with OID values so that you can even view the pictorial presentation of your network uptime and lot of performance parameters (jitter, packet loss, latency, etc.)
You can get some insight to "IP SLA":
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6602/prod_presentation0900aecd8047bab5.pdf
HTH.. Pls rate if useful..
cheers
Arun Kumar -
7600 as Backbone router for MPLS core
I have 7600's and 7500's in my backbone and 7200's on the edge. My question is that when I look at the feature navigator the 7600 with Sup 720 is missing a lot of basic features required to be a core router of an MPLS Backbone. Features like Traffic engineering fast reroute, MPLS enabled Netflow are missing on this platform, is this platform not a good candidate to be a Backbone router for a service provider offering MPLS services??? 7500 on the other hand it seems 7500 seems to have support for the MPLS related features.
Not sure what version you where looking at but...
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(18)SXF, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Sat 10-Sep-05 01:18 by ccai
Image text-base: 0x40101040, data-base: 0x42D60000
ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)
BOOTLDR: s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(18)SXF, RELEASE SOFTWARE (fc1)
CASAN_Core1 uptime is 1 week, 4 hours, 9 minutes
Time since CASAN_Core1 switched to active is 1 week, 4 hours, 8 minutes
System returned to ROM by power cycle (SP by power on)
System image file is "disk0:s72033-advipservicesk9_wan-mz.122-18.SXF.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco CISCO7609 (R7000) processor (revision 1.1) with 983008K/65536K bytes of memory.
Processor board ID FOX092307Q5
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from power-on
SuperLAT software (copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
Bridging software.
TN3270 Emulation software.
1 SIP-200 controller .
1 Virtual Ethernet/IEEE 802.3 interface
74 Gigabit Ethernet/IEEE 802.3 interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
CASAN_Core1#
CASAN_Core1(config)#mpls traffic-eng ?
auto-bw auto-bw parameters
fast-reroute fast-reroute parameters
link-management Link Management configuration
logging Trap logging configuration
path-selection Path Selection Configuration
reoptimize Reoptimization parameters
signalling Traffic Engineering Signalling Parameters
topology Topology Database Configuration
tunnels Traffic Engineering tunnels -
Folks,
We currently have MPLS backbone comprised of about 12 routers in the core. We could like to implement support for IPV6. Has anyone implemented this in their MPLS network yet. I know very few providers have deployed ipv6 support on their MPLS network. Could someone point out areas I should be focussing on to make this happen?
Thanks,
ParwalI appreciate your response to my questions. I had another question for you. I will surely rate this post.
I have 7600's and 7500's in my backbone and 7200's on the edge. My question is that when look at the feature navigator the 7600 with Sup 720 is missing a of basic features required to be a core router of an MPLS Backbone. Features like Traffic engineering fast reroute, MPLS enabled Netflow and missing for this platform, is this platform not a good candidate to be a Backbone router of a service provider offering MPLS services??? 7500 on the other hand seems to have support for the MPLS related features. Please give me your advice, i would highly appreciate it. -
This is driving me insane, it's not a difficult problem, I have a loopback in the VRF on both cores, configurations were copy and pasted to ensure they were identical, BGP peer's are up, redistribution is working fine, but I cannot ping between the loopbacks!
I have 2 6509's, connected with a 802.1q trunk
Configuration:
ip vrf Testing
rd 111:1
route-target both 111:1
int vlan 400
ip address 10.65.65.2 255.255.255.0
mpls ip
int loopback 0
ip address 10.65.64.255
router eigrp 64
no auto-summary
network 10.0.0.0 0.31.255.255
network 10.32.0.0 0.15.255.255
network 10.48.0.0 0.7.255.255
network 10.64.0.0 0.63.255.255
network 10.128.0.0 0.127.255.255
address-family ipv4 vrf Testing
no auto-summary
network 10.0.0.0 0.31.255.255
network 10.32.0.0 0.15.255.255
network 10.48.0.0 0.7.255.255
network 10.64.0.0 0.63.255.255
network 10.128.0.0 0.127.255.255
default-metric 10000 100 255 1 1500
autonomous 111
redistribute bgp 65064
router bgp 65064
no auto-summ
no synch
network 0.0.0.0
neighbor R peer-group
neighbor R remote-as 65064
neighbor R update-source loop 0
neighbor 10.65.64.254 peer-group R
address-family vpnv4
neighbor 10.65.64.254 peer-group R
neighbor R send-community both
address-family ipv4 vrf Testing
no auto-summ
no synch
redistribute eigrp 111
int loopback 99
ip vrf forward Testing
ip address 10.111.1.1 255.255.255.0
Router 1:
show ip bgp neighbor:
BGP neighbor is 10.65.64.254, remote AS 65064, internal link
Member of peer-group R for session parameters
BGP version 4, remote router ID 10.65.64.254
BGP state = Established, up for 03:36:33
For address family: VPNv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
R peer-group member
Community attribute sent to this neighbor
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 2 1 (Consumes 68 bytes)
show ip route vrf Testing:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C 10.111.2.0 is directly connected, Loopback99
C 10.111.22.0 is directly connected, Loopback98
B 10.111.1.0 [200/0] via 10.65.64.254, 03:38:30
show mpls ldp neigh:
Peer LDP Ident: 10.65.64.254:0; Local LDP Ident 10.65.64.255:0
TCP connection: 10.65.64.254.646 - 10.65.64.255.36970
State: Oper; Msgs sent/rcvd: 793/795; Downstream
Up time: 02:12:39
LDP discovery sources:
Vlan400, Src IP addr: 10.65.65.3
Router 2:
show ip bgp neighbor:
BGP neighbor is 10.65.64.255, remote AS 65064, internal link
Member of peer-group R for session parameters
BGP version 4, remote router ID 10.65.64.255
BGP state = Established, up for 03:39:34
For address family: VPNv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
R peer-group member
Community attribute sent to this neighbor
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 1 2 (Consumes 136 bytes)
Prefixes Total: 1 3
Implicit Withdraw: 0 1
Explicit Withdraw: 0 0
Used as bestpath: n/a 2
Used as multipath: n/a 0
show ip route vrf Testing:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
B 10.111.2.0 [200/0] via 10.65.64.255, 03:41:22
B 10.111.22.0 [200/0] via 10.65.64.255, 02:35:31
C 10.111.1.0 is directly connected, Loopback99
From router 2:
R2#ping vrf Testing 10.111.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.111.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R2#ping vrf Testing 10.111.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.111.2.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)Thanks for the reply, even with specifying a source address within the VRF I am unable to successfully ping.
R1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 111:1 (Testing)
10.111.1.0/24 10.65.64.254 nolabel/26
10.111.2.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
10.111.22.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
The forwarding detail is actually a large output (several hundred interfaces active on this router), so I grabbed the Testing VRF and a random label:
26 Pop Label IPv4 VRF[V] 0 aggregate/Testing
MAC/Encaps=0/0, MRU=0, Label Stack{}
VPN route: Testing
No output feature configured
31 No Label 10.6.16.0/24 0 Po1 10.64.1.254
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 0 4 8 12
No Label 10.6.16.0/24 0 Vl488 10.66.80.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 1 5 9 13
No Label 10.6.16.0/24 0 Vl493 10.66.85.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 2 6 10 14
No Label 10.6.16.0/24 0 Vl505 10.66.97.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 3 7 11 15
R1#show mpls int detail
Interface Vlan400:
IP labeling enabled (ldp)
LSP Tunnel labeling not enabled
BGP labeling not enabled
MPLS operational
MTU = 1500
R1#show ip cef vrf Testing 10.111.1.1 detail
10.111.1.0/24, epoch 3, flags rib defined all labels
NetFlow: Origin AS 0, Peer AS 0, Mask Bits 24
recursive via 10.65.64.254 label 26
nexthop 10.64.1.254 Port-channel1 unusable: no label
R2#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 111:1 (Testing)
10.111.1.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
10.111.2.0/24 10.65.64.255 nolabel/26
10.111.22.0/24 10.65.64.255 nolabel/26
26 Pop Label IPv4 VRF[V] 0 aggregate/Testing
MAC/Encaps=0/0, MRU=0, Label Stack{}
VPN route: Testing
No output feature configured
37 No Label 10.6.124.0/24 0 Se7/1/1 point2point
MAC/Encaps=4/4, MRU=4474, Label Stack{}
0F000800
No output feature configured
R2#show mpls int detail
Interface Vlan400:
IP labeling enabled (ldp)
LSP Tunnel labeling not enabled
BGP labeling not enabled
MPLS operational
MTU = 1500
R2#show ip cef vrf Testing 10.111.2.1 detail
10.111.2.0/24, epoch 5, flags rib defined all labels
NetFlow: Origin AS 0, Peer AS 0, Mask Bits 24
recursive via 10.65.64.255 label 26
nexthop 10.64.1.253 Port-channel1 unusable: no label -
Hi there,
I would like to know, is there any features on cisco router to view mpls/vpn packet swapping here and there at P,PE or CE routers especially in service provider networks just like "sh ip cache flow" ?
thanks in advance.
maherMPLS-aware NetFlow should provide you with this functionality. For more information, please refer to the following link:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1829/products_feature_guide09186a008012dc80.html
Hope this helps, -
Hi
We are implementing DDoS solution in our network and the netflow protocol is lunch on core routers - the CRS-3
I've got the folloing monitor-map:
flow monitor-map arbor-ddos-mpls
record mpls ipv4-fields
exporter arbor-ddos
cache timeout active 30
cache timeout inactive 15
The point is that CRS-3 is sending netflow record to DDoS system ( arbor) with the records from MPLS VPN service.
I would like to filter force CRS-3 to not to send this MPLS VPN netflow information.
is there any chance to do it ? I was thinking about :
record mpls ipv4-fields labels 1
but is it only for labels to be used for hashing
I would be appreciated for any help
Kind Regards
MarcinHi Marcin,
Unfortunately, if you try to sample an MPLS+IPv4 packet and only send the IPv4 part in the records, it's not possible with IOS-XR,
Best Regards,
N. -
Netflow on P interface/routers
Hi experts,
I am trying to enable Netflow on P routers (STM1 links, XTAG interfaces), I can just see minute ldp, snmp & ntp traffic. Is it possible to see all applications traffic on these interfaces like normal IP interfaces?
More ever can someone help how to monitor the link utilization on these interfaces? I tried to use few snmp based tools but no success.
Regards,Check MPLS aware Netflow in the followink
http://www.cisco.com/en/US/docs/ios/12_4/netflow/configuration/guide/onf_dmnf.html
SNMP can be used to monitor the utilisation of the interfaces on P routers. The fact that MPLS is enabled on these interfaces does not affect the operation of MPLS.
Maybe you are looking for
-
Index in .chm file is incorrect
Hi, I'm using RoboHelp X5 with Windows XP SP3. I have an index that is correct in RoboHelp but not in the .chm file. In RoboHelp, I have General Ledger as a keyword and several sub-keywords. However, in the .chm file, the sub-keywords show up under G
-
Is there a completely reliable method of adding months to a date in ABAP?
Does anyone know of a completely reliable and consistent ABAP function module that can be used to add months to a date. One that will always get the correct last day of the month when requested to add 1 month to the last day of the previous month.
-
How do I move a spreadsheet from Numbers 2.1 to Numbers 3.5?
I have some spreadsheets in the old iWorks Numbers which is 2.1 that I want to change to Numbers 3.5. How?
-
Parsing later version PDF documents for page count
We send a large number of contracts in PDF format to an EDI application and need to know the page count in advance. We currently use a perl script to parse the PDF files for the following: 1 0 obj << /Type /Pages /Kids [ 13 0 R 16 0 R /Count 2 >> end
-
Problem importing new PG to mds location
Hi, I have designed new page and placed it at /oracle/apps/per/selfservice/appriasals/webui and ran the XML importer script. But when I navigate to page its saying page not found error. when I print document using jdr_utils.printDocument its showing