NetFlow

This chapter describes how to identify and resolve problems that relate to NetFlow and includes the following sections:

Information About NetFlow

NetFlow allows you to evaluate IP traffic and understand how and where it flows. NetFlow gathers data that can be used in accounting, network monitoring, and network planning.

A flow is a one-directional stream of packets that arrives on a source interface (or subinterface), matching a set of criteria. You create a flow using a flow record to define the criteria for your flow. All criteria must match for the packet to count in the given flow. Flows are stored in the NetFlow cache. Flow information tells you the following:

  • The source address tells you who is originating the traffic.
  • The destination address tells you who is receiving the traffic.
  • Ports characterize the application using the traffic.
  • Class of service (CoS) examines the priority of the traffic.
  • The device interface tells how traffic is being used by the network device.
  • Tallied packets and bytes show the amount of traffic.

A flow record defines the information that NetFlow gathers, such as packets in the flow and the types of counters gathered per flow. You can define new flow records or use the predefined Cisco Nexus 1000V flow records.

For detailed information about configuring NetFlow, see the Cisco Nexus 1000V System Management Configuration Guide.

NetFlow Troubleshooting Commands

Use the following commands to collect information about NetFlow process runtime configuration errors.

  • show flow internal event-history errors

Displays event history errors.

  • show flow internal event-history msgs

Displays event history messages.

  • show flow internal ddb b
  • show flow internal mem-stats

Displays flow memory statistics to debug memory usage and leaks.

  • debug logfile filename—

Redirects the output of the following debug commands to a file stored in bootflash.

blank.gif debug nfm all

blank.gif vemlog debug sfnetflow_cache all

blank.gif vemlog debug sfnetflow_config all

blank.gif vemlog debug sfnetflow_flowapi all

Enables NetFlow debugging for policy installation on the Virtual Ethernet Module (VEM). Debug messages are printed for every PDL session open, verify, and commit requests that come from the DPA.

  • vemlog debug sfnetflow_flowmon all
  • vemlog debug sfnetflow_ager all
  • vemlog debug sfnetflow all

Enables packet path debugging for NetFlow policies on the VEM. Debug messages are printed for every packet that hits a NetFlow policy. Use this command with caution. High traffic could result in lot of debug messages.

  • vemcmd show netflow monitor

Prints the monitor configuration.

  • vemcmd show netflow interface

Prints the interface configuration

  • vemcmd show netflow stats

Prints the tracked configuration failures.

The above VEM commands (vemlog and vemcmd) are accessible on the VEM. These commands can be executed from the VSM by preceding them with

module vem vem-number execute

For example:

VSM command: module vem 4 execute vemcmd show netflow monitor

VEM command: vemcmd show netflow monito r

  • show flow internal pdl detailed

Displays internal flow details.

Common NetFlow Problems

Common NetFlow configuration problems on the VSM can occur if you attempt to do the following:

  • Use undefined records, exporters, samplers, or monitors.
  • Use invalid records, exporters, samplers, or monitors.
  • Modify records, exporters, samplers, or monitors after they are applied to an interface.
  • Configure a monitor on an interface that causes the VEM to run out of memory and results in a verification error.
  • Use NetFlow in a port channel. NetFlow is not supported in port channels.
  • Configure a monitor at multiple levels of a port-profile inheritance tree.

In addition, a configuration error can occur if there is a mismatch between the UDP port configured on the exporter and the port NetFlow Collector has listening turned on. A solution is to provide the version number of the original command to clear the configuration and then reattempt the command.

Debugging a Policy Verification Error

You can debug a policy verification failure due to some processing on the VSM.

Step 1blank.gif Enter the debug nfm all command.

Step 2blank.gif Save the Telnet SSH session buffer to a file.

Step 3blank.gif Enter the ip flow mon monitor name direction command.

The command executes once again and the debug traces are output to the console.

 

You can also use the policy verification procedure to collect logs for operations such as defining a flow record or tracing exporter functionality.

Debugging Statistics Export

When debugging a NetFlow statistics export problem, follow these guidelines:

  • Ensure that the destination IP address is reachable from the VEMs and VSM.
  • Ensure that the UDP port configured on the exporter matches that used by the NetFlow Collector.
  • View statistics for the exporter and identify any drops by entering the show flow exporter command.