ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[inet-admins] Flow export



  Коллеги, кто-нибудь сталкивался с подобной проблемой?

Есть две cisco 7505 и 3640, есть два сервера A(FreeBSD) и B(Linux).
(есть еще cisco 4000, но это не принципиально). Соединено все это так

c7505      c3640
  |          |        y.y.y.0/24
----------------------
                |
              c4000
                |     x.x.x.0/24
-----------------------
  |         |
host A     host B

на с7505 и с3640 поднят ip flow-export dest hostA.
На hostA это ловится NeTraMet-ом.
Все работает, все замечательно.

Возникла  необходимость перенести сбор на hostB.
Тут начались чудеса. На c7505 смена  ip flow-export dest hostB
прошла нормально (до hostB долетают udp-пакеты и он их успешно ловит)
А вот на с3640 смена  ip flow-export dest hostB привела к тому, что
udp-пакеты просто не долетают до hostB. Они не пролетают даже через
c4000. Пробовал на с3640 clear всего чего можно, даже reload не помог.
При этом sh ip flow export показывает, что испровно выплевывает
пакеты.

Попробовал на c3640  востановить ip flow-export dest hostA и при этом
убрал с hostA его ip-адрес и прописал его на hostB. При этом на hostB
стали сыпаться какое-то время (~5мин) пакеты. А потом снова перестали.
Такое ощущение, что hostB каким-то образом активно давит передачу
пакетов с netflow на него.

У кого какие идеи? может кто-то уже наступал на это?

sh ver и sh ip flow export с обеих цисок  ниже

--- с7505 ---------------
sh ver
Cisco Internetwork Operating System Software 
IOS (tm) RSP Software (RSP-JSV-M), Version 12.1(7), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Fri 23-Feb-01 04:47 by kellythw
Image text-base: 0x60010958, data-base: 0x61442000

ROM: System Bootstrap, Version 5.3.2(3.2) [kmac 3.2], MAINTENANCE INTERIM SOFTWARE
BOOTFLASH: GS Bootstrap Software (RSP-BOOT-M), Version 11.0(4.5), MAINTENANCE INTERIM SOFTWARE

MSK-M9-1 uptime is 6 days, 18 hours, 3 minutes
System returned to ROM by power-on
System restarted at 18:59:47 MSK Fri Jun 22 2001
System image file is "slot1:rsp-jsv-mz.121-7.bin"

cisco RSP1 (R4600) processor with 131072K/2072K bytes of memory.
R4600 CPU at 100Mhz, Implementation 32, Rev 2.0
Last reset from power-on
G.703/E1 software, Version 1.0.
G.703/JT2 software, Version 1.0.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
Bridging software.
TN3270 Emulation software.
Chassis Interface.
1 EIP controller (4 Ethernet).
1 FSIP controller (8 Serial).
1 AIP controller (1 ATM).
4 Ethernet/IEEE 802.3 interface(s)
8 Serial network interface(s)
1 ATM network interface(s)
125K bytes of non-volatile configuration memory.

8192K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).
20480K bytes of Flash PCMCIA card at slot 1 (Sector size 128K).
8192K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102

sh ip flow export
Flow export is enabled
  Exporting flows to x.x.x.192 (3025)
  Exporting using source IP address y.y.y.143
  Version 5 flow records
  19163477 flows exported in 640364 udp datagrams
  0 flows failed due to lack of export packet
  3 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
  0 export packets were dropped enqueuing for the RP
  0 export packets were dropped due to IPC rate limiting

--- с3640 ---------------

sh ver
Cisco Internetwork Operating System Software 
IOS (tm) 3600 Software (C3640-IS-M), Version 12.1(5)T4,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Fri 02-Feb-01 03:31 by ccai
Image text-base: 0x60008950, data-base: 0x61140000

ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
ROM: 3600 Software (C3640-IS-M), Version 12.1(5)T4,  RELEASE SOFTWARE (fc1)

tcss-2 uptime is 17 hours, 43 minutes
System returned to ROM by reload at 19:21:45 MSD Thu Jun 28 2001
System restarted at 19:22:55 MSD Thu Jun 28 2001
System image file is "flash:c3640-is-mz.121-5.T4.bin"

cisco 3640 (R4700) processor (revision 0x00) with 125952K/5120K bytes of memory.
Processor board ID 24364910
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
2 FastEthernet/IEEE 802.3 interface(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102


tcss-2#sh ip flow export
Flow export is enabled
  Exporting flows to x.x.x.65 (2055)
  Exporting using source IP address y.y.y.115
  Version 5 flow records
  17009943 flows exported in 573436 udp datagrams
  0 flows failed due to lack of export packet
  43915 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures

-----------------------------------------------






-- 
Best regards,
  Sergey Zorin           mailto:zorin@iip.net
  NOC IIP-Net         phone: +7 095  137 3104
  SZ563, SZ563-RIPN


=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on http://info.east.ru/rus/inetadm.html



 




Copyright © Lexa Software, 1996-2009.