Guest

Cisco IOS Software Releases 12.0 S

MPLS Egress NetFlow Accounting

  • Viewing Options

  • PDF (274.5 KB)
  • Feedback
MPLS Egress NetFlow Accounting

Table Of Contents

MPLS Egress NetFlow Accounting

Feature Overview

Benefits

Restrictions

Related Features and Technologies

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Enabling MPLS Egress NetFlow Accounting

Configuring NetFlow Aggregation Cache

Troubleshooting Tips

Verifying MPLS Egress NetFlow Accounting Configuration

Monitoring and Maintaining MPLS Egress NetFlow Accounting

Configuration Examples

Command Reference

mpls netflow egress

Debug Commands

debug mpls netflow

show mpls forwarding-table

show mpls interfaces

Glossary


MPLS Egress NetFlow Accounting


Feature History

Release
Modification

12.0(10)ST

This feature was introduced.

12.1(5)T

This feature was integrated into Cisco IOS Release 12.1(5)T.

12.0(22)S

This feature was integrated into Cisco IOS Release 12.0(22)S.


This document describes the Cisco multiprotocol label switching (MPLS) egress NetFlow accounting feature. It identifies the supported platforms, provides configuration examples, and lists related IOS command line interface (CLI) commands.

This document includes the following major sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Monitoring and Maintaining MPLS Egress NetFlow Accounting

Configuration Examples

Command Reference

Debug Commands

Glossary

Feature Overview

The MPLS egress NetFlow accounting feature allows you to capture Internet Protocol (IP) flow information for packets undergoing MPLS label disposition; that is, packets that arrive on a router as MPLS and are transmitted as IP.

Previously, you captured NetFlow data only for flows that arrived on the packet in IP format. When an edge router performed MPLS label imposition (received an IP packet and transmitted it as an MPLS packet), NetFlow data was captured when the packet entered the network. Inside the network, the packet was switched based only on MPLS information, and thus NetFlow information was not captured until after the last label was removed.

One common application of the MPLS egress NetFlow accounting feature allows you to capture the MPLS virtual private network (VPN) IP flows that are traveling from one site of a VPN to another site of the same VPN through the service provider backbone.

Formerly, you captured flows only for IP packets on the ingress interface of a router. You could not capture flows for MPLS encapsulated frames, which were switched through Cisco Express Forwarding (CEF) from the input port. Therefore, in an MPLS VPN environment you captured flow information as packets were received from a customer edge (CE) router and forwarded to the backbone. However, you could not capture flow information as packets were transmitted to a CE router because those packets were received as MPLS frames.

The MPLS egress NetFlow accounting feature lets you capture the flows on the outgoing interfaces.

Figure 1 shows a sample topology. To capture the flow of traffic going to site 2 of VPN 1 from any remote VPN 1 sites, you enable MPLS egress NetFlow accounting on link PE2-CE5 of provider edge router PE2. The flows are stored in a global flow cache maintained by the router. You can use the show ip cache flow command or other aggregation flow commands to view the egress flow data.

Figure 1 Provider and Customer Networks with MPLS Egress NetFlow Accounting

The PE routers export the captured flows to the configured collector devices in the provider network. The NetFlow Analyzer or the VPN solution center (VPN-SC) application collects this information and computes and displays site-to-site VPN traffic statistics.

Benefits

Enhanced Network Monitoring for Complete Billing Solution

You can now capture flows on the egress and ingress router interfaces to provide complete end-to-end usage information on network traffic. The accounting server uses the collected data for various levels of aggregation for accounting reports and application programming interface (API) accounting information, thus providing a complete billing solution.

More Accurate Accounting Statistics

NetFlow data statistics now account for all the packets that are dropped in the core of the service provider network, thus providing more accurate traffic statistics and patterns.

Restrictions

Capturing Flows from Sites that Connect to the Same PE Router

The captured egress flows must originate from a different site of the same VPN, but they cannot connect to the same PE router. If both source and destination VPN sites are connected to the same PE router, the MPLS egress NetFlow accounting feature does not capture these flows unless the source and destination sites are connected to the PE router by separate physical interfaces. In this case, you can capture these flows by enabling ingress NetFlow on the incoming CE-PE link of the PE router. As shown in Figure 1, traffic from site 3 (VPN1 destined for site 2) is captured by an ingress NetFlow enabled on the PE2-CE3 link of PE2. If the source and destination sites are connected by the same physical interface, this feature will not capture the intended flow statistics.

Memory Impact

During times of heavy traffic, the additional flows can fill up the global flow hash table. If you need to increase the size of the global flow hash table, increase the memory of the router.

Performance Impact

MPLS egress NetFlow accounting might adversely affect network performance because of the additional accounting-related computation that occurs in the traffic-forwarding path of the router.

Related Features and Technologies

The MPLS egress NetFlow accounting feature is related to the MPLS VPNs and the NetFlow aggregation features. (See the section on "Related Documents.")

Related Documents

The following documents provide additional information:

Cisco IOS Switching Services Configuration Guide

Cisco IOS Switching Services Command Reference

Introduction to Cisco MPLS VPN Technology

NetFlow Aggregation


Note Prior to this feature, NetFlow referred to the ingress router interface only.


Supported Platforms

The MPLS egress NetFlow accounting feature supports the MPLS image on the following platforms:

Cisco 3600 series routers

Cisco 4000 series routers

Cisco 7200 series routers

Cisco 7500 series routers

Cisco 12000 series Gigabit Switch Router (GSR)

Engine 0: 4-port OC-3 POS and 1-port OC-12 POS

Determining Platform Support Through Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Availability of Cisco IOS Software Images

Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.

Supported Standards, MIBs, and RFCs

Standards

The MPLS egress NetFlow accounting feature supports no new or modified standards.

MIBs

The MPLS egress NetFlow accounting feature supports no new or modified MIBs.

For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

RFCs

RFC 1163 (Border Gateway Protocol (BGP))

RFC 1340 (assigned numbers)

RFC 1918 (address allocation for private internets)

RFC 2547 (BGP/MPLS VPNs)

Prerequisites

The network must support the following Cisco IOS features before you enable the MPLS egress NetFlow accounting feature:

Multiprotocol label switching (MPLS)

IP Cisco Express Forwarding (CEF)

Configuration Tasks

The configuration tasks for the MPLS egress NetFlow accounting feature are as follows:

Enabling MPLS Egress NetFlow Accounting (Required)

Configuring NetFlow Aggregation Cache (Optional)

Enabling MPLS Egress NetFlow Accounting

Command
Purpose

Router(config-if)# mpls netflow egress

Enables MPLS egress NetFlow accounting on the egress router interface.

Configuring NetFlow Aggregation Cache

Command
Purpose

Router(config)# ip flow-aggregation cache as | destination-prefix | prefix | protocol-port | source-prefix

Enters aggregation cache configuration mode and enables an aggregation cache scheme (as, destination-prefix, prefix, protocol-port, or source-prefix).

For more information on NetFlow aggregation, see the "Related Documents" section.

Troubleshooting Tips

Use the following commands for troubleshooting the MPLS egress NetFlow accounting feature:

Command
Purpose

Router# show mpls forwarding-table detail

Shows detailed MPLS forwarding-table entries. The output has been modified to show if MPLS egress NetFlow accounting is applied to packets destined to an entry. This is for debugging purposes only.

Router# show mpls interfaces internal all

Displays detailed information about all of the MPLS interfaces in the router. The output has been modified to show if MPLS egress NetFlow accounting is enabled on the interface. This is for debugging purposes only.



Note For additional information, see the "Debug Commands" section.


Verifying MPLS Egress NetFlow Accounting Configuration

To verify MPLS egress NetFlow accounting configuration, use this procedure:


Step 1 Enter the show ip cache flow command to display a summary of NetFlow switching statistics.


Note This is an existing command that displays ingress and egress NetFlow statistics.


Router# show ip cache flow
IP packet size distribution (10 total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
   .000 .000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes
  1 active, 65535 inactive, 2 added
  26 ager polls, 0 flow alloc failures
  last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
ICMP                 1      0.0         5   100      0.0       0.0      15.7
Total :              1      0.0         5   100      0.0       0.0      15.7

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Et1/1         34.0.0.2        Et1/4         180.1.1.2       01 0000 0800     5

Table 1 describes the fields in the packet size distribution lines of the output.

Table 1 Command Field Descriptions—Packet Size

Field
Description

IP packet size distribution

The two lines below this banner show the percentage distribution of packets by size range.


Table 2 describes the fields in the flow switching cache lines of the output.

Table 2 Command Field Descriptions—Flow Switching Cache

Field
Description

bytes

Number of bytes of memory the NetFlow cache uses.

active

Number of active flows in the NetFlow cache at the time this command is entered.

inactive

Number of flow buffers that are allocated in the NetFlow cache, but are not assigned to a specific flow at the time this command is entered.

added

Number of flows created since the start of the summary period.

ager polls

Number of times the NetFlow code looked at the cache to remove expired entries (used by Cisco for diagnostics only).

flow alloc failures

Number of times the NetFlow code tried to allocate a flow but could not.

last clearing of statistics

Standard time output (hh:mm:ss) since the clear ip flow stats command was executed. This time output changes to hours and days after 24 hours is exceeded.


Table 3 describes the fields in the activity-by-protocol lines of the output.

Table 3 Command Field Descriptions—Activity-by-Protocol

Field
Description

Protocol

IP protocol and the "well known" port number as described in RFC 1340.

Total Flows

Number of flows for this protocol since the last time statistics were cleared.

Flows/Sec

Average number of flows for this protocol seen per second; equal to total flows/number of seconds for this summary period.

Packets/Flow

Average number of packets observed for the flows seen for this protocol. Equal to total packets for this protocol/number of flows for this protocol for this summary period.

Bytes/Pkt

Average number of bytes observed for the packets seen for this protocol (total bytes for this protocol /the total number of packet for this protocol for this summary period).

Packets/Sec

Average number of packets for this protocol per second (total packets for this protocol) /the total number of seconds for this summary period).

Active(Sec)/Flow

Sum of all the seconds from the first packet to the last packet of an expired flow (for example, TCP FIN, time-out, and so forth) in seconds/total flows for this protocol for this summary period.

Idle(Sec)/Flow

Sum of all the seconds from the last packet seen in each nonexpired flow for this protocol until the time this command was entered, in seconds/total flows for this protocol for this summary period.


Table 4 describes the fields in the current flow lines of the output.

Table 4 Command Field Descriptions—Current Flow

Field
Description

SrcIf

Router's internal port name for the source interface

SrcIPaddress

Source IP address for this flow

DstIf

Router's internal port name for the destination interface

DstIPaddress

Destination IP address for this flow

Pr

IP protocol; for example, 6 = TCP, 17 = UDP, ... as defined in RFC 1340

SrcP

Source port address, TCP/UDP "well known" port number, as defined in RFC 1340

DstP

Destination port address, TCP/UDP "well known" port number, as defined in RFC 1340

Pkts

Number of packets that the router observed for this flow


Step 2 Enter the show ip cache flow aggregation command to display the contents of the aggregation cache. To display the prefix-based aggregation cache, use the following command:

Router# show ip cache flow agg
Router# show ip cache flow aggregation pref
Router# show ip cache flow aggregation prefix

IP Flow Switching Cache, 278544 bytes
  1 active, 4095 inactive, 1 added
  4 ager polls, 0 flow alloc failures

Src If        Src Prefix     Msk  Dst If        Dst Prefix     Msk Flows  Pkts
Et1/1         34.0.0.0       /8   Et1/4         180.1.1.0      /24    1      5
Router#

Table 5 describes the fields in the flow switching cache lines of the output.

Table 5 Command Field Descriptions—Flow Switching Cache

Field
Description

bytes

Number of bytes of memory the NetFlow cache uses.

active

Number of active flows in the NetFlow cache at the time this command is entered.

inactive

Number of flow buffers that are allocated in the NetFlow cache, but are not assigned to a specific flow at the time this command is entered.

added

Number of flows created since the start of the summary period.

ager polls

Number of times the NetFlow code looked at the cache to remove expired entries (used by Cisco for diagnostics only).

flow alloc failures

Number of times the NetFlow code tried to allocate a flow but could not.


Table 6 describes the fields in the current flow lines of the output.

Table 6 Command Field Descriptions—Current Flow

Field
Description

Src If

Router's internal port name for the source interface

Src Prefix

Source IP address for this flow

Msk

Mask source

Dst If

Router's internal port name for the destination interface

Dst Prefix

Destination prefix aggregation cache scheme

Msk

Mask destination

Flows

Number of flows

Pkts

Number of packets that the router observed for this flow


The ip flow-aggregation cache command has other options including:

{as | destination-prefix | prefix | protocol-port | source-prefix}


Note For more information on these options, refer to the NetFlow Aggregation documentation.


Here is sample configuration output from the NetFlow aggregation cache:

Router(config)# ip flow-agg
Router(config)# ip flow-aggregation cache
Router(config)# ip flow-aggregation cache ?
  as                  AS aggregation
  destination-prefix  Destination Prefix aggregation
  prefix              Prefix aggregation
  protocol-port       Protocol and port aggregation
  source-prefix       Source Prefix aggregation
Router(config)# ip flow-aggregation cache prefix
Router(config-flow-cac)# enable

Here is sample output displaying the IP aggregation cache contents:

Router# sh ip cache flow aggregation ?
  as                  AS aggregation cache
  destination-prefix  Destination Prefix aggregation cache
  prefix              Source/Destination Prefix aggregation cache
  protocol-port       Protocol and port aggregation cache
  source-prefix       Source Prefix aggregation cache
Router# sh ip cache flow
IP packet size distribution (206 total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416 448  480
   .000 .854 .000 .145 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4292920 bytes
  0 active, 62977 inactive, 182 added
  2912 ager polls, 0 flow alloc failures
  Active flows timeout in 30 minutes
  Inactive flows timeout in 15 seconds
  last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow /Flow
ICMP               182      0.0         1    62      0.0       0.0 15.5
Total :            182      0.0         1    62      0.0       0.0 15.5

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Router# sh ip cache flow aggr
Router# sh ip cache flow aggregation pr
Router# sh ip cache flow aggregation pre
Router# sh ip cache flow aggregation prefix

IP Flow Switching Cache, 278544 bytes
  1 active, 4095 inactive, 3 added
  45 ager polls, 0 flow alloc failures
  Active flows timeout in 30 minutes
  Inactive flows timeout in 15 seconds

Src If        Src Prefix     Msk  Dst If        Dst Prefix     Msk Flows  Pkts
Et1/1         34.0.0.0       /8   PO6/0         12.12.12.12    /32 1      5
Router#

Monitoring and Maintaining MPLS Egress NetFlow Accounting

Command
Purpose

Router# show ip cache flow

Displays summary NetFlow switching statistics, including the size of the packets, types of traffic, which interfaces the traffic enters and exits, and the source and destination addresses in the forwarded packet.


Configuration Examples

This section provides a configuration example for the MPLS egress NetFlow accounting feature.

In the following example, the VPN routing and forwarding (VRF) instances currently configured in the router display:

Router# sh ip vrf
  Name                             Default RD          Interfaces
  vpn1                             100:1               Ethernet1/4
                                                       Loopback1
  vpn3                             300:1               Ethernet1/2
                                                       Loopback2
Router#
Router# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# int eth1/4
Router(config-if)# mpls ?
  ip              Configure dynamic MPLS forwarding for IP
  label-protocol  Configure label/tag distribution protocol (LDP/TDP)
  mtu             Set tag switching Maximum Transmission Unit
  netflow         Configure Egress Netflow Accounting
  traffic-eng     Configure Traffic Engineering parameters

Router(config-if)# mpls net
Router(config-if)# mpls netflow ?
  egress  Enable Egress Netflow Accounting


MPLS egress NetFlow accounting is enabled on interface eth1/4 and debugging is turned on, as shown below:

Router(config-if)# mpls netflow egress
Router(config-if)# 
Router(config-if)# 
Router# debug mpls netflow
MPLS Egress NetFlow debugging is on
Router#

The following example shows the current configuration in the router:

Router# sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption

ip cef
no ip domain-lookup
!


The VRF is defined, as shown below:

ip vrf vpn1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
interface Loopback0
 ip address 41.41.41.41 255.255.255.255
 no ip directed-broadcast
 no ip mroute-cache
!
interface Ethernet1/4
 ip vrf forwarding vpn1
 ip address 180.1.1.1 255.255.255.0
 no ip directed-broadcast
mpls netflow egress
!

Command Reference

This section describes the mpls netflow egress CLI command that you can use with the MPLS egress NetFlow accounting feature.

mpls netflow egress

To enable MPLS egress NetFlow accounting on an interface, use the mpls netflow egress interface configuration command. To disable MPLS egress NetFlow accounting, use the no form of this command.

mpls netflow egress

no mpls netflow egress

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(10)ST

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.


Usage Guidelines

Use this command to configure the PE-CE interface of a PE router.

Examples

In the following example, MPLS egress NetFlow accounting is enabled on the egress PE interface that connects to the CE interface at the destination VPN site:

Router(config-if)# mpls netflow egress

Related Commands

Command
Description

debug mpls netflow

Enables debugging of MPLS egress NetFlow accounting.

show mpls forwarding-table

Displays a message that the quick flag is set for all prefixes learned from the MPLS egress NetFlow accounting enabled interface.

show mpls interfaces

Displays the value of the output_feature_state. If MPLS egress NetFlow accounting is enabled on an interface, the value is any number other than 0. If MPLS egress NetFlow accounting is disabled on an interface, the value is 0.


Debug Commands

This section describes the new debug command, debug mpls netflow, which is related to the MPLS egress NetFlow accounting feature.

This section also describes the show mpls forwarding-table and show mpls interfaces commands, which you can use for debugging the MPLS egress NetFlow accounting feature.

debug mpls netflow

To display debug messages for MPLS egress NetFlow accounting, use the debug mpls netflow command.

[no] debug mpls netflow

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command History

Release
Modification

12.0(10)ST

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.


Examples

Here is sample output from the debug mpls netflow command:

Router#
Router# debug mpls ?
  adjacency    MPLS adjacency database events
  atm-cos      MPLS Controlled ATM CoS
  atm-ldp      MPLS ATM LDP
  events       MPLS events
  ldp          Label Distribution Protocol
  lfib         MPLS Forwarding Information Base services
  netflow      MPLS Egress NetFlow Accounting
  packets      MPLS packets
  tagcon       MPLS/Tag control process
  traffic-eng  MPLS Traffic Engineering debug

Router# debug mpls netflow
MPLS Egress NetFlow debugging is on
Router#
Router#
Router#
4d00h:Egress flow:entry created, dest 3.3.3.3/32, src 34.0.0.1/8
Router#
Router#
4d00h:Egress flow:entry created, dest 3.3.3.3/32, src 42.42.42.42/32
Router# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# int eth1/4
Router(config-if)# no mpls netflow egress
Router(config-if)#
4d00h:MPLS output feature change, trigger TFIB scan
4d00h:tfib_scanner_walk, prefix 5.5.5.5/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 2.0.0.0/8, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 3.3.3.3/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 40.40.40.40/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 50.50.50.50/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 100.100.100.100/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 180.1.1.0/24, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 190.1.1.0/24, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 2.0.0.0/8, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 4.4.4.4/32, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 40.40.40.40/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 50.50.50.50/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 177.1.1.0/24, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 180.1.1.0/24, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 190.1.1.0/24, rewrite flow flag 1
Router(config-if)#
Router(config-if)# mpls netflow egress
Router(config-if)#
4d00h:Interface refcount with output feature enabled = 2
4d00h:MPLS output feature change, trigger TFIB scan
4d00h:tfib_scanner_walk, prefix 5.5.5.5/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 2.0.0.0/8, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 3.3.3.3/32, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 40.40.40.40/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 50.50.50.50/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 100.100.100.100/32, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 180.1.1.0/24, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 190.1.1.0/24, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 2.0.0.0/8, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 4.4.4.4/32, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 40.40.40.40/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 50.50.50.50/32, rewrite flow flag 0
4d00h:tfib_scanner_walk, prefix 177.1.1.0/24, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 180.1.1.0/24, rewrite flow flag 1
4d00h:tfib_scanner_walk, prefix 190.1.1.0/24, rewrite flow flag 1
4d00h:Egress flow:entry created, dest 3.3.3.3/32, src 42.42.42.42/32
Router(config-if)#
Router(config-if)# end
Router# sh run int eth1/4
Building configuration...

Current configuration:
!
interface Ethernet1/4
 ip vrf forwarding vpn1
 ip address 180.1.1.1 255.255.255.0
 no ip directed-broadcast
 mpls netflow egress
end

Router#
Router#
Router#
4d00h:%SYS-5-CONFIG_I:Configured from console by console
Router#

Note Flow flag 1 prefixes are reachable through this interface; therefore, MPLS egress NetFlow accounting is applied to all packets going out the destination prefix. Flow flag 0 prefixes are not reachable through this interface; therefore, MPLS egress NetFlow accounting is not applied to any packets going out the destination prefix.


Related Commands

Command
Description

show debug

Displays active debug output.


show mpls forwarding-table

To display the contents of the MPLS Label Forwarding Information Base (LFIB), use the show mpls forwarding-table EXEC command.


Note This command has been modified to show whether MPLS egress NetFlow accounting is applied to the traffic destined for a network prefix. Use the show mpls forwarding-table EXEC command with the detail keyword.


show mpls forwarding-table [{network {mask | length} | labels label [- label] | interface interface | next-hop address | lsp-tunnel [tunnel-id]}] [detail]

Syntax Description

network

(Optional) Destination network number.

mask

IP address of destination mask whose entry is to be shown.

length

Number of bits in mask of destination.

labels label - label

(Optional) Shows entries with specified local labels only.

interface interface

(Optional) Shows entries with specified outgoing interface only.

next-hop address

(Optional) Shows entries with specified neighbor as next hop only.

lsp-tunnel [tunnel-id]

(Optional) Shows entries with specified labeled switched path (LSP) tunnel only, or all LSP tunnel entries.

detail

(Optional) Displays information in long form (includes length of encapsulation, length of MAC string, maximum transmission unit (MTU), and all labels).


Defaults

No default behavior or values.

Command Modes

EXEC

Command History

Release
Modification

11.1CT

This command was introduced.

12.0(10)ST

This command was enhanced with the detail keyword to show that MPLS egress NetFlow accounting is enabled.

12.1(5)T

This enhanced command was integrated into Cisco IOS Release 12.1(5)T.

12.2(22)S

This enhanced command was integrated into Cisco IOS Release 12.0(22)S.


Examples


Note Output from the show mpls forwarding-table command contains either the line "Feature quick flag set" meaning that the MPLS egress NetFlow accounting feature is enabled, or the line "No output feature configured" meaning that the MPLS egress NetFlow accounting feature is disabled. MPLS egress NetFlow accounting is one of the features supported on MPLS interfaces.


The following example shows output from the show mpls forwarding-table detail command:

Router# show mpls forwarding-table detail
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Aggregate   34.0.0.0/8[V]     0
        MAC/Encaps=0/0, MTU=0, Tag Stack{}
        VPN route: vpn1
        Feature Quick flag set

Note As shown above, the quick flag is set for the first two prefixes; therefore, traffic destined for those prefixes is captured by MPLS egress NetFlow accounting.


Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 
17     Untagged    2.0.0.0/8[V]      0          Et0/0/2    34.0.0.1
        MAC/Encaps=0/0, MTU=1500, Tag Stack{}
        VPN route: vpn1
        Feature Quick flag set
Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
18     Untagged    42.42.42.42/32[V] 4185       Et0/0/2    34.0.0.1
        MAC/Encaps=0/0, MTU=1500, Tag Stack{}
        VPN route: vpn1
        Feature Quick flag set
Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
19     2/33        41.41.41.41/32    0          AT1/0/0.1  point2point
        MAC/Encaps=4/8, MTU=4470, Tag Stack{2/33(vcd=2)}
        00028847 00002000
        No output feature configured

Note As shown above, the feature is not configured because MPLS egress NetFlow accounting is not enabled on the outgoing interface for this prefix.


Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
20     Aggregate   39.39.39.39/32[V] 0
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
        MAC/Encaps=0/0, MTU=0, Tag Stack{}
        VPN route: vpn1
        No output feature configured
Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Router#

Table 7 describes the significant fields in the output from the show mpls forwarding-table detail command.

Table 7 Command Field Descriptions

Field
Description

Local tag

Label assigned by this router.

Outgoing tag or VC

Label assigned by next hop, or VPI/VCI used to get to next hop. Some of the entries that you can specify in this column are as follows:

[T]—Means forwarding through a TSP tunnel.

Untagged—Means there is no label for the destination from the next hop, or label switching is not enabled on the outgoing interface.

Pop tag—Means that the next hop advertised an implicit NULL label for the destination, and that this router popped the top label.

Aggregate—Means directly-connected VRF routes.

Prefix or Tunnel Id

Address or tunnel to which packets with this label are going.

Bytes tag switched

Number of bytes switched with this incoming label.

Outgoing interface

Interface through which packets with this label are sent.

Next Hop

IP address of neighbor that assigned the outgoing label.

MAC/Encaps

Length in bytes of Layer 2 header, and length in bytes of packet encapsulation, including Layer 2 header and label header.

MTU

Maximum transmission unit (MTU) of labeled packet.

Tag Stack

All the outgoing labels. If the outgoing interface is TC-ATM, the VCD is also shown.

00028847 00002000

The actual encapsulation in hexadecimal form. There is a space shown between Layer 2 and the label header.


Related Commands

Command
Description

debug mpls netflow

Enables debugging of egress NetFlows.

show mpls interfaces

Displays the value of the output_feature_state. If MPLS egress NetFlow accounting is enabled on an interface, the value is any number other than 0. If MPLS egress NetFlow is disabled on an interface, the value is 0.


show mpls interfaces

To display the interfaces that have MPLS egress NetFlow accounting enabled, use the show mpls interfaces EXEC command with the internal keyword.

show mpls interfaces [type card/subcard/port | all] [detail] [internal]

Syntax Description

type

(Optional) Specifies one of the interface types listed in Table 8.

card/subcard /port

(Optional) Specifies the card, subcard, and port number of the ATM, ATM-P, CBR, Ethernet, or null interface.

all

(Optional) Displays all of the router's interfaces that have MPLS applications associated with them.

detail

(Optional) Displays detailed label switching information by interface.

internal

(Optional) Displays the value of the output_feature_state. If MPLS egress NetFlow accounting is enabled, output_feature_state is any number except 0. If MPLS egress NetFlow accounting is disabled, output_feature_state is 0.


Defaults

Displays label switching information for all interfaces.

Command Modes

EXEC

Command History

Release
Modification

11.1 CT

This command was introduced.

12.1(3)T

This command was changed from show tag-switching interfaces to show mpls interfaces.

12.0(10)ST

This command was modified to include the value of the output_feature_state.

12.1(5)T

This modified command was integrated into Cisco IOS Release 12.1(5)T.

12.0(22)S

This modified command was integrated into Cisco IOS Release 12.0(22)S.


Usage Guidelines

You can show information about the requested interface or about all interfaces on which MPLS is enabled.

Table 8 describes each of the interface types used with the show mpls interfaces command.

Table 8 Interface Types

Type
Description

atm

Specifies the ATM interface

atm-p

Specifies the ATM pseudo interface

cbr

Specifies the CBR interface

ethernet

Specifies the Ethernet interface

null

Specifies the null interface


Examples

The following sample output shows whether or not MPLS egress NetFlow accounting is enabled on the interface:

Router# show mpls interfaces internal
Interface Ethernet0/0/1:
        IP tagging enabled (tdp)
        TSP Tunnel tagging not enabled
        Tag Frame Relay Transport tagging not enabled
        Tagging operational
        IP to Tag Fast Feature Switching Vector
Tag Switching Turbo Feature Vector
        MTU = 1500, status=0x100043, appcount=1
        Output_feature_state=0x0 

Note As shown above, output_feature_state=0x0; therefore, MPLS egress NetFlow accounting is disabled.


Tag VPI = 1, Control VC = 0/32
Interface Ethernet0/0/2: 
        IP tagging enabled (tdp)
        TSP Tunnel tagging not enabled
        Tag Frame Relay Transport tagging not enabled
        Tagging operational
        IP to Tag Fast Feature Switching Vector
        Tag Switching Turbo Feature Vector
        MTU = 1500, status=0x100043, appcount=1
        Output_feature_state=0x1 

Note As shown above, output_feature_state=0x1; therefore, MPLS egress NetFlow accounting is enabled.


Tag VPI = 1, Control VC = 0/32
Interface ATM1/0/0.1:
        IP tagging enabled (tdp)

Related Commands

Command
Description

debug mpls netflow

Enables debugging of MPLS egress NetFlow accounting.

show mpls interfaces

Displays a message that the quick flag is set for all prefixes learned from the enabled MPLS egress NetFlow accounting interface.


Glossary

BGP—Border Gateway Protocol. An interdomain routing protocol that replaces Exterior Border Gateway Protocol (EGP). BGP exchanges reachability information with other BGP systems. It is defined by RFC 1163.

Border Gateway Protocol—See BGP.

BGP/MPLS/VPN—A VPN solution that uses MPLS and BGP protocol to allow multiple remote customer sites to be connected over an IP backbone. Refer to RFC 2547 for details.

CE router—A customer edge router. A router that is part of a customer network and interfaces to a PE router.

customer network—A network that is under the control of an end customer. A customer network can use private addresses as defined in RFC 1918. Customer networks are logically isolated from each other and from the provider network. A customer network is also known as a C network.

egress PE—The provider edge router through which traffic moves from the backbone to the destination VPN site.

flow—A set of packets with the same source IP address, destination IP address, source/destination ports, and type-of-service, and the same interface on which flow is monitored. Ingress flows are associated with the input interface, and egress flows are associated with the output interface.

ingress PE—The provider edge router through which traffic enters the backbone (provider network) from a VPN site.

label—A short, fixed length identifier that tells switching nodes how the data (packets or cells) should be forwarded.

MPLS—Multiprotocol label switching. An emerging industry standard on which label switching is based.

multiprotocol label switching—See MPLS.

open shortest path first—See OSPF.

OSPF—Open Shortest Path First. A link-state, hierarchical Interior Gateway Protocol (IGP) routing algorithm proposed as a successor to RIP in the Internet community. OSPF features include least-cost routing, multipath routing, and load balancing.

PE router—A provider edge router. A router at the edge of a provider network that interfaces to CE routers.

provider network—A backbone network that is under the control of a service provider and provides transport among customer sites. A provider network is also known as the P network.

virtual private network—See VPN.

VPN—Virtual private network. A network that enables IP traffic to use tunneling to travel securely over a public TCP/IP network.

VRF—VPN routing and forwarding instance. The VRF is a key element in the MPLS VPN technology. VRFs exist on PEs only. A VRF is populated with VPN routes and allows multiple routing tables in a PE. One VRF is required per VPN on each PE in the VPN.