Guest

Cisco NetFlow Collection Engine

Release Notes for Cisco Multi NetFlow Collector, Release 6.0

  • Viewing Options

  • PDF (418.0 KB)
  • Feedback
Release Notes for Cisco Multi NetFlow Collector, Release 6.0

Table Of Contents

Release Notes for Cisco Multi NetFlow Collector, Release 6.0

Contents

Overview

Features in This Release

MNFC Requirements

Supported Operating Systems and Platforms

Hardware Requirements

Browser Requirements

MNFC Licensing

Important Notes

Reporting Limitation

Daylight Saving Time Updates for MNFC

Resolved Problems

Known Limitations and Problems

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines


Release Notes for Cisco Multi NetFlow Collector, Release 6.0


September, 2007, OL-12884-01

These release notes provide information about features in the Cisco Multi NetFlow Collector 6.0 release. Multi NetFlow Collector (MNFC) is a second-tier application of the NetFlow Collector architecture. MNFC imports the data files resident on multiple Cisco NetFlow Collector (NFC) servers. MNFC performs network-level correlation and provides a central view for all distributed NFC servers in the network.


Note Cisco MNFC supports only Cisco NFC Release 6. It does not support previous NFC releases. Cisco MNFC and NFC must run on separate servers.


Contents

This release note contains the following sections:

Overview

Features in This Release

MNFC Requirements

MNFC Licensing

Important Notes

Resolved Problems

Known Limitations and Problems

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Overview

Cisco NetFlow Collector, Release 6.0 introduces a tiered NetFlow collection architecture that provides increased scalability and performance. The role of the first tier (Tier 1) maps to the NFC functionality of Cisco NetFlow Collector 5.0.3 with the addition of new features described in these Release Notes.

NetFlow services consist of high-performance IP switching features that capture a rich set of traffic statistics exported from routers and switches while they perform their switching function. Cisco NetFlow Collector provides fast, scalable, and economical data collection from multiple export devices exporting NetFlow data records.

Cisco NetFlow Collector, Release 6.0 supports new Cisco NetFlow Collector Tier 2 functionality, also referred to as Multi NetFlow Collector (MNFC). MNFC imports the data files resident in multiple NFCs and performs network-level correlation and provides a central view for all distributed Cisco NFC implementations in the network.

Cisco MNFC supports only Cisco NFC Release 6. It does not support previous NFC releases. Cisco MNFC and NFC must run on separate servers.

Features in This Release

Multi NetFlow Collector, Release 6.0 includes the following features:

Importing of data files from multiple Cisco NFCs to its server to perform network-level correlation, a central view of end-to-end traffic summaries, and classification information.

PE-PE, PE-CE, CE-PE, and CE-CE data collection providing traffic statistics between two IP networks

Web-based user interface for configuration, reporting, and control

Database support

Ability to generate the following types of reports:

CE-CE Matrix

PE-PE Matrix

Top N

Trend analysis

VPN traffic summary

Scheduled reports

Licensing

MNFC Requirements

Cisco MNFC supports only Cisco NFC, Release 6.0. It does not support previous Cisco NFC releases. Cisco MNFC and NFC must run on separate servers.

The following sections describe requirements for Cisco Multi NetFlow Collector, Release 6.0.


Note The CPU, RAM, and disk space recommendations listed are minimum requirements. Your actual requirements are determined by your configuration and by the volume and uniqueness of NetFlow data that is received. Actual resource usage can vary greatly depending on these factors.


Supported Operating Systems and Platforms

Multi NetFlow Collector, Release 6.0 supports the following operating systems and platforms:

Solaris 8, 9, or 10 on a midrange server, such as the Sun Fire V490 with Quad UltraSPARC IV 1.5 GHz processors.

Red Hat Enterprise Linux 3.0, or 4.0 (ES and AS) on a midrange server, such as an IBM x346 with a single dual-core Intel Xeon 3.8 GHz processor.


Note To serve as the concentrator in a scalable NetFlow solution, the workstation should be dedicated to the Multi NetFlow Collector and should not be running other applications.


Hardware Requirements

The Multi NetFlow Collector, Release 6.0 has the following hardware requirements:

Minimum of 16 GB RAM, 10K SCSI, dual 70 GB disk, and dual processor on an midrange-level server.

Browser Requirements

The Multi NetFlow Collector, Release 6.0 web-based user interface is compatible with Microsoft Internet Explorer 6 and Mozilla Firefox 1.5 or greater on Windows or UNIX. The web-based UI requires that the browser support a Java virtual machine (JVM) to run applets.


Note The Sun JVM must be used; the JVM version must be 1.5 or higher. You can download Sun JVM 1.5 from the website http://java.sun.com/javase/downloads/index.jsp.


MNFC Licensing

A license file is required for each host running Cisco Multi NetFlow Collector, Release 6. The license is specific to the IP address of the host. You can obtain a permanent license at:

http://www.cisco.com/go/license


Note The licensing URL referenced in error logs in the mnfc.log file is incorrect. In order to obtain a license, you must use http://www.cisco.com/go/license.


You must have the IP address of the host on which Multi NetFlow Collector will run. To obtain a permanent license, you must also have the PAK you received after purchasing Multi NetFlow Collector. After you enter the information, a license file is emailed to you. Copy the license file or its contents with no alterations to /opt/CSCOmnfc/config/mnfc.lic.

The first line of the license file contains either the demo expiration date or the word permanent for a permanent license, and the IP address of the host to which Multi NetFlow Collector is licensed.

If the host running Multi NetFlow Collector has more than one network card and IP address, specify the IP address associated with the hostname when licensing the product.


Note By default, Red Hat Enterprise Linux associates the system hostname with the loopback address 127.0.0.1 in /etc/hosts. However, for licensing to function properly, the hostname must be associated with the host's IP address. Edit the /etc/hosts file by removing the hostname from the loopback address entry and adding an entry for the licensed IP address.


The file /etc/nsswitch.conf is normally configured so that hostname lookups are first obtained from files (/etc/hosts).

Important Notes

Reporting Limitation

The Multi NetFlow Collector Release 6.0 contains a known limitation when a single report contains more than 10000 records. If you have a single report that exceeds this current limitation, while viewing the report you might see an OutOfMemory error and your web browser session might be halted.

Daylight Saving Time Updates for MNFC

Multi NetFlow Collector's time zone data is include in the bundled Java Runtime Environment (JRE). By default, the MNFC 6.0 JRE contains Olson time zone data tzdata2006k.

Time zone data should be updated using the TZupdater tool when MNFC is installed and whenever local Daylight Saving Time rules change. For details on updating the JRE Time zone data, see Appendix B, "Updating JRE Time Zone Data" in the Cisco Multi NetFlow Collector Installation and Configuration Guide:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_installation_and_configuration_guide_book09186a008081c7ad.html

Resolved Problems

Table 1 lists the problems that were resolved since Cisco Multi NetFlow Collector, Release 6.0 was released for early field trials.

Table 1 Resolved Problems in MNFC Release 6.0  

DDTS Number
Description

CSCsg31417

RMIXML password to be configurable and must be stored securely.

CSCsg35966

MNFC: Deletion of record type affects depending reports.

CSCsg40010

MNFC: Enforce interdependency b/w logical entities for processing integration.

CSCsg58166

MNFC: Scheduled report submission should be denied when no specs exists.

CSCsg75652

MNFC Status: Metadata transfer page not getting refreshed

CSCsg82801

MNFC: Data not uploaded into database if collector name contains a hyphen (-).

CSCsg85273

MNFC: Button for plot of starttime/endtime should be removed.

CSCsg91598

MNFC: Persistent Out of sync message due to time discrepancy.

CSCsg91775

No way of removing entries from the metadata transfer page.

CSCsh17607

MNFC: Tier-2 should check the time/year in-sync with tier-1 before ftp.

CSCsh23869

MNFC: Deselecting keys and values on summarization gets added to existing list.

CSCsh25251

MNFC: spaceno for derived records is reset to 1 by restart.

CSCsh25510

MNFC: Shutdown of tier1 or 2 causes files with wrong timestamp on tier2.

CSCsh25733

MNFC: Aggregator metadata out of sync after NFC changes.

CSCsh26113

MNFC: CE-CE plot - numbering on axis is written over repeatedly.

CSCsh26166

MNFC: Configuration load fails on ISAM-106 non-exclusive access.

CSCsh26970

MNFC: Slice ATTACH fails on SQLERR-776 after restart.

CSCsh27949

MNFC: Restart leads to missing of current period for TopN Storage.

CSCsh50852

MNFC: Primary table not dropped when aggregator is deleted.

CSCsh61884

MNFC: Symbolic link on tier1 needs line added in tier 2 transport file.


Known Limitations and Problems

This section contains information about the limitations and problems known to exist in the Cisco Multi NetFlow Collector, Release 6.0 product.

CSCsg39901—MNFC: required fields (such as timestamp) should be selected by default.

Description: Summarizations and correlators require the use of the Timestamp Key Field. In the MNFC UI, the Timestamp Key Field for summarization and correlator definitions is selected. Nothing prevents you from deselecting the Timestamp Key Field, resulting in a summarization/correlator instance with an invalid definition.

Workaround: Make sure that the Timestamp Key Field is selected in the Configuration  > Specify Correlator or Configuration  > Specify Summarization window.

CSCsg79456—MNFC: Second active browser pop up for Trending report.

Description: If either key or value on trending report is not selected, an error message will display but at the same time a second active browser appears. This additional browser should not be allowed. If you click on the second browser without correcting mistake, another error and a third browser will display.

Workaround: Manually close the extra browser window.

CSCsg85282—MNFC: Report filter is incorrect when the radio button is selected.

Description: When generating a report, select the radio button for IP 0.0.0.100. Add a filter on srcaddr: 0.0.0.215. Click filter. The report filters on 0.0.0.100 and not 0.0.0.215.

Workaround: Recreate report to apply another filter address.

CSCsg95499—MNFC: Filter does not apply to plot for trending report.

Description: When applying a filter to a trending report and then creating a plot of the filtered data, the plot is the same as a plot created from the unfiltered report.

Workaround: None at this time. Contact support.

CSCsg95525—MNFC: Bar graph can not be plotted for filtered trending report.

Description: Bar graph on filtered trending report can not be plotted. The result is a page displaying Result ID, start time, and end time on the left and an x on the right side of the page. No graph is displayed.

Workaround: None at this time. Contact support.

CSCsh06772—MNFC: Blank page shown for TopN, Trending without data source.

Description: If you install MNFC and proceed to click on the different report folders visible from Report  > Report Specs such as CE-CE or PE-PE before configuring anything, the basic Report configure page displays along with a message saying that there is no data source. However, if you select Top N or Trending a blank page. displays. No message displays.

Workaround: None at this time. Contact support.

CSCsh23411—MNFC: Trending plot y-axis values vary with data period.

Description: Set up first tier collection with five minute period. Collect the first tier data in second tier with 15-minute period summarization. Run a trending report on the primary data, and compare with trending report for summarization data. The y-axis values in the report run on 15-minute summarized data are three times that of the 5-minute primary table data. The y-axis values plotted over time should not depend on the specified collection period.

Workaround: None at this time. Contact support.

CSCsh25265—MNFC: Start time of scheduled job can not be edited.

Description: You click the View Job link for a particular report in the scheduled reports window and edit the At field. After clicking Submit, the At field does not display the changed value and no error messages is displayed.

Workaround: Schedule a job with new start time using the same report spec, then delete the old scheduled job.

CSCsh52340—MNFC: transport change from ftp to sftp and vice versa.

Description: Change in transport from FTP to SFTP or vice versa does not take effect unless the concentrator is restarted.

Workaround: After changing the FTP or SFTP setting for collector(s), restart the Concentrator process from the Status  > Control Processes window by clicking Start concentrator.

CSCsh52348—MNFC: symbolic link creation for data file.

Description: If the path for Data files is not $NFC_DIR/Data, upload on MNFC fails.

Workaround: Create a symbolic link from new location on the data file to $NFC_DIR/Data. For example, the new location for the /Test symbolic link will be ln -s /Test $NFC_DIR/Data .

CSCsh88906—MNFC: Collector Status > T.diff is not working as intended.

Description: From the Status  > Collector Status  > View File Transfer Status by Collector window, the T.diff, sec column displaying the estimated time difference between the MNFC server and the 1st tier NFC might display inaccurate (very large) values.

Workaround: None at this time. Ignore the T.diff, sec readings and verify the clock's discrepancy between the MNFC and the 1st tier NFC manually using date commands from the shell prompt.

CSCsi09460—MNFC: NO error flagged when option on tier1 is changed to not sorted.

Description: The Summarization table with the Top N Values storage method contains only a subset of the data loaded or no data is uploaded at all. Since the last Metadata Transfer was completed on the 1st Tier NFC Collector, the configuration on the 1st tier has been changed so that the Aggregator Sort Output is not selected.

Workaround: Make sure that the Sort Output check box is selected in the Modify Aggregator window for aggregators on all NFCs supplying records to the MNFC Aggregator to be used by the Summarization in question.

CSCsi10612—MNFC: Error Domain summarization already contains instance.

Description: Submission of a newly specified configuration instance like summarization or correlator fails and the error message Domain summarization already contains instance displays.

Workaround: Do one of the following:

From the instance definition window, click Discard after getting the error popup to purge the instance from the back-end cache and then specify the instance again.

Restart the Concentrator process from Status  > Collector Processes  > Network Concentrator Process.

CSCsi53207—MNFC: Rows per page gets blank on config screen.

Description: If the number of MNFC configuration entities of the same component type (Collectors, Aggregators, Summarizations, Datasources, or Correlators) exceeds 10 instances, the Configuration  > View Component window for that component type displays only 10 instances. You cannot increase the number of instances displayed (Rows per page) and clicking Go to display the next page displays a blank window.

Workaround: If the number of configured instances of the same component type exceeds 10, use the navigation tree on the left-hand side of the MNFC UI panel to navigate to the desired instance.

CSCsi55888—MNFC: CSCOmnfc start all displays an exception message.

Description: During a manual MNFC startup using the scripts startmnfc.sh or cscomnfc, the following message is displayed:

Exception in thread "Timer-4" java.lang.ClassCastException: com.cisco.mnfc.db.Re cordManager at com.cisco.mnfc.db.StorageManager.insertFile(StorageManager.java:1439) at com.cisco.mnfc.db.StorageManager$FileDetector.run(StorageManager.java :1415) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462)

Workaround: No action is required. There is no functional impact aside from the message.

CSCsi62593—MNFC: Available key field gets re-populated for correlator.

Description: When you try to create a correlator without selecting any values and click Submit, the correlator is not created and error message is correctly displayed, but the keys from Selected panel gets re-populated in the Available keys area.

Workaround: Discard the correlator definition and define a new correlation with values specified.

CSCsi65800—MNFC: restart can cause loss of period with code 858.

Description: Operation ATTACH fails on fragment of NFC data table and the SQL failure is logged into nfcdb.log as an Exception with code -858. One period of NFC data is lost: either the summarization/correlator period or a portion of the primary (aggregated) data, depending on which table is affected.

Workaround: To prevent losing of data for a period of time during which MNFC is restarted, delete the old records file <entity-id>_$a manually before restarting MNFC.

Related Documentation

Use these Release Notes with the Cisco Multi NetFlow Collector Installation and Configuration Guide, Part Number OL-12883-01 and the Cisco Multi NetFlow Collector User Guide, Part Number OL-12885-01. These documents are available online through Cisco Connection Online at the following URL:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/tsd_products_support_series_home.html

MNFC 6.0 contains Informix IDS9.40 from IBM as an embedded relational database. The set of IBM Informix documentation can be accessed online at:

http://www-306.ibm.com/software/data/informix/pubs/library/ids_94.html

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html