Cisco Nexus 1000V for Microsoft Hyper-V Troubleshooting Guide, Release 5.2(1)SM1(5.1)
NetFlow
Downloads: This chapterpdf (PDF - 79.0KB) The complete bookPDF (PDF - 1.76MB) | Feedback

Table of Contents

NetFlow

Information About NetFlow

NetFlow Troubleshooting Commands

Problems with NetFlow

Debugging a Policy Verification Error

Debugging Statistics Export Problems

NetFlow

This chapter describes how to identify and resolve problems that relate to NetFlow.

Information About NetFlow

NetFlow allows you to evaluate IP traffic and understand how and where it flows. NetFlow gathers data that can be used in accounting, network monitoring, and network planning.

A flow is a one-directional stream of packets that arrives on a source interface (or subinterface) that matches a set of criteria. You create a flow using a flow record to define the criteria for your flow and all criteria must match for the packet to count in the given flow. Flows are stored in the NetFlow cache. Flow information tells you the following:

  • The source address tells you who is originating the traffic.
  • The destination address tells who is receiving the traffic.
  • Ports characterize the application that use the traffic.
  • The class of service (CoS) examines the priority of the traffic.
  • The device interface tells how traffic is being used by the network device.
  • Tallied packets and bytes show the amount of traffic.

A flow record defines the information that NetFlow gathers, such as the packets in the flow and the types of counters gathered per flow. You can define new flow records or use the predefined the Cisco Nexus 1000V flow records.

For detailed information about configuring NetFlow, see the Cisco Nexus 1000V for Microsoft Hyper-V System Management Configuration Guide, Release 5.2(1)SM1(5.1) .

NetFlow Troubleshooting Commands

You can use the commands in this section to troubleshoot problems related to NetFlow.

To redirect the output of the following debug commands to a file stored in bootflash, enter this command:

  • debug logfile filename

debug nfm all

To print monitor configuration, enter this command:

  • module vem module-number execute vemcmd show netflow monitor
n1000V# module vem 3 execute vemcmd show netflow monitor
Flow Monitor m1:
Table ID : 1
Monitor ID: 65537
Use Count: 1
Inactive Timeout: 15
Active Timeout: 1800
Cache Type: normal
Cache State: allocated
 

To print interface configuration, enter this command:

  • module vem module-number execute vemcmd show netflow interface
n1000V# module vem 3 execute vemcmd show netflow interface
Interface: LTL49
Monitor: m1
Direction: Input
 

To print tracked configuration features, enter this command:

  • module vem module-number execute vemcmd show netflow stats
n1000V# module vem 3 execute vemcmd show netflow stats
Netflow DPA-DP Session statistics:
Session Opens: 1
Session Verify: 1
Session Commit: 1
Session Abort: 0
Session Add Monitor: 5
Session Del Monitor: 0
Get Cache stats: 0
Get CPU stats: 0
Show Cache: 0
Ager Polls: 13775
Module Cleanup: 6
 
Netflow DPA-DP Session Failure statistics:
Opens Failures: 0
Verify Failures: 0
Commit Failures: 0
Abort Failures: 0
Add Monitor Failures: 0
Del Monitor Failures: 0
Get Cache stats Failures: 0
Get CPU stats Failures: 0
Show Cache Failures: 0
Ager Polls Failures: 0
 
Netflow Packet Path Failure statistics:
No Free Flows: 0
Lost Flows: 0
Ingress Pak Store Missing: 0
Ingress Feature Store Missing: 0
Ingress Permanent Full: 0
Ingress Memory Failure: 0
Ingress Multicast Packets: 0
Ingress Non-IP Packets: 0
Ingress Lock Failure: 0
Ingress Policy not found: 0
Post Ingress Pak Store Missing: 0
Post Ingress Feature Store Missing: 0
Post Ingress Permanent Full: 0
Post Ingress Multicast Packets: 0
Post Ingress Non-IP Packets: 0
Post Ingress Lock Failure: 0
Post Ingress Policy not found: 0
Egress Permanent Full: 0
Egress Memory Failure: 0
Egress Multicast Packets: 0
Egress Non-IP Packets: 0
Egress Lock Failure: 0
Egress Policy not found: 0
 
Netflow Packet Store Failure statistics:
Client Ref In Use: 0
Client Ref Null: 0
Pak Ref Null: 0
Alloc Client Ref Null: 0
Clear Client Ref Null: 0
Alloc Fail: 0
Central Info Mismatch: 0
 
Netflow Cache failure statistics:
No Free Entry: 0
Being Deleted: 0
Emergency Age Failure: 0
Normal Ager Failure: 0
No Ager Offset: 0

 

To dump the pakstore usage for a policy on an interface, enter the following command. The output goes to a vemlog internal buffer. Make sure that the output shows the correct monitor name and interface.

  • vemdebug netflow dump pakstore
PS C:\Program Files (x86)\cisco\Nexus1000V> .\vemdebug netflow dump pakstore
Apr 14 12:25:30. 29787 260 0 2 16 Debug Pak Store for
Client: fm1
Apr 14 12:25:30. 29793 266 0 2 16 Debug Pak Store for
Client: LTL49
 

To enable NetFlow debugging for policy installation on the VEM, enter the following commands. Debug messages are printed for every PDL session open, verify, and commit requests coming from the DPA.

  • vemlog debug sfnetflow_cache all
  • vemlog debug sfnetflow_config all
  • vemlog debug sfnetflow_flowmon all
  • vemlog debug sfnetflow_ager all
  • vemlog debug sfnetflow_flowapi all

To enable packet path debugging for NetFlow policies on the VEM, enter the following command. Debug messages are printed for every packet that hits a NetFlow policy. Use this command with caution. High traffic could result in a lot of debug messages.

  • vemlog debug sfnetflow all

Enter these commands to collect information about NetFlow manager (NFM) process run-time configuration errors:

  • show flow internal event-history errors
  • show flow internal event-history msgs
  • show flow internal pdl detailed
  • show flow internal mem-stats (to debug memory usage and leaks)

Problems with NetFlow

Common NetFlow configuration problems on the Virtual Supervisor Module (VSM) can occur if you attempt to do the following:

  • Use undefined records, exporters, samplers, or monitors
  • Use invalid records, exporters, samplers, or monitors
  • Modify records, exporters, samplers, or monitors after they are applied to an interface
  • Configure a monitor on an interface that causes the VEM to run out of memory and results in a verification error
  • Use NetFlow in a port channel. NetFlow is not supported in port channels.
  • Configure monitors in multiple levels of a port-profile inheritance tree.

In addition, a configuration error can occur if there is a mismatch between the UDP port configured on the exporter and the port NetFlow Collector has listening turned on. Enter the no form of the original command to clear the configuration and then reenter the command.

Debugging a Policy Verification Error


Step 1 Configure all debug flags of NetFlow monitor (NFM) by entering the debug nfm all command.

Step 2 Save the Secure Shell Telnet (SSH) session buffer to a file.

Step 3 Enable a flexible NFM for traffic that the router is receiving or forwarding by entering the ip flow monitor monitor name direction command.

The command executes once again and the debug traces are output to the console.


 

You can also use the policy verification procedure to collect logs for operations such as defining a flow record or tracing exporter functionality.

Debugging Statistics Export Problems

When debugging a NetFlow statistics export problem, follow these guidelines:

  • Ensure that the destination IP address is reachable from the VSM and Virtual Ethernet Modules (VEMs).
  • Ensure that the UDP port configured on the exporter matches that used by the NetFlow Collector.
  • View statistics for the exporter and identify any drops by entering the show flow exporter command.