Introduction
This document describes the steps to enable Flow Capture on Cisco Service Control Engine (SCE) 8000 device. This feature helps to capture the traffic flow between a particular source and destination, through the SCE. The packet capture is important to troubleshoot any classification issue on the SCE device. As this feature helps to capture the traffic based on subscriber IP address, network IP address, transport protocol and so on, it is very useful to capture a specific flow through the SCE device.
Prerequisites
Requirements
Cisco recommends that you have knowledge of Cisco Service Control Solutions.
Components Used
The information in this document is based on the test carried out on SCE 8000 with SCOS version 5.2.0, however this document is not restricted to any specific software version.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Background Information
Cisco recommends that the users are aware of the impact of this feature on the SCE device. If you enable flow capture, it might impact the performance of the SCE. The SCE might not perform any Deep Packet Inspection (DPI) on the specific flow and no Raw Data Records (RDR) are generated for that flow. Hence, it is recommended to enable this feature only to troubleshoot the issue and disable the same as soon as the required information is captured.
Configure
Step 1. Configure the traffic rule. The traffic rule defines the flow needs to be captured. Specify the subscriber and the network IP address and the trasnport protocol. The command mentioned configures the subscriber side IP address as 192.168.1.1, network side IP address and transport protocol if any.
SCE8000(config)#>interface LineCard 0
SCE8000(config if)#>traffic-rule name flowcapture IP-addresses subscriber-side 192.168.1.1/32 network-side all protocol all direction both traffic-counter none action flow-capture
In order to configure the duration of the capture as unlimited, default is 3600 seconds command is used.
SCE8000(config if)#>flow-capture controllers time Unlimited
Step 2. Start the capture. With this, SCE starts to capture the traffic and record the same in the Packet_capture.cap file in the FTP server.
SCE8000#> flow-capture start format cap file-name-prefix ftp://myuser:mypassword@10.1.1.1/Packet_capture
Step 3. Initiate the traffic through the SCE, which needs to be captured.
Step 4. Verify that the SCE the traffic is recorded with this command.
SCE8000-1#>show interface LineCard 0 flow-capture
Flow Capture Status (module #1):
--------------------------------
Flow capture status: RECORDING
Capturing type: ONLINE
Target file name: ftp://myuser:mypassword@10.1.1.1/Packet_capture.cap
Target file size (bytes): 6040
Time limit (sec): Unlimited
Max L4 payload length (bytes): Unlimited
Number of recorded packets: 57
Number of lost packets: 0
Step 5. After the required infiormation is collected, stop the flow capture.
SCE8000#> flow-capture stop
Step 6. Remove the traffic rule.
SCE8000(config)#>interface LineCard 0
SCE8000(config if)#>no traffic-rule name flowcapture
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Related Information
Cisco SCE 8000 Installation and Configuration Guide
Feedback