NetFlow
This chapter describes how to identify and resolve problems that relate to NetFlow.
Information About NetFlow
NetFlow allows you to evaluate IP traffic and understand how and where it flows. NetFlow gathers data that can be used in accounting, network monitoring, and network planning.
A flow is a one-directional stream of packets that arrives on a source interface (or subinterface) that matches a set of criteria. You create a flow using a flow record to define the criteria for your flow and all criteria must match for the packet to count in the given flow. Flows are stored in the NetFlow cache. Flow information tells you the following:
- The source address tells you who is originating the traffic.
- The destination address tells who is receiving the traffic.
- Ports characterize the application that use the traffic.
- The class of service (CoS) examines the priority of the traffic.
- The device interface tells how traffic is being used by the network device.
- Tallied packets and bytes show the amount of traffic.
A flow record defines the information that NetFlow gathers, such as the packets in the flow and the types of counters gathered per flow. You can define new flow records or use the predefined the Cisco Nexus 1000V flow records.
For detailed information about configuring NetFlow, see the Cisco Nexus 1000V for Microsoft Hyper-V System Management Configuration Guide .
NetFlow Troubleshooting Commands
You can use the commands in this section to troubleshoot problems related to NetFlow.
To redirect the output of the following debug commands to a file stored in bootflash, enter this command:
– debug nfm all
To print monitor configuration, enter this command:
- module vem module-number execute vemcmd show netflow monitor
n1000V# module vem 3 execute vemcmd show netflow monitor
To print interface configuration, enter this command:
- module vem module-number execute vemcmd show netflow interface
n1000V# module vem 3 execute vemcmd show netflow interface
To print tracked configuration features, enter this command:
- module vem module-number execute vemcmd show netflow stats
n1000V# module vem 3 execute vemcmd show netflow stats
Netflow DPA-DP Session statistics:
Netflow DPA-DP Session Failure statistics:
Get Cache stats Failures: 0
Get CPU stats Failures: 0
Netflow Packet Path Failure statistics:
Ingress Pak Store Missing: 0
Ingress Feature Store Missing: 0
Ingress Permanent Full: 0
Ingress Memory Failure: 0
Ingress Multicast Packets: 0
Ingress Non-IP Packets: 0
Ingress Policy not found: 0
Post Ingress Pak Store Missing: 0
Post Ingress Feature Store Missing: 0
Post Ingress Permanent Full: 0
Post Ingress Multicast Packets: 0
Post Ingress Non-IP Packets: 0
Post Ingress Lock Failure: 0
Post Ingress Policy not found: 0
Egress Multicast Packets: 0
Egress Policy not found: 0
Netflow Packet Store Failure statistics:
Netflow Cache failure statistics:
To dump the pakstore usage for a policy on an interface, enter the following command. The output goes to a vemlog internal buffer. Make sure that the output shows the correct monitor name and interface.
- vemdebug netflow dump pakstore
PS C:\Program Files (x86)\cisco\Nexus1000V> .\vemdebug netflow dump pakstore
Apr 14 12:25:30. 29787 260 0 2 16 Debug Pak Store for
Apr 14 12:25:30. 29793 266 0 2 16 Debug Pak Store for
To enable NetFlow debugging for policy installation on the VEM, enter the following commands. Debug messages are printed for every PDL session open, verify, and commit requests coming from the DPA.
- vemlog debug sfnetflow_cache all
- vemlog debug sfnetflow_config all
- vemlog debug sfnetflow_flowmon all
- vemlog debug sfnetflow_ager all
- vemlog debug sfnetflow_flowapi all
To enable packet path debugging for NetFlow policies on the VEM, enter the following command. Debug messages are printed for every packet that hits a NetFlow policy. Use this command with caution. High traffic could result in a lot of debug messages.
- vemlog debug sfnetflow all
Enter these commands to collect information about NetFlow manager (NFM) process run-time configuration errors:
- show flow internal event-history errors
- show flow internal event-history msgs
- show flow internal pdl detailed
- show flow internal mem-stats (to debug memory usage and leaks)
Problems with NetFlow
Common NetFlow configuration problems on the Virtual Supervisor Module (VSM) can occur if you attempt to do the following:
- Use undefined records, exporters, samplers, or monitors
- Use invalid records, exporters, samplers, or monitors
- Modify records, exporters, samplers, or monitors after they are applied to an interface
- Configure a monitor on an interface that causes the VEM to run out of memory and results in a verification error
- Use NetFlow in a port channel. NetFlow is not supported in port channels.
- Configure monitors in multiple levels of a port-profile inheritance tree.
In addition, a configuration error can occur if there is a mismatch between the UDP port configured on the exporter and the port NetFlow Collector has listening turned on. Enter the no form of the original command to clear the configuration and then reenter the command.
Debugging a Policy Verification Error
Step 1 Configure all debug flags of NetFlow monitor (NFM) by entering the debug nfm all command.
Step 2 Save the Secure Shell Telnet (SSH) session buffer to a file.
Step 3 Enable a flexible NFM for traffic that the router is receiving or forwarding by entering the ip flow monitor monitor name direction command.
The command executes once again and the debug traces are output to the console.
You can also use the policy verification procedure to collect logs for operations such as defining a flow record or tracing exporter functionality.
Debugging Statistics Export Problems
When debugging a NetFlow statistics export problem, follow these guidelines:
- Ensure that the destination IP address is reachable from the VSM and Virtual Ethernet Modules (VEMs).
- Ensure that the UDP port configured on the exporter matches that used by the NetFlow Collector.
- View statistics for the exporter and identify any drops by entering the show flow exporter command.