Re: [c-nsp] Cisco 6509 SUP2-2GE /w PFC2 - which code?
Hi, On Tue, Mar 16, 2010 at 08:13:35PM +, Nick Hilliard wrote: On 16/03/2010 18:55, Gert Doering wrote: Anyway: Netflow on Sup2 works OK (as far as I know, at least works for me) but it won't show you layer2-switched flows. Bridged Netflow is something more recent, and I'm not sure whether it works - DECIX tried it, and it didn't. I think you need a pfc3b for netflow, no? No, the Sup2 will do netflow just fine. (Since the whole architecture of the Sup2 is flow-based, this should actually be fairly easy :-)) Incidentally, the pfc3b still does not support netflow data export for bridged ipv6 data. This is annoying. So bridged IPv4 works now? What IOS version do you need for that? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpFu3eVazkNB.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6509 SUP2-2GE /w PFC2 - which code?
On 17/03/2010 07:27, Gert Doering wrote: No, the Sup2 will do netflow just fine. (Since the whole architecture of the Sup2 is flow-based, this should actually be fairly easy :-)) even layer2 netflow? Incidentally, the pfc3b still does not support netflow data export for bridged ipv6 data. This is annoying. So bridged IPv4 works now? What IOS version do you need for that? Well, it works to a point from SXF. You get source and destination IP addresses, but no ASN data (even if the switch loads up the DFZ) and more importantly no mac addresses, which is a real limitation (i assume this is because of hardware limitations on 67xx cards). In SXI, the PFC collects ipv6 L2 flow data and you can browse through it. But it won't export the data, even though SXI supports netflow v9. Sigh. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6509 SUP2-2GE /w PFC2 - which code?
Hi, On Wed, Mar 17, 2010 at 11:37:44AM +, Nick Hilliard wrote: On 17/03/2010 07:27, Gert Doering wrote: No, the Sup2 will do netflow just fine. (Since the whole architecture of the Sup2 is flow-based, this should actually be fairly easy :-)) even layer2 netflow? No. Sorry if I was unclear here. L3 netflow for v4 is supported, L3 netflow for v6 is not, and I think L2 netflow isn't either. Incidentally, the pfc3b still does not support netflow data export for bridged ipv6 data. This is annoying. So bridged IPv4 works now? What IOS version do you need for that? Well, it works to a point from SXF. You get source and destination IP addresses, but no ASN data (even if the switch loads up the DFZ) and more importantly no mac addresses, which is a real limitation (i assume this is because of hardware limitations on 67xx cards). Yes, mac address info is something also missing from L3 flows, and that's a real issue at IXPs. It's a EARL7 limitation, from what I understand - so you get it if you use a SIP/SPA (which is not useful for an IXP operator, and questionable for an ISP). Supposedly EARL8 can do it as well - and we're looking forward to see that :-) In SXI, the PFC collects ipv6 L2 flow data and you can browse through it. But it won't export the data, even though SXI supports netflow v9. Sigh. Now that sounds like software not there yet... (IPv6 netflow on SXH/I is also not perfect for L3 - it's no longer per-interface but back to global for the whole box, as IPv4 was before SXH). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpqaXvgGkKXt.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco 6509 SUP2-2GE /w PFC2 - which code?
I have just received a couple of Catalyst 6509s that are destined for a small exchange point. They've got SUP2-2GE /w PFC2, eight port 6408 GBIC blades, and flexwan blades that will be taking POS ATM WAN interfaces. They'll be running BGP+OSPF and not much else. I see one has 8.6.4 CatOS and the other IOS 12.1.27b.E4. Which is going to be best/most stable? I've never had 6500s under my care but I do recall that there was an issue with netflow accounting not working - something to the effect that the intelligent linecards had their own forwarding information and all that netflow reported was the setup and teardown for TCP connections. Is this still the case, or is there a mix of software and practices that makes netflow functional? If not, how are people handling bandwidth monitoring for these systems? Thanks in advance for your wise answers ... -- mailto:n...@layer3arts.com // GoogleTalk: nrauhau...@gmail.com GV: 202-642-1717 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco 6509 SUP2-2GE /w PFC2 - which code?
On 16/03/2010 18:55, Gert Doering wrote: Anyway: Netflow on Sup2 works OK (as far as I know, at least works for me) but it won't show you layer2-switched flows. Bridged Netflow is something more recent, and I'm not sure whether it works - DECIX tried it, and it didn't. I think you need a pfc3b for netflow, no? Incidentally, the pfc3b still does not support netflow data export for bridged ipv6 data. This is annoying. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
