Cisco Systems WSC4500X16SFP Feature Interaction of Netflow Statistics with UBRL and Microflow Policing, VLAN Statistics

38-5

Software Configuration Guide—Release 12.2(25)SG

OL-7659-03

Chapter38 Configuring NetFlow

Overview of NetFlow Statistics Collection

Similarly, the input interface and the source AS number for the source IP address are determined by

looking up the FIB entry in the default FIB table based on the source IP address. Therefore, the input

interface is based solely on the source IP address and a reverse lookup is done to determine to which

interface a packet with this IP destination address needs to be routed. This process assumes that the

forwarding paths are symmetrical. However, if this process yields multiple input interfaces, a

deterministic algorithm will be applied to pick one of them the one with the lowest IP address. Although

this process typically yields correct values, there are scenarios where the values are inaccurate:

•If load balancing is being applied by an upstream adjacent switch, one input interface must be

chosen arbitrarily out of the multiple input interfaces available. This action is necessary because the

input interface that would be used depends on the type of load balancing algo rithm being deployed

by the adjacent upstream switch. It is not always feasible to know the algorithm. Therefore, all flow

statistics will be attributed to one input interface. Software selects the interface with the lowest IP

subnet number.

•In an asymmetric routing scheme in which the traffic for an IP subne t might be received on one

interface and sent on another, the inferences noted previously for selecting an input interface, based

on a reverse lookup, would be incorrect and cannot be verified.

•If PBR or VRF is enabled on the switch and the flow is destined to an address that resides in the

PBR or VRF range or is sourced from an address that resides in the PBR or VRF range, the

information will be incorrect. In this case, the input and output interface will most likely point to

the default route (if configured) or will have no value at all (NULL)

• If VRF is enabled on the switch on some interfaces and the flow comes from a VRF interface, the

information will be incorrect. In this case, the input and output interface will most likely point to

the default route (if configured) or will have no value (NULL).

Note The Supervisor Engine V-10GE provides the input interface information via hardware, improving the

accuracy of NetFlow information.

Feature Interaction of Netflow Statistics with UBRL and Microflow Policing

On systems with Supervisor Engine V-10GE, there is a feature interaction between Netflow Statistics

and UBRL (User Based Rate Limiting). As part of correctly configuring UBR L on a given interface, the

class-map must specify a flow-mask. In turn, this flow mask is used to create hardware-based netflow

statistics for the flow. By default, for traditional full-flow netflow statistics, the full-flow mask is used.

With UBRL, however, the masks can differ. If UBRL is configured on a given interface, the statistics are

collected based on the mask configured for UBRL. Consequently, the system will not collect full-flow

statistics for traffic transiting an interface configured with UBRL. For more details, refer to the

“Configuring User Based Rate Limiting” section on page 27-36.

VLAN Statistics

With NetFlow support, you can report Layer 2 output VLAN statistics, as well as VLAN statistics for

routed traffic in and out of a VLAN.