Using Netflow

Ever needed to track specific flow of information or find out what ports a application is using, or verify if your QOS is working correctly? Cisco Netflow is the answer.

NetFlow is a Cisco IOS application that provides a rich set of traffic statistics on packets flowing through the router, both ingress and egress. A NetFlow network flow is defined as a unidirectional stream of packets between a given source and destination. These key fields/statistics define a unique flow:

  • Source IP address
  • Destination IP address
  • Source port number
  • Destination port number
  • Layer 3 protocol type
  • Type of service (ToS)
  • Input logical interface

If a packet has one key field different from another packet, it is considered to belong to another flow. Flows are stored in the NetFlow cache and does does consumes additional memory, but generally this is not to much of a problem. Netflow data could be exported, but here I’ll show how to use it on CLI and how to interpret it.

Continue reading “Using Netflow”

Advertisements

Output-101: Cisco 3560 feature set upgrade

Error: The image in the archive which would be used to upgrade
Error: system number 1 does not support the same feature set.

Cisco it seems included this sanity check,as of 12.2(35), to prevent you from accidentally changing the feature set during a IOS upgrade, not a nice thing to happen on a production switch, when things go belly up.

You will get the above error when upgrading the IOS and changing the feature set. IE  if you upgrade the image from IPBASE 12.2(35)SE5 to ADVIPSERVICESK9 12.2(25)SEE4.

So to bypass this, you can add the /allow-feature-upgrade parameter, to the  archive download-sw command.

Example :

#archive download-sw /overwrite /allow-feature-upgrade tftp:10.1.1.1/c3560-advipservicesk9-tar.122-25.SEE4.tar

If you need more info on how to upgrade the IOS on a Cisco 3560, visit Cisco.

Output-101: BGP-3-NOTIFICATION

Error log:

%BGP-3-NOTIFICATION:received from neighbor 196.7.8.9 2/2 (peer in wrong as) 2 bytes 0064

Explanation:

The Obvious is true, a wrong ASN is configured, but there is more detail here. “2 bytes 0064” : the 0064 is the received ASN in HEX, ie 0x0064 in HEX = 100 decimal.

The local router is expecting Neighbor 196.7.8.9 to come from a specific ASN, not ASN 100. Have a look at the “neighbor {IP} remote-as” command to confirm it is set correctly. If confederations are used, make sure your confederation-id is correct between the two EBGP peers.