Discussion:
[c-nsp] MPLS Netflow capabilities
c***@SecureObscure.com
2011-05-10 17:32:44 UTC
Permalink
Good afternoon,



I have an upcoming requirement to collect netflow data (source & destination
IPv4 and IPv6 statistics) at an aggregation point in the topology.

Unfortunately this aggregator is an ASR9010 PCore with no VRFs, BGP, or
knowledge of customer routing.



Can the ASR9k acting as a pure MPLS P router collect the IP header netflow
information for export from MPLS encapsulated traffic ingressing or
egressing a given interface? Or is this feature only supported in a PE role?



Please let me know if you have any thoughts or experience regarding this
kind of setup.



Thank you for your time,



John



_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Justin M. Streiner
2011-05-10 17:44:35 UTC
Permalink
Post by c***@SecureObscure.com
Can the ASR9k acting as a pure MPLS P router collect the IP header netflow
information for export from MPLS encapsulated traffic ingressing or
egressing a given interface? Or is this feature only supported in a PE role?
I don't have any direct experience with the ASR9K yet, but my guess would
be that whatever Netflow data export is done does not involve unwrapping
the MPLS packets to look at the header data of the encapsulated IP packet.
I could be wrong though...

jms
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Joe Loiacono
2011-05-10 20:14:56 UTC
Permalink
Post by Justin M. Streiner
Post by c***@SecureObscure.com
Can the ASR9k acting as a pure MPLS P router collect the IP header netflow
information for export from MPLS encapsulated traffic ingressing or
egressing a given interface? Or is this feature only supported in a PE role?
I don't have any direct experience with the ASR9K yet, but my guess would
be that whatever Netflow data export is done does not involve unwrapping
the MPLS packets to look at the header data of the encapsulated IP packet.
I could be wrong though...
For a little more info (though confusing to know what is the latest):

See:
http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9_ps6601_Products_White_Paper.html


Table 6. NetFlow Version 9 Field Type Definitions (those related to MPLS)

Field Type Value Length Description

MPLS_TOP_LABEL_TYPE 46 1 MPLS Top Label Type: 0x00 UNKNOWN
0x01 TE-MIDPT 0x02 ATOM 0x03 VPN 0x04 BGP 0x05 LDP
MPLS_TOP_LABEL_IP_ADDR 47 4 Forwarding Equivalent Class
corresponding to the MPLS Top Label
MPLS_LABEL_1 70 3 MPLS label at position 1 in the
stack. This comprises 20 bits of MPLS label, 3 EXP (experimental) bits and
1 S (end-of-stack) bit.
...
MPLS_LABEL_1 79 3 MPLS label at position 10 in the
stack. This comprises 20 bits of MPLS label, 3 EXP (experimental) bits and
1 S (end-of-stack) bit.

Joe
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Dobbins, Roland
2011-05-11 02:15:56 UTC
Permalink
I don't have any direct experience with the ASR9K yet, but my guess would be that whatever Netflow data export is done does not involve unwrapping
the MPLS packets to look at the header data of the encapsulated IP packet.
Concur 100%.

NetFlow is primarily an edge technology, anyways. So, in an MPLS network, flow telemetry should be exported from the CE or the PE routers.

-----------------------------------------------------------------------
Roland Dobbins <***@arbor.net> // <http://www.arbornetworks.com>

The basis of optimism is sheer terror.

-- Oscar Wilde


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
chip
2011-05-11 02:57:08 UTC
Permalink
Post by c***@SecureObscure.com
I have an upcoming requirement to collect netflow data (source & destination
IPv4 and IPv6 statistics) at an aggregation point in the topology.
Unfortunately this aggregator is an ASR9010 PCore with no VRFs, BGP, or
knowledge of customer routing.
Can the ASR9k acting as a pure MPLS P router collect the IP header netflow
information for export from MPLS encapsulated traffic ingressing or
egressing a given interface? Or is this feature only supported in a PE role?
Please let me know if you have any thoughts or experience regarding this
kind of setup.
Thank you for your time,
John
As others, I have no direct experience with this, but this document
seems to indicate the ASR9k devices can unwrap MPLS and pull IPv6 and
IPv4 data out:

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.0/netflow/configuration/guide/nfc40flow.html#wp1068254

Specifically:

--------------------------------------
In Cisco IOS XR Software Release , at a time, you can have only one
MPLS flow monitor running on an interface. If you apply an additional
MPLS flow monitor to the interface, the new flow monitor overwrites
the existing one.

At a time, you can apply only one flow monitor on an interface per
direction. You can apply either the same flow monitor to an interface
in both directions, or each direction can have its own flow monitor.

You can configure the MPLS flow monitor to collect IPv4 fields, IPv6
fields, or IPv4-IPv6 fields. IPv4-IPv6 configuration collects both
IPv4 and IPv6 addresses using one MPLS flow monitor. IPv4
configuration collects only IPv4 addresses. IPv6 configuration
collects only IPv6 addresses.

The MPLS flow monitor supports up to 1,000,000 cache entries. NetFlow
entries include the following types of fields:

•IPv4 fields
•IPv6 fields
•MPLS with IPv4 fields
•MPLS with IPv6 fields
--------------------------------------


--chip
--
Just my $.02, your mileage may vary,  batteries not included, etc....

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Dobbins, Roland
2011-05-11 03:30:09 UTC
Permalink
As others, I have no direct experience with this, but this document seems to indicate the ASR9k devices can unwrap MPLS and pull IPv6 and
I will see about testing this. I think the documentation may be unclear/misleading, but it will be interesting to find out, either way.

-----------------------------------------------------------------------
Roland Dobbins <***@arbor.net> // <http://www.arbornetworks.com>

The basis of optimism is sheer terror.

-- Oscar Wilde


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
c***@SecureObscure.com
2011-05-11 03:46:12 UTC
Permalink
Thanks you all very much for helping me improve my understanding. I also
found documentation leading me to believe that the decapsulation for
statistical sampling via mpls aware netflow was possible and the basis
behind my question. I don't know anyone doing it, I don't know what netflow
software from vendors support this output, and I don't have a 9k sitting in
the lab to test it out.

I really appreciate your time and hope to learn more soon.

-----Original Message-----
From: cisco-nsp-***@puck.nether.net
[mailto:cisco-nsp-***@puck.nether.net] On Behalf Of Dobbins, Roland
Sent: Tuesday, May 10, 2011 10:30 PM
To: cisco-nsp
Subject: Re: [c-nsp] MPLS Netflow capabilities
As others, I have no direct experience with this, but this document seems
to indicate the ASR9k devices can unwrap MPLS and pull IPv6 and
I will see about testing this. I think the documentation may be
unclear/misleading, but it will be interesting to find out, either way.

-----------------------------------------------------------------------
Roland Dobbins <***@arbor.net> // <http://www.arbornetworks.com>

The basis of optimism is sheer terror.

-- Oscar Wilde


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Dobbins, Roland
2011-05-11 04:07:37 UTC
Permalink
Post by c***@SecureObscure.com
I really appreciate your time and hope to learn more soon.
I hope to arrange some testing in the not-so-distant future to determine if the decapsulated fields are in fact reported. If that's the case, it's a major step forward in flow telemetry capabilities, and one which I hope is implemented on other platforms as hardware capabilities allow.

-----------------------------------------------------------------------
Roland Dobbins <***@arbor.net> // <http://www.arbornetworks.com>

The basis of optimism is sheer terror.

-- Oscar Wilde


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Loading...