Cisco Switching/Routing :: 7606 / Netflow TCAM Threshold Exceeded
Nov 6, 2011
following errors.
Nov 7 21:34:50: %EARL_NETFLOW-SP-STDBY-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [99%]
Nov 7 21:44:44: %EARL_NETFLOW-SP-4-TCAM_THRLD: Netflow TCAM threshold exceeded, TCAM Utilization [91%]
I've already found this kinds of cases, in this community. So, It seems that Changing the current configuration to 'mls aging fast threshold ## time ## ' is most suitable in our situation.But, I don't know how to calculate the apt threshold value and time value.
[1] sh run | in mls
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
[code]....
View 1 Replies
ADVERTISEMENT
Nov 30, 2011
I am seeing the following log messages appear on our border edge 7600 router (SUP720-3BXL) The messages seem to appear when tag switching has been enabled on the interface, so somehow related I presume. The MPLS forwarding table is very small however. [code]
I can't see anything that is using up the ACL_TCAM HI BANK using "show tcam global acl" There aren't any ACL's applied to any of the interfaces, or policy-maps. The only ACL's in use are for SNMP, ntp, and VTY. These are very small any way. Interface Gi1/22, and 1/1 have tag switching enabled. [code]
The router has a full BGP routing table learned via an upstream (EBGP) peer neighbor, and an IBGP peer. The CPU utilisation seems fine, as is memory usage. CEF seems to be running okay. It's currently running [code] Are prefix lists part of TCAM? Is the router over-resourced holding a full bgp routing table?
View 1 Replies
View Related
Mar 13, 2012
Any major difrrence between Netflow v/s Netflow-Lite?
I am trying to understand if Cisco 4948E can do the same job as Cisco 4500E or not and difference between Netflow v/s Netflow-Lite will work for me to select correct product.
View 2 Replies
View Related
Nov 29, 2012
I've got an issue with SNMP and netflow tools. They are displaying different data for the same (sub)interfaces.I've got metroethernet link which connects root A (Cisco 7606, 12.2(18)SXF8) and root B (Cisco 2811, 12.3(11)TS). MPLS is configured on the link (behind root B there is no more MPLS). I'm attaching root configurations (I've ommited parts of config).Interfaces are:
Root A - gi2/6.2144
Root B - fa0/1
I've configured SNMP and netflow on both devices. I'm using two SNMP tools (CA Spectrum and eHealth) and two netflow tools (CA NetQoS Reporter Analyzer and Fluke Networks NetFlow Tracker) to collect the data. SNMP tools show the same info for defined (sub)interface.Netflow tools also show the same info for defined (sub)interface. I'm attaching reports from one SNMP tool and one netflow tool for the same time period.
1. Looking at SNMP tool, it can be seen quite amount of that data in both in and out direction.
2. Looking at netflow tool, it can be seen quite amount of that data in out direction, while in direction shows small amount of data.
I'm aware that Cisco has difficulties with SNMP counters on subinterfaces. I'm also aware that MPLS netflow has its own difficulties.Root B netflow configuration is quite simple as it has just 2 interfaces to configure netflow on (Fa0/0 and Fa0/1). So I would guess SNMP and netflow data should match, but they don't. When you look at SNMP tool reports for roots A and B, it can be seen that traffic volume is practically mirrored.
View 3 Replies
View Related
Apr 16, 2013
I'd like to know what is "masks" in the output of show platform tcam utilization. What does 784 mean? What effect has the number of mask in the amount of supported unicast direct routes?
I'm having trouble comparing the capacity of theese two switches, regarding unicast directly-connected routes. I know the second switch has cpu utilization issues and ip unicast failed routes over 4096 arp entries. What would be the case for the first one?
Switch 1:
CAM Utilization for ASIC# 0 Max Used
Masks/Values Masks/values
Unicast mac addresses: 784/6272 12/26
IPv4 IGMP groups + multicast routes: 144/1152 6/26
[Code]...
View 1 Replies
View Related
Feb 24, 2012
I've created a BVI2 where I bridged dot11 0.2 and vlan2 in order to have wired and wireless clients in the same vlan.Some wired client are not reachable from the lan. Wireless clients have no pbl in reaching each other.Monitoring a MAC address that is supposed to be behind the FA2 I have noticed that it moves to vlan2 when in fact it should be behind the FA2.Of course when "show mac-address-table" says it is behind Fa2 the ping to that MAC address works whereas when the TCAM reports it is behind vlan2 it doesn't. Once the MAC address is behind the vlan2 if I clear the mac-address-table and that mac-address is still put behinf Fa2 then the pings works again, sometime I have to perform twice the clear command before the MAC address goes back to the right location.I'd like to understand why the router moves that MAC address from Fa2 to vlan2 and that's the reason for my question in the subject.I don't have any problems for port Fa0 and Fa1."Show int fa2" doesn't show any problem/errors or the likes.BTW even if I force that MAC address to be statically behind FA2 the ping works fine but then stops and if I do "show mac-add" the static entry for it is still there... so looks like there us something that overrides that static entry. If clear everything and I have the mac-address be behind Fa2 then everything starts to work again. I used Fa3 instead of Fa2 and I get the same results.
IOS: c870-advipservicesk9-mz.151-3.T1.bin
View 5 Replies
View Related
Nov 30, 2011
I had a lot of problems with TCAM table in the past and made changes in SDM ended whit that. But now want to be proactive and anticipate the problems in my TCAM table.
If the my template is "default desktop" they support a number of indirect IPv4 routes of 2k. I wanna know automatically by my management tools if this number reaches 1.9k.
That way I can take corrective actions before the problems starts on my network.
View 5 Replies
View Related
Nov 11, 2012
we have a WS-X6K-SUP2-2GE running CATOS software, we are facing a TCAM exhaustion.I would like to know the following:
1. during an exhaustion, based on what ACLs will be kept in hardware or moved to software? the name or number gives any precedence to an ACL over another ACL?
2. If the TCAM's utilisation was on the limit and we increased ACEs to a specific ACL, all the ACL will be moved to software or only the new entries?
View 1 Replies
View Related
Sep 12, 2012
We have a 3750 stack with a mix of 3750G and 3750X switches. The current active template on the switch is desktop default and we are running EIGRP on the switch with large routing table so we get the TCAM error that a specific prefix cannot be programmed in TCAM memory so it will be software forwarded.%PLATFORM_UCAST-4-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded
This error is quite frequent on a daily basis. My question is that will this error create a high CPU situation and affect traffic processing on the stack causing ESX Hosts to become unresponsive?
View 1 Replies
View Related
Sep 26, 2012
Any command similar to sup720 "show tcam counters" It doesn't work on Sup2t.....
View 2 Replies
View Related
Mar 8, 2012
I am working on a QoS design which I hope to test at some point, but at this stage its from the books.My question is how to decide which queue and threshold to use for video traffic, then lower priority traffic.I understand the shaping and sharing commands, its the queuing and threshold bit I'm not clear on.The plan is to use the priority-queue for EF marked voice, this will be policed on ingress to provide an upper limit to EF traffic levels, then my second priority traffic will be video. Which queue will get serviced first once the priority queue is empty, and how do I decide which threshold to allocate my video traffic to? The document ion is not at all clear, I want to prioritse my traffic in the following order:
1 voice, use the priority queue
2 video, this to get serviced ahead of data, after voice.
3 interactive data
4 Bulk data
5 Best effort
So Q1 settings are ignored due to priority queue. Q2 gets 70%, Q3 25% etc.Is it as simple as putting video into Q2 T1, then interactive data into Q2 T2, will Q2T1 get a higher priority over Q2 T2 once the PQ is serviced?
View 4 Replies
View Related
May 29, 2013
I have a stack of 3750x switches running 15.0 (2) SE2 IOS. When I reload the switch stack, I am seeing the following message in the logs: IPv6 user port trust TCAM write failed.
View 2 Replies
View Related
Feb 5, 2012
One of my clients is using Cisco catalyst 2955 industrial switch.I am doing the configuration for them and come across one setting of FCS Error Hysterasis Threshold. I know FCS is Frame Check Sequence.
I do not understand is what is the meaning the setting of Hysteresis in term of percentage stand for what purpose?For example, the default is 10 percent. If I set the value to be lower 5% and what is the impact on that? Is this more stringent than default of 10% or less stringent than default of 10%?
View 4 Replies
View Related
Jan 17, 2013
I have two Cisco 7606 routers using BGP to connect our customers to the internet. Recently we added a new 1G circuit in addition to an existing 1G circuit and all traffic inbound is now on this new 1G circuit. We would like to shift some of the inbound traffic over to the other 7606. Our Tier provider has the same AS number for both paths. One path goes directly to New York and the other goes to Boston then New York.
View 1 Replies
View Related
Jun 2, 2013
I have made an etherchannel between 6509 and 7606 with two giga interfaces on eatch one to have more bandwidth (2Go), but the Etherchannel does not exceed 1 GB (Below is a capture for Etherchannel taken from Solarwinds).the both 6506 and 7606 use ws sup 720 3bxl
View 8 Replies
View Related
May 15, 2012
I have a Cisco 7606 running 12.2. I want to limit the interface that is used by one of our customers to 30M.
View 3 Replies
View Related
Jan 28, 2013
its a hardware problem or just not get power to module 1 for module WS-X6748-GE-TX? this is the capture from show module and sh log :
------------------ show module ------------------
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX xxx
5 2 Route Switch Processor 720 (Active) RSP720-3CXL-GE xxx
Mod MAC addresses Hw Fw Sw Status
[code].....
View 4 Replies
View Related
Jun 3, 2012
Our router suddenly reloaded. Below are the crashinfo obtained:
1st crashinfo:
7606_Router#more sup-bootflash:crashinfo_20120604-02260500:00:05: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor
00:00:05: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.
00:00:05: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor
00:00:05: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugging output.
[code]....
We are running s72033-advipservicesk9_wan-mz.122-18.SXF9
View 14 Replies
View Related
Jan 15, 2012
I have my router 7606-S rebooted by itself. According to output of show version command it's rebooted by software bug.
================ Snipped from crashinfo file =================
Jan 14 05:33:50.822 GMT+7: %C7600_MEM_ECC-2-MBE: Multiple bit error detected at 0xC09F4D38
Jan 14 05:33:50.822 GMT+7: %C7600_MEM_ECC-3-SYNDROME_MBE: 8-bit Syndrome for the detected Multi-bit error: 0x0
05:33:50 GMT+7 Sat Jan 14 2012: Unexpected exception to CPU: vector 1500, PC = 0xB7922BC , LR = 0xB792250
==================== Show Version ======================
Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 10-Feb-11 19:27 by prod_rel_team
ROM: System Bootstrap, Version 12.2(33r)SRD5, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
[Code]...
View 3 Replies
View Related
Feb 28, 2012
I have a cisco 7606-S with dual RSP720-3CXL. Devices reloaded and now none of the RSPs are booting.When I have tried to take the console using only one RSP, card going to rommon mode after that it hangs. I guess its firmware is corrupted.
View 4 Replies
View Related
Nov 13, 2012
I have one Cisco 7606 and i need to install a WS-X6748-GE-TX with WS-F6700-DFC3CXL.When I install the WS-X6748-GE-TX the module is powered off with the following warning:
00:01:45: %C6KPWR-SP-4-UNSUPPORTED: unsupported module in slot 1, power not allowed: Unsupported baseboard/earl combination. [code]
View 1 Replies
View Related
Mar 25, 2012
I faced with problem while i was attemping to upgrade CISCO7606 (R7000) from 12.2(33)SRE1 to 12.2(33)SRE6.
rommon 2 > boot c7600s72033-advipservices-mz.122-33.SRE6.bin
Loading image, please wait ...
Invalid device specified
Booting from default device
Initializing ATA monitor library...
string is bootdisk:c7600s72033-advipservices-mz.122-33.SRE1.bin
[code].....
View 3 Replies
View Related
Aug 22, 2012
I am having difficulties with getting SPAN traffic over my WS-X6704-10GE (CFC).
CISCO7606
ios 12.2(33)SRE6, SUP720-3BXL
Trying to use the span feature, put the commands listed below in and they entered successfully, but the port is not being mirrored.
interface TenGigabitEthernet1/1
description PUBLIC
dampening
mtu 9216
ip address x.x.x.x x.x.x.x
[Code]....
View 1 Replies
View Related
Mar 18, 2013
I have a SR520 just deployed at a remote site with Internet Access.
Working Environment:
Remote sites have SR520 with IPSEC VPN back to HQ and netflow v.5 works through the VPN back to our PRTG server.
Non-Working:
I cannot get Netflow data to our PRTG with this first SR520 implemented with Zone Base Security. I am not able to get my netflow traffic out. VPN is up and running. Internet is a dialer0 interface. I have a Kron job that does the copy run to tftp backup daily to the same PRTG server and it works fine.
Both my source interface and address on the TFTP command and the netflow commands are the same interfaces (VLAN75) and IP. The Destination ip is the same too (through the VPN tunnel).
Snipped:
flow exporter prtg
destination x.x.x.x
source Vlan75
[Code]....
View 2 Replies
View Related
Feb 11, 2012
I am trying to figure out the Flexible Net-flow on Cat 4510R+E Switch running IOS-XE code. My Neflow flow software is manageengine 7.X. I am able to see the netflow interfaces but the traffic itself is not displayed. On the Switch I can see the netflow exporter statistics counter being incremented thereby confirming as being exported.
View 2 Replies
View Related
Mar 17, 2013
I have a 370 with C3KX-NM-10G module & i want to enable NetFlow on it did the specified configs
Step 1 Flexible NetFlow Flow Recordsflow record miketestmatch datalink source-vlan-idmatch datalink dot1q prioritymatch datalink mac source-addressmatch datalink mac destination-addressmatch ipv4 versionmatch ipv4 tosmatch ipv4 ttlmatch ipv4 protocolmatch ipv4 source addressmatch ipv4 destination addressmatch transport source-portmatch transport destination-portmatch interface input physical snmpcollect interface output snmpcollect counter flowscollect counter bytescollect counter packetscollect timestamp sys-uptime firstcollect timestamp sys-uptime last flow record miketestegressmatch datalink destination-vlan-id match datalink dot1q priority match datalink mac source-address match datalink mac destination-address match ipv4 version match ipv4 tos match ipv4 ttl match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface output physical snmp collect interface input snmp collect counter flows collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last Step 2 Flexible NetFlow Flow ExporterFlow exporter export-to-samplicatorDestination 10.1.1.8source Vlan1Transport udp 2055option interface-table timeout 60 Step 3 Flexible NetFlow Flow Monitors# Tie the Flow Monitor to the Flow Recordflow monitor mikektestrecord miketestexporter export-to-samplicatorcache timeout active 60flow monitor mikektestegressrecord miketestegressexporter export-to-samplicatorcache timeout active 60
& Applied it to g1/1/1 but without any luck , if netflow works on the
TenGigabitEthernet1/1/1 &
TenGigabitEthernet1/1/2
Only i have four switches stacked and nothing plugged to the
C3KX-NM-10G module
View 1 Replies
View Related
Jul 23, 2012
router 7200 (12.2(33)SRE1)
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
[code]...
View 2 Replies
View Related
May 8, 2013
I have 4506 with below sup, my requirement is to enable netfolw , but as i came to know that it is not supported in this sup, is there any additional option which can be explored to get the netflow working without replacing sup.
Card Type Model
-------------------------------------------------------------+-----------------------
Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E
View 4 Replies
View Related
Apr 9, 2012
Ive tried to configure NetFlow on layer 2 without success. I configured the recondmonitorexporter like the configuration guide said. but still i dont receive any netflow traffic. I checked the firewall on the VM and it looks fine.
i have done the command under the ethernet interface :" layer2-switch flow monitor TEST input" - for layer2 input.
View 4 Replies
View Related
Oct 23, 2011
Net flow on the Nexus 5596upI can't seem to find any information on the Nexus 5596 support of net flow. On Nexus 5596UP support of net flow ?
View 4 Replies
View Related
Nov 12, 2009
If a Supervisor 6-E will support NetFlow on a Catalyst 4507R-E?If not, what are my options for NetFlow on a 4507R-E?
View 7 Replies
View Related
Nov 3, 2011
To enable netflow export on ASR1001, do i need the firewall feaure license or not ?Docs are not really clear, NBAR requires FW license, but i am unsure about Netflow?
View 1 Replies
View Related
Feb 6, 2012
I am trying to use the following commands on the switch but it is not supported:
ip route-cache flow
ip flow-export destination
Attached is the output for show version and show module commands from the switch.
View 9 Replies
View Related
