Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Verifying Active Flow Monitoring Version 9

 
Note

The verification steps shown for active flow monitoring are linked to multiple configuration examples and do not exactly match the configuration of any single example.

Verify the operation of active flow monitoring by doing the following:

Verifying That Active Flow Monitoring Is Working

Purpose

Verify that active flow monitoring is working.

Action

To verify that active flow monitoring is working, use the show services accounting flow command.

Meaning

The output shows that active flows exist and that flow packets are being exported. This indicates that flow monitoring is working. If flow monitoring is not working, verify that the services PIC is present in the chassis and is operational.

Verifying That the Services PIC Is Operational for Active Flow Monitoring

Purpose

Verify that the services PIC configured for active flow monitoring is present in the chassis and is operational.

Action

To verify that the services PIC is operational, use the show chassis hardware command.

Meaning

The output shows that PIC 0 under FPC 4 is a Multiservices PIC that has completed booting and is operational. If the PIC is operational but flow monitoring is not working, verify that sampling is enabled on the media interface on which traffic flow is expected and that the sampling filter direction is correct.

Verifying That Sampling Is Enabled and the Filter Direction Is Correct for Active Flow Monitoring

Purpose

Verify that sampling is enabled on the media interface on which traffic flow is expected and that the sampling filter direction is correct.

Action

To verify that sampling is enabled on the media interface on which traffic flow is expected and that the sampling filter direction is correct, use the show interfaces interface-name extensive | grep filters command.

Meaning

The command output shows that the sample filter is applied to the media interface on which traffic flow is expected (fe-3/3/2) and that the sampling filter direction is Input. If the PIC is operational and the filters are correct but flow monitoring is not working, verify that the sampling instance is applied to the FPC where the media interface resides.

Tip

If a firewall filter is used to enable sampling, add a counter as an action in the firewall filter. Then, verify if the counter is incrementing. If the counter is incrementing, it confirms that the traffic is present and that the filter direction is correct.

Verifying That the Sampling Instance Is Applied to the Correct FPC for Active Flow Monitoring

Purpose

Verify that the sampling instance is applied to the FPC where the media interface resides.

Action

To verify that the sampling instance Is applied to the correct FPC, use the show configuration chassis command.

Meaning

The output shows that the sampling instance is applied to the correct FPC. If the PIC is operational, the filters are correct, and the sampling instance is applied to the correct FPC but flow monitoring is not working, verify that the route record set of data is being created.

Verifying That the Route Record Is Being Created for Active Flow Monitoring

Purpose

Verify that the route record set of data is being created.

Action

To verify that the route record set of data is being created, use the show services accounting status command.

Meaning

The output shows that the Route record set field is set to Yes. This confirms that the route record set is created.

Tip

If the route record set field is set to no, the record might not have been downloaded yet. Wait for 60-100 seconds and check again. If the route record is still not created, verify that the sampling process is running, that the connection between the PIC and the process is operational, and that the PIC memory is not overloaded.

Verifying That the Sampling Process Is Running for Active Flow Monitoring

Purpose

Verify that the sampling process is running.

Action

To verify that the sampling process is running, use the show system processes extensive | grep sampled command.

Meaning

The output shows that sampled is listed as a running system process. In addition to verifying that the process is running, verify that the TCP connection between the sampled process and the services PIC is operational.

Verifying That the TCP Connection Is Operational for Active Flow Monitoring

Purpose

Verify that the TCP connection between the sampled process and the services PIC is operational.

Action

To verify that the TCP connection is operational, use the show system connections inet | grep 6153 command.

Meaning

The output shows that the TCP connection between the sampled process socket (6153) and the services PIC (128.0.0.1) is ESTABLISHED. In addition to verifying that the TCP connection between the sampled process and the services PIC is operational, verify that the services PIC memory is not overloaded.

Tip

If the TCP connection between the sampled process and the services PIC is not established, restart the sampled process by using the restart sampling command.

Verifying That the Services PIC Memory Is Not Overloaded for Active Flow Monitoring

Purpose

Verify that the services PIC memory is not overloaded.

Action

To verify that the services PIC memory is not overloaded, use the show services accounting errors command.

Meaning

The output shows that the memory overload field is set to No, indicating that the PIC memory is not overloaded. As a final check that active flow monitoring is working, verify that the flow collector is reachable.

Verifying That the Active Flow Monitoring Flow Collector Is Reachable

Purpose

Verify that flow collector is reachable by using the ping command.

Action

From the router, issue the ping command to the flow collector.

Meaning

The output shows 0% packet loss indicating that the flow collector can be reached.

Tip

Verify that the flow collector is reachable through the media interface and is not being reached through the fxp0 Ethernet management interface.