ExtremeCloud IQ- Site Engine & Extreme Management Center

  • 1.  Resolve Extreme Analytics Duplicate Flows

    Posted 01-24-2018 11:21

    Hi,

    Looking how best to resolve duplicate flows, either showing up as an alarm or via the method in this GTAC post:

    https://extremeportal.force.com/ExtrArticleDetail?an=000078661

    In my particular scenario I have a pair of X670's cores MLAG'ed together that have ports mirrored to a flow collector for all ports to edge stacks, servers, firewalls etc. The mirroring is not enabled for example on the core interconnects so as to reduce duplicate flows.

    The flow collecter has a configuration in part, like the below:

    set port lacp port tg.1.1 enable
    set port lacp port tg.1.2 enable
    set lacp aadminkey lag.0.1 10
    set port lacp port tg.1.1 aadminkey 10
    set port lacp port tg.1.2 aadminkey 10
    set lacp singleportlag enable
    set spantree portadmin tg.1.1 disable
    set spantree portadmin tg.1.2 disable
    set spantree portadmin tg.1.3 disable
    set spantree portadmin tg.1.4 disable
    set port jumbo enable *.*.*
    set netflow export-interval 1
    set netflow export-destination 172.16.254.65 2055
    set netflow export-version 9
    set netflow port tg.1.3-4 enable rx
    set netflow template refresh-rate 30 timeout 1
    set netflow cache enable
    set vlan name 1255 Core-MGMT
    set port vlan lag.0.1 1255 modify-egress
    set vlan egress 1255 lag.0.1 untagged
    conf t
    interface vlan.0.1255
    ip address 10.0.255.241 255.255.255.0 primary
    no shutdown
    exit
    ip route 0.0.0.0/0 10.0.255.254 1
    interface loop.0.1
    ip address 10.0.254.241 255.255.255.255 primary
    ip forwarding
    no shutdown
    exit
    !
    interface tun.0.1
    tunnel destination 172.16.254.65
    tunnel mode gre l2 tbp.0.10
    tunnel source 10.0.254.241
    tunnel mirror enable
    no shutdown
    exit
    !
    set mirror create 1
    set mirror 1 mirrorN 15
    set mirror ports tbp.0.10 1
    set ip interface vlan.0.1255 default
    set policy profile 1 name Application pvid-status enable pvid 0 mirror-destination 1
    set policy rule admin-profile port tg.1.3 mask 16 port-string tg.1.3 admin-pid 1
    set policy rule admin-profile port tg.1.4 mask 16 port-string tg.1.4 admin-pid 1
    set policy rule 1 ipproto 47 mask 8 drop prohibit-mirror[/code]
    So netflow is only configured for rx. Policy is used to mirror the N+15 and drop and GRE traffic so as not to mirror the mirror for GRE traffic going across the network.

    When you issue the search term for flowsource=multiple you get something like the following:

    RackMultipart20180124-14301-18j28qj-Multiple_FlowSources_inline.png

     

     

    RackMultipart20180124-112507-1u2o0x5-Multiple_FlowSources_03_inline.png

     


    Those IP address shown are both the MLAG'ed cores.

    So my question is, is there anything I can do about stopping the duplicates in this example?

    Many thanks in advance.

     

     

     

     



  • 2.  RE: Resolve Extreme Analytics Duplicate Flows

    Posted 01-25-2018 12:27
    Hi Martin,

    I am not sure how we can get around this. I assume we are doing both 670s because some traffic will remain local to one and some traffic will traverse both?

    Thanks
    Jeff



  • 3.  RE: Resolve Extreme Analytics Duplicate Flows

    Posted 01-25-2018 12:47
    Hi Jeff,

    Thanks for answering.

    My reasoning is that the 670s are MLAG'ed together, so traffic could essentially land on either one of them should a server or a stack be LAG'ed to them - so I need to include both.

    My theory is that should traffic landing on either one of the core ports should only be captured once because its doing it on receive traffic only, and the interlink between the core isn't included. Take an example of traffic being passed from one core to the other, say because that other core only has the firewall connected, there would still be no duplication because the interlink between the two isn't mirrored and only traffic is being collected on receive.

    Think I'm struggling to workout where and how duplication is taking place from the information provided in oneview.... maybe there is a better way of doing it?

    Many thanks.



  • 4.  RE: Resolve Extreme Analytics Duplicate Flows

    Posted 01-25-2018 13:28
    Hi Martin,

    No worries and I see what you are saying. Lets think on this a bit more.


  • 5.  RE: Resolve Extreme Analytics Duplicate Flows

    Posted 01-25-2018 13:30
    Curious, are you looking at unidirectional or bidirectional flows in the flow grid?



  • 6.  RE: Resolve Extreme Analytics Duplicate Flows

    Posted 01-25-2018 14:19
    Ah, I had it set to bidirectional... should have been unidirectional right?

    Just tried it on unidirectional and now get entries showing as "Multiple (1) Null" and the remaining entries just showing a number - as per below:

    Does that therefor mean there are no duplicates, and an error on my behalf?



    Thanks


  • 7.  RE: Resolve Extreme Analytics Duplicate Flows

    Posted 01-26-2018 14:38
    Hi Martin,

    It appears to me in your configuration: correct no duplicates. Just combining them into one flow record but from two switches creates the multiple.

    FYI I grabbed your ticket from the que, just haven't had a chance to review it yet.

    Thanks
    Jeff


  • 8.  RE: Resolve Extreme Analytics Duplicate Flows

    Posted 10-22-2018 14:53
    Any update on the issue ?