Enabling IP-FIX slow config save

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
I enabled IP-fix on my x460 for only uplink port and now when I save it takes a long time and sometimes times out with ip-fix error 

config 
Enable ip-fix

configure ip-fix domain 1

configure ip-fix ip-address 192.168.200.253 protocol udp L4-port 2075 vr "VR-Default"

configure ip-fix source ip-address 192.168.200.17 vr "VR-Default"

enable ip-fix ports 53 all_traffic

configure ip-fix ports 53 ingress-and-egress

Photo of GCIT_Support

GCIT_Support

  • 510 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
The reason you have a slow save time is that the CPU is servicing the IPFIX and HAL process most likely.  If you type "top" at the CLI you can monitor the % CPU utilization and confirm.  Be sure you are using the latest code of 15.4 or later for IPFIX as there are some specific improvements that have been incorporated. The switch will function fine and pass traffic without issue as the IPFIX flow information is created with the ASIC, the CPU use is a function of how XOS handles the flows and checkpoints within the OS.  Let me know if you have any other questions.
Photo of GCIT_Support

GCIT_Support

  • 510 Points 500 badge 2x thumb
Thanks Bill, running 15.7.2.9. yeah when I look at top ipfix and hal account for about 65 %of cpu. Is it recommended to just watch uplink ports? Any negative effects to collecting flows from all ports to Netsight? You were right 6.3 of Netsight works a lot better for us.
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
I have found that their is a fixed amount of XOS overhead regardless of how many ports that you have enabled and once that is established adding and removing ports has really had an additional effects. Later testing I have done has shown a G2 as a master (whether a 670 or 460 if in a stack) would be the ultimate configuration. I have been told from engineering that there could possibly be a better way (less cpu intensive) to implement the feature and I am working to see if we can prioritize some efficiencies into the code. Will let you know if I am successful.....