Hi,
Looking how best to resolve duplicate flows, either showing up as an alarm or via the method in this GTAC post:
https://extremeportal.force.com/ExtrArticleDetail?an=000078661
In my particular scenario I have a pair of X670's cores MLAG'ed together that have ports mirrored to a flow collector for all ports to edge stacks, servers, firewalls etc. The mirroring is not enabled for example on the core interconnects so as to reduce duplicate flows.
The flow collecter has a configuration in part, like the below:
set port lacp port tg.1.1 enable
set port lacp port tg.1.2 enable
set lacp aadminkey lag.0.1 10
set port lacp port tg.1.1 aadminkey 10
set port lacp port tg.1.2 aadminkey 10
set lacp singleportlag enable
set spantree portadmin tg.1.1 disable
set spantree portadmin tg.1.2 disable
set spantree portadmin tg.1.3 disable
set spantree portadmin tg.1.4 disable
set port jumbo enable *.*.*
set netflow export-interval 1
set netflow export-destination 172.16.254.65 2055
set netflow export-version 9
set netflow port tg.1.3-4 enable rx
set netflow template refresh-rate 30 timeout 1
set netflow cache enable
set vlan name 1255 Core-MGMT
set port vlan lag.0.1 1255 modify-egress
set vlan egress 1255 lag.0.1 untagged
conf t
interface vlan.0.1255
ip address 10.0.255.241 255.255.255.0 primary
no shutdown
exit
ip route 0.0.0.0/0 10.0.255.254 1
interface loop.0.1
ip address 10.0.254.241 255.255.255.255 primary
ip forwarding
no shutdown
exit
!
interface tun.0.1
tunnel destination 172.16.254.65
tunnel mode gre l2 tbp.0.10
tunnel source 10.0.254.241
tunnel mirror enable
no shutdown
exit
!
set mirror create 1
set mirror 1 mirrorN 15
set mirror ports tbp.0.10 1
set ip interface vlan.0.1255 default
set policy profile 1 name Application pvid-status enable pvid 0 mirror-destination 1
set policy rule admin-profile port tg.1.3 mask 16 port-string tg.1.3 admin-pid 1
set policy rule admin-profile port tg.1.4 mask 16 port-string tg.1.4 admin-pid 1
set policy rule 1 ipproto 47 mask 8 drop prohibit-mirror
So netflow is only configured for rx. Policy is used to mirror the N+15 and drop and GRE traffic so as not to mirror the mirror for GRE traffic going across the network.
When you issue the search term for flowsource=multiple you get something like the following:
Those IP address shown are both the MLAG'ed cores.
So my question is, is there anything I can do about stopping the duplicates in this example?
Many thanks in advance.
Ah, I had it set to bidirectional... should have been unidirectional right?
Just tried it on unidirectional and now get entries showing as "Multiple (1) Null" and the remaining entries just showing a number - as per below:
Does that therefor mean there are no duplicates, and an error on my behalf?
Thanks
Just tried it on unidirectional and now get entries showing as "Multiple (1) Null" and the remaining entries just showing a number - as per below:
Does that therefor mean there are no duplicates, and an error on my behalf?
Thanks
