cancel
Showing results for 
Search instead for 
Did you mean: 

Resolve Extreme Analytics Duplicate Flows

Resolve Extreme Analytics Duplicate Flows

Anonymous
Not applicable

Hi,

Looking how best to resolve duplicate flows, either showing up as an alarm or via the method in this GTAC post:

https://extremeportal.force.com/ExtrArticleDetail?an=000078661

In my particular scenario I have a pair of X670's cores MLAG'ed together that have ports mirrored to a flow collector for all ports to edge stacks, servers, firewalls etc. The mirroring is not enabled for example on the core interconnects so as to reduce duplicate flows.

The flow collecter has a configuration in part, like the below:

set port lacp port tg.1.1 enable
set port lacp port tg.1.2 enable
set lacp aadminkey lag.0.1 10
set port lacp port tg.1.1 aadminkey 10
set port lacp port tg.1.2 aadminkey 10
set lacp singleportlag enable
set spantree portadmin tg.1.1 disable
set spantree portadmin tg.1.2 disable
set spantree portadmin tg.1.3 disable
set spantree portadmin tg.1.4 disable
set port jumbo enable *.*.*
set netflow export-interval 1
set netflow export-destination 172.16.254.65 2055
set netflow export-version 9
set netflow port tg.1.3-4 enable rx
set netflow template refresh-rate 30 timeout 1
set netflow cache enable
set vlan name 1255 Core-MGMT
set port vlan lag.0.1 1255 modify-egress
set vlan egress 1255 lag.0.1 untagged
conf t
interface vlan.0.1255
ip address 10.0.255.241 255.255.255.0 primary
no shutdown
exit
ip route 0.0.0.0/0 10.0.255.254 1
interface loop.0.1
ip address 10.0.254.241 255.255.255.255 primary
ip forwarding
no shutdown
exit
!
interface tun.0.1
tunnel destination 172.16.254.65
tunnel mode gre l2 tbp.0.10
tunnel source 10.0.254.241
tunnel mirror enable
no shutdown
exit
!
set mirror create 1
set mirror 1 mirrorN 15
set mirror ports tbp.0.10 1
set ip interface vlan.0.1255 default
set policy profile 1 name Application pvid-status enable pvid 0 mirror-destination 1
set policy rule admin-profile port tg.1.3 mask 16 port-string tg.1.3 admin-pid 1
set policy rule admin-profile port tg.1.4 mask 16 port-string tg.1.4 admin-pid 1
set policy rule 1 ipproto 47 mask 8 drop prohibit-mirror
So netflow is only configured for rx. Policy is used to mirror the N+15 and drop and GRE traffic so as not to mirror the mirror for GRE traffic going across the network.

When you issue the search term for flowsource=multiple you get something like the following:

85c9465f367745c28ee9e1ba622c94d8_RackMultipart20180124-14301-18j28qj-Multiple_FlowSources_inline.png

 

 

85c9465f367745c28ee9e1ba622c94d8_RackMultipart20180124-112507-1u2o0x5-Multiple_FlowSources_03_inline.png

 


Those IP address shown are both the MLAG'ed cores.

So my question is, is there anything I can do about stopping the duplicates in this example?

Many thanks in advance.

 

 

 

 

7 REPLIES 7

Ronald_Dvorak
Honored Contributor
Any update on the issue ?

Dudley__Jeff
Extreme Employee
Hi Martin,

It appears to me in your configuration: correct no duplicates. Just combining them into one flow record but from two switches creates the multiple.

FYI I grabbed your ticket from the que, just haven't had a chance to review it yet.

Thanks
Jeff

Anonymous
Not applicable
Ah, I had it set to bidirectional... should have been unidirectional right?

Just tried it on unidirectional and now get entries showing as "Multiple (1) Null" and the remaining entries just showing a number - as per below:

Does that therefor mean there are no duplicates, and an error on my behalf?

a39178f4d4524e45a553117c59042ee8_RackMultipart20180125-103072-nhu517-Multiple_FlowSources_05_inline.png



Thanks

Dudley__Jeff
Extreme Employee
Curious, are you looking at unidirectional or bidirectional flows in the flow grid?

GTM-P2G8KFN