Netflow - ip route-cache flow or ip flow egress/igress?

Answered Question

Hi all!

What is difference between this two types of netflow configuration? In what case I shuld use egress, igress of just route-cache flow?

I have this problem too.
0 votes
Correct Answer by mohammedmahmoud about 8 years 8 months ago

Hi Alexander,

As i've stated above, the "ip route-cache flow" command is not supported under subinterfaces, moreover there is nothing called a GRE subinterface, the cache flow will be collected normally as stated above, i don't believe that GRE has any constrains with NetFlow.

I hope that i've been informative.

BR,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
mohammedmahmoud Fri, 03/21/2008 - 04:36

Hi,

The "ip route-cache flow" can be used only under the main interface, while the "ip flow ingress" was an enhancement to be used under subinterfaces (can also be used under main interface), another thing is that "ip route-cache flow" enables NetFlow accounting for packets that are received by the interface (ingress), to do it for egress traffic then "ip flow export" must be used (either under the interface or the subinterface).

The NetFlow Subinterface Support feature provides the ability to enable NetFlow on a per-subinterface basis. In a scenario in which your network contains thousands of subinterfaces and you want to collect export records from only a few subinterfaces, you can fine-tune your collection of data to only specified subinterfaces. The result is lower bandwidth requirements for NetFlow Data Export (NDE) and reduced platform requirements for NetFlow data-collection devices.

Using the NetFlow Subinterface Support feature, you can enable NetFlow on selected subinterfaces using the ip flow ingress command. If you configure the ip flow ingress command on a few selected subinterfaces and then configure the ip route-cache flow command on the main interface, enabling the main interface will overwrite the ip flow ingress command and data collection will start from the main interface as well as all the subinterfaces. In a scenario in which you configure the ip flow ingress command and then configure the ip route-cache flow command on the main interface, you can restore subinterface data collection by using the no ip route-cache flow command. This configuration will disable data collection from the main interface and restore data collection to the subinterfaces you originally configured with the ip flow ingress command.

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_nfsub.html

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/nflowegr.html

More over "ip flow-export destination " - Configures the router to export NetFlow cache entries to a network management applications.

BR,

Mohammed Mahmoud.

Great Thanks to you for this post!

Once questions: what about tunnel-inerface (GRE) - is it a subinterface? How are netflow will be collected in this case:

inter tunn0

ip add 10.0.0.1 255.255.255.0

tunn source fast0/0

tunn dest 192.168.0.1

ip route-cache flow

inter fast 0/0

ip add 20.0.0.1 255.255.255.0

ip route-cache flow

?

Correct Answer
mohammedmahmoud Fri, 03/21/2008 - 05:14

Hi Alexander,

As i've stated above, the "ip route-cache flow" command is not supported under subinterfaces, moreover there is nothing called a GRE subinterface, the cache flow will be collected normally as stated above, i don't believe that GRE has any constrains with NetFlow.

I hope that i've been informative.

BR,

Mohammed Mahmoud.

Actions

This Discussion