11-12-2008 08:31 PM - edited 03-06-2019 02:27 AM
Hi,
Would like to confirm for netflow, the IOS lookup tool says that 'ip route-cache flow' has been replaced with 'ip flow ingress'.
When I checked the 'ip flow ingress' command, it says that it sends accounting information for input traffic
reaching the interface. If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?
Pls advice,
Cheers,
- InternetB -
Solved! Go to Solution.
11-12-2008 08:56 PM
If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?
Correct.
__
Edison.
11-12-2008 08:56 PM
If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?
Correct.
__
Edison.
11-13-2008 01:09 AM
Hello,
I'm not sure with previos answer. If you want to monitor all traffic that is going throught the device, type in "ip flow ingesss" on all interfaces. If you enter ingress and egress on all interfaces you will see traffic twice, because one flow will be created when packet enter the device and another one on the exit.
If you was "ip route-cache flow" on all interfaces, simply replace it with "ip flow ingress" and result will be the same.
Jan Nejman
Caligare, Co.
BTW: "ip flow egress" is very useful in special situations (i.e. device with IPSEC tunnel - on "non-encrypted" interface is the right solution use both (ingress and egress) commands and on IPSEC interface there is not flow monitoring configured).
11-13-2008 06:51 AM
If you enter ingress and egress on all interfaces you will see traffic twice, because one flow will be created when packet enter the device and another one on the exit.
Correct, assuming there is only one entry/exit point. In many circumstances, a packet may enter an interface but not necessarily leave that interface.
In addition, the packet entering the network will have different characteristics from the packet exiting the network (packet size, Layer3-7, among others). You may want to capture those as well.
HTH,
__
Edison.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: