cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
313
Views
0
Helpful
3
Replies

Re: Netflow ...

InternetB
Level 1
Level 1

Hi,

Would like to confirm for netflow, the IOS lookup tool says that 'ip route-cache flow' has been replaced with 'ip flow ingress'.

When I checked the 'ip flow ingress' command, it says that it sends accounting information for input traffic

reaching the interface. If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?

Pls advice,

Cheers,

- InternetB -

1 Accepted Solution

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?

Correct.

__

Edison.

View solution in original post

3 Replies 3

Edison Ortiz
Hall of Fame
Hall of Fame

If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?

Correct.

__

Edison.

Jan Nejman
Level 3
Level 3

Hello,

I'm not sure with previos answer. If you want to monitor all traffic that is going throught the device, type in "ip flow ingesss" on all interfaces. If you enter ingress and egress on all interfaces you will see traffic twice, because one flow will be created when packet enter the device and another one on the exit.

If you was "ip route-cache flow" on all interfaces, simply replace it with "ip flow ingress" and result will be the same.

Jan Nejman

Caligare, Co.

http://www.caligare.com

BTW: "ip flow egress" is very useful in special situations (i.e. device with IPSEC tunnel - on "non-encrypted" interface is the right solution use both (ingress and egress) commands and on IPSEC interface there is not flow monitoring configured).

If you enter ingress and egress on all interfaces you will see traffic twice, because one flow will be created when packet enter the device and another one on the exit.

Correct, assuming there is only one entry/exit point. In many circumstances, a packet may enter an interface but not necessarily leave that interface.

In addition, the packet entering the network will have different characteristics from the packet exiting the network (packet size, Layer3-7, among others). You may want to capture those as well.

HTH,

__

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: