NetFlow Analyzer 7

Unanswered Question
Mar 24th, 2009
User Badges:

Hi Experts,


We have NetFlow Analyzer 7 for our internet traffic monitor.


We have BGP and OSPF in all internet devices.


The configuration as like below...


ip flow-export source FastEthernet0/0

ip flow-export version 5 origin-as bgp-nexthop

ip flow-export destination 10.246.x.xx 9996

ip flow-export destination 10.246.x.xx 9996



Regarding #ip flow-export version 5 origin-as bgp-nexthop

If your router uses BGP you can specify that either the origin or peer AS is included in exports - it is not possible to include both.


Now my question is is it possible to enable NetFlow as I have running BGP & OSPF.



Regards,

Naidu.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Tue, 03/24/2009 - 03:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Naidu,

yes it is commonly done.


notice: use origin-as that allows to associate a prefix with the AS that owns it.


Some notes: internal prefixes will be associated to BGP AS number 0 but no other issues


Hope to help

Giuseppe


ilnaiduccna Tue, 03/24/2009 - 04:08
User Badges:


Hi Giuseppe,


Thanks for your quick response.


Can you show me the full command to enable (notice: use origin-as that allows to associate a prefix with the AS that owns it)


Regards,

Naidu.

Giuseppe Larosa Tue, 03/24/2009 - 04:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Naidu,

there are other commands that need to be added to the interfaces that you want to monitor:


int type x/y

ip route-cache flow


note: by default netflow classifies traffic inbound the interfaces


so on the wan interfaces you see traffic coming from internet and on lan interfaces on border router you see traffic going to internet.


This is important later to create correct aggregations of traffic data.



about origin-as:


if net 145.145.0.0 comes from AS 7000


you see a BGP path like


1255 4500 3336 7000


if you use peer-as the prefix is associated to AS 1255 that is the AS that has passed you the BGP advertisement and then one you send the traffic to


Origin-as is useful because allows to understand from what AS traffic comes.


Hope to help

Giuseppe


ilnaiduccna Wed, 03/25/2009 - 23:28
User Badges:


Hi Giuseppe,


To install NetFlow Analyser in some device what are the things compatibilites with device we need to consider.


Example I have 4560S, 1850R what things I need to see and consider to install NetFlow.


Regards,

Naidu.

Giuseppe Larosa Thu, 03/26/2009 - 00:51
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Naidu,

netflow analyzer and netflow collector are installed in unix workstations not on network devices


network devices just need to be configured to export info about monitored flows


see


http://www.cisco.com/en/US/docs/net_mgmt/netflow_collection_engine/6.0/tier_one/installation/guide/in_chap.html


Hardware Requirements


Cisco NetFlow Collector, Release 6.0 has the following hardware requirements:


•Minimum: 2 GB RAM, 73 GB disk, dual processor on an entry-level server.


•Recommended: 4 to 8 GB RAM, two or more 15K SAS 146 GB or greater disks, dual 3 GHz dual-core (5160) processor entry-level server.

Supported Operating Systems and Platforms


Cisco NetFlow Collector, Release 6.0 supports the following operating systems and platforms:


•Solaris 8, Solaris 9, or Solaris 10 on an entry-level server with dual 1 GHz or greater SPARC processors such as a Sun Fire V240.


•Red Hat Enterprise Linux 2.1, 3.0, or 4.0 (ES and AS) on an entry-level server, such as an IBM x3550 or x3650 with dual 2.8 GHz or greater Intel Xeon single-core processor or dual 3 GHz dual-core (5160) processors.


to be noted that open source alternatives to netflow collector exist


an example:


http://neye.unsupported.info/



Hope to help

Giuseppe



ilnaiduccna Thu, 03/26/2009 - 06:32
User Badges:


Hi Giuseppe,


Sorry for the confusion.


I mean what are the minimal requirements that the device need have to enable the NetFlow commands in that not to installation of NetFlow Analyzer.



Regards,

Naidu.



Giuseppe Larosa Thu, 03/26/2009 - 07:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Naidu,

sorry for the misunderstanding


for software based routers no problem.


multilayer switches: actually only C6500 support it.

example C3750 don't support netflow


for c4500:


Supervisor Engine 6-E and LAN Base image do not support Netflow.


see


http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/nfswitch.html



Hope to help

Giuseppe

ilnaiduccna Thu, 03/26/2009 - 22:31
User Badges:



Hi Giuseppe,


Unfortunately I have the below following devices and those need to create NetFlow for Traffic & Packet analyzer.


Cisco 4507S & 7 numbers 1841R


Will it support for above devices.


Regards,

Naidu.


Giuseppe Larosa Fri, 03/27/2009 - 01:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Naidu,

for the C4507 if the supervisor is different from 6-E and you have an image above lan base the answer is yes.


For the 1841 it is supported: it is supported on older 1721 so I think no problem about these software based routers


see also table-7 here:


http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1093125


Hope to help

Giuseppe


Actions

This Discussion