NetFlow Analyzer 7

Unanswered Question
Mar 24th, 2009

Hi Experts,

We have NetFlow Analyzer 7 for our internet traffic monitor.

We have BGP and OSPF in all internet devices.

The configuration as like below...

ip flow-export source FastEthernet0/0

ip flow-export version 5 origin-as bgp-nexthop

ip flow-export destination 10.246.x.xx 9996

ip flow-export destination 10.246.x.xx 9996

Regarding #ip flow-export version 5 origin-as bgp-nexthop

If your router uses BGP you can specify that either the origin or peer AS is included in exports - it is not possible to include both.

Now my question is is it possible to enable NetFlow as I have running BGP & OSPF.

Regards,

Naidu.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Tue, 03/24/2009 - 03:19

Hello Naidu,

yes it is commonly done.

notice: use origin-as that allows to associate a prefix with the AS that owns it.

Some notes: internal prefixes will be associated to BGP AS number 0 but no other issues

Hope to help

Giuseppe

ilnaiduccna Tue, 03/24/2009 - 04:08

Hi Giuseppe,

Thanks for your quick response.

Can you show me the full command to enable (notice: use origin-as that allows to associate a prefix with the AS that owns it)

Regards,

Naidu.

Giuseppe Larosa Tue, 03/24/2009 - 04:19

Hello Naidu,

there are other commands that need to be added to the interfaces that you want to monitor:

int type x/y

ip route-cache flow

note: by default netflow classifies traffic inbound the interfaces

so on the wan interfaces you see traffic coming from internet and on lan interfaces on border router you see traffic going to internet.

This is important later to create correct aggregations of traffic data.

about origin-as:

if net 145.145.0.0 comes from AS 7000

you see a BGP path like

1255 4500 3336 7000

if you use peer-as the prefix is associated to AS 1255 that is the AS that has passed you the BGP advertisement and then one you send the traffic to

Origin-as is useful because allows to understand from what AS traffic comes.

Hope to help

Giuseppe

ilnaiduccna Wed, 03/25/2009 - 23:28

Hi Giuseppe,

To install NetFlow Analyser in some device what are the things compatibilites with device we need to consider.

Example I have 4560S, 1850R what things I need to see and consider to install NetFlow.

Regards,

Naidu.

Giuseppe Larosa Thu, 03/26/2009 - 00:51

Hello Naidu,

netflow analyzer and netflow collector are installed in unix workstations not on network devices

network devices just need to be configured to export info about monitored flows

see

http://www.cisco.com/en/US/docs/net_mgmt/netflow_collection_engine/6.0/tier_one/installation/guide/in_chap.html

Hardware Requirements

Cisco NetFlow Collector, Release 6.0 has the following hardware requirements:

•Minimum: 2 GB RAM, 73 GB disk, dual processor on an entry-level server.

•Recommended: 4 to 8 GB RAM, two or more 15K SAS 146 GB or greater disks, dual 3 GHz dual-core (5160) processor entry-level server.

Supported Operating Systems and Platforms

Cisco NetFlow Collector, Release 6.0 supports the following operating systems and platforms:

•Solaris 8, Solaris 9, or Solaris 10 on an entry-level server with dual 1 GHz or greater SPARC processors such as a Sun Fire V240.

•Red Hat Enterprise Linux 2.1, 3.0, or 4.0 (ES and AS) on an entry-level server, such as an IBM x3550 or x3650 with dual 2.8 GHz or greater Intel Xeon single-core processor or dual 3 GHz dual-core (5160) processors.

to be noted that open source alternatives to netflow collector exist

an example:

http://neye.unsupported.info/

Hope to help

Giuseppe

ilnaiduccna Thu, 03/26/2009 - 06:32

Hi Giuseppe,

Sorry for the confusion.

I mean what are the minimal requirements that the device need have to enable the NetFlow commands in that not to installation of NetFlow Analyzer.

Regards,

Naidu.

ilnaiduccna Thu, 03/26/2009 - 22:31

Hi Giuseppe,

Unfortunately I have the below following devices and those need to create NetFlow for Traffic & Packet analyzer.

Cisco 4507S & 7 numbers 1841R

Will it support for above devices.

Regards,

Naidu.

Giuseppe Larosa Fri, 03/27/2009 - 01:00

Hello Naidu,

for the C4507 if the supervisor is different from 6-E and you have an image above lan base the answer is yes.

For the 1841 it is supported: it is supported on older 1721 so I think no problem about these software based routers

see also table-7 here:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1093125

Hope to help

Giuseppe

Actions

This Discussion