Netflow version 1 for software switched flows on a cat 6500

Answered Question
Jan 20th, 2010

Hi,

I enabled Netflow on a cat 6500 and specified NDE version 7 using the command : CH01SW06(config)#mls nde sender version 7

I receive version 7 Netflow packets on my Netflow collector for all hardware-switched flow. However, for software-switched flows (i.e packets that are received on an HSRP address and resent on the same interface) Netflow delivers updates in version 1 !

What is the reason and how can I make sure that these packets also arrive in version 7 ? Even if the software-switched flows are minor, the Netflow collector application generate an alarm because the application expects version 5 or version 7 ...

Thank you

Yves

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 6 years 12 months ago

Hello Yves,

according to the usual configuration guide you need to configure also for NDE export from MSFC and you can use aggregation caches if desired

NDE on the MSFC exports statistics for flows routed in software. The MSFC supports NetFlow aggregation, described in this document:

Cisco IOS NetFlow Configuration Guide.

The MSFC also supports NetFlow ToS-based router aggregation, described in this document:

Cisco IOS NetFlow Configuration Guide.

Release 12.2(18)SXF and later releases support NetFlow sampling on the MSFC, described in this document:

Cisco IOS NetFlow Configuration Guide.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/nde.html#wp1139290

so additional commands are needed like in a standalone router

something like:

conf  t

ip flow export version 5 origin-as

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Wed, 01/20/2010 - 07:07

Hello Yves,

according to the usual configuration guide you need to configure also for NDE export from MSFC and you can use aggregation caches if desired

NDE on the MSFC exports statistics for flows routed in software. The MSFC supports NetFlow aggregation, described in this document:

Cisco IOS NetFlow Configuration Guide.

The MSFC also supports NetFlow ToS-based router aggregation, described in this document:

Cisco IOS NetFlow Configuration Guide.

Release 12.2(18)SXF and later releases support NetFlow sampling on the MSFC, described in this document:

Cisco IOS NetFlow Configuration Guide.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/nde.html#wp1139290

so additional commands are needed like in a standalone router

something like:

conf  t

ip flow export version 5 origin-as

Hope to help

Giuseppe

yves.haemmerli Wed, 01/20/2010 - 08:40

Giuseppe,

You are right, the exact command is : CH01SW05(config)#ip flow-export version 5

Now, I see version 5 packets for software routed flows.

Thanks again

Yves

Actions

This Discussion