cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1137
Views
0
Helpful
2
Replies

Netflow v9 from IOS XR 3.8.1 problem not seeing Bytes

I've problem with netflow v9 from IOS XR 3.8.1 not showing Bytes counts on flows. Anyone please suggest any netflow tools that can work with netflow v9 or do i need more configuration on IOS XR.

Thank you very much.

nfdump and scrutinizer.

Scrutinizer.gif

"Byte" only show as "44" with nfdump v1.6rc3

[root@host41 NET-ER-12406-A1-1]# nfdump -o "fmt:%ts|%td|%pr|%sa|%sp|%da|%dp|%byt|%in|%out" -r nfcapd.201001220955 | more
Date flow start          Duration Proto      Src IP Addr Src Pt      Dst IP Addr Dst Pt    Bytes  Input Output
2010-01-19 11:59:41.988|    0.006|TCP  |    210.1.60.216|    80| 122.154.25.254| 34804|      44|    16|    24
2010-01-19 11:59:41.991|    0.006|TCP  |  122.154.25.254| 60807|   210.1.60.216|    80|      44|    24|    16
2010-01-19 11:59:41.994|    0.003|TCP  |    210.1.60.216|    80| 122.154.25.254| 60807|      44|    16|    24
2010-01-19 11:59:42.016|    0.006|TCP  |  122.154.25.254| 30949|   210.1.60.216|    80|      44|    24|    16
2010-01-19 11:59:42.019|    0.006|TCP  |    210.1.60.216|    80| 122.154.25.254| 30949|      44|    16|    24
2010-01-19 11:59:42.019|    1.618|TCP  |  122.154.25.254| 62967|    209.17.65.4|    80|      44|    24|    16
2010-01-19 11:59:42.077|   30.828|TCP  |  122.154.25.254| 63205|    72.233.69.5|    80|      44|    24|    16
2010-01-19 11:59:42.077| 9901.263|ICMP |  91.209.226.219|     0| 122.154.25.240|   0.0|      44|    16|    24

IOS XR Netflow configure


snmp-server ifindex persist

flow exporter-map FEM-NA
version v9
  options sampler-table timeout 300
  template timeout 300
  template data timeout 300
  template options timeout 300
!
transport udp 9991
source Loopback0
destination 10.234.2.110
!
flow monitor-map FMM-NC
record ipv4
exporter FEM-NA
cache permanent
cache entries 1000000
cache timeout active 60
cache timeout inactive 900
cache timeout update 60

!
sampler-map FSM-NC
random 1 out-of 1

interface GigabitEthernet0/0/0/0.700
ipv4 address 10.xxx.xxx.xxx 255.255.254.0
flow ipv4 monitor FMM-NC sampler FSM-NC ingress
dot1q vlan 700
!
interface GigabitEthernet0/0/0/0.1701
vrf INTERNET
ipv4 address 122.xxx.xxx.xxx 255.255.255.0
flow ipv4 monitor FMM-NC sampler FSM-NC ingress
dot1q vlan 1701

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Lacushime,

start by looking at flow cache locally on device and check export traffic.

Verify if local counters are correct and eventually capture with a protocol analyzer an export packet to see how it is made.

Eventually open a Cisco TAC service request to get their help

Hope  to help

Giuseppe

jakewilson
Level 1
Level 1

Hello,

Thank you for using Scrutinizer. Please give www.plixer.com a call +1 (207) 324-8805 x3 and presales support can help you.  Also, the latest version of Scrutinizer is v7.5.1.

Jake

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: