NetFlow

Unanswered Question
Feb 12th, 2010

Hi, I was wondering if NetFlow is able to see packets that traverse layer 3 interfaces on a VRF.  If so, what is the minimum hardware and software required.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jan Nejman Fri, 02/12/2010 - 08:11

Hello,

yes you can see a flow information from VRF in the netflow export. "packets" is not right word. You can see information about flow - source&destination IP, # bytes, # packets, src/dst interfaces, ports, protocol, etc.

You can find many netflow analyzer developers. See: http://netflow.caligare.com/applications.htm for the detail.

Kind regards

Jan Nejman

Caligare, Co.

http://www.caligare.com/

Giuseppe Larosa Fri, 02/12/2010 - 08:21

Hello David,

support for egress (outbound) flows on interfaces associated with a VRF has been introduced with "MPLS egress netflow accounting" feature

see

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/egress.html#wp1015329

A very good tool for searches is Feature navigator

http://www.cisco.com/go/fn

do search by feature and in the new window you can search all features containing the word Netflow

MPLS egress netflow accounting is supported practically on all devices that can act as a PE node (where you can configure an MPLS VRF)

since 12.1(5)T.

even on C3640 or C2650XM

all you need is the command

mpls netflow egress

in interface configuration mode

To be noted a very new feature to account traffic in ingress direction has been introduced in new 15.0M IOS

http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/cust_fnflow_rec_mon.html#wp1068360

But the older feature should be enough for standard needs.

Hope to help

Giuseppe

jakewilson Thu, 02/18/2010 - 12:10

Hi David,

We are in the midst of some NetFlow research with VRF as well.  Ingress, Egress, etc. we support it, but more specifically, we are trying to learn more about the types of reports people want access to. So I have a rhetorical for you "what reports do you want beyond 'packets' or 'flow'?  Do you need to see any MPLS details?

Jake

yuchenglai Fri, 02/19/2010 - 11:29

Jake,

I don't have a need to see MPLS traffic as of yet.

David Lai

Network Engineer

Brooke Army Medical Center

yuchenglai Sat, 02/20/2010 - 20:31

Jake,

Is there any NetFlow capability on VRFs on 6500 series switches?

David Lai

Network Engineer

Brooke Army Medical Center

Actions

This Discussion