03-11-2010 08:54 AM
Does anyone know if and when Cisco will provide NetFlow records export on the FWSM and ASA? The following link at caligare.com shows why FWSM and ASA are not able to export NetFlow records.
03-11-2010 09:07 AM
There were some past threads on this subject, but I can't seem to find them now. NetFlow v9 support is introduced in ASA 8.2.1 according to this doc:
03-11-2010 09:34 AM
Thanks, it looks like NetFlow is not yet supported on the FWSM
David Lai
Network Engineer
Brooke Army Medical Center
210-916-3644 Office
210-916-7488 Desk
03-17-2010 08:36 AM
Hello David,
netflow is supported on ASA, but several important fields are missing. For example, packet count is missing
in the netflow export. Caligare software depends on valid information about packets and octects count. I'll be
very surprised if the new ASA IOS support these fields. I think that some our competitors support NetFlow
exports from ASA, but you will not be able to see the full detail about data flow (comparated with information
from Cisco routers or Catalyst switches). I think that a Scrutinizer SW supports it.
Kind regards,
Jan Nejman
Caligare, Co.
03-24-2010 05:52 PM
Thank you Jan.
The ASA kicks out TotalOctetCount in stead of the traditional OctetDeltaCount. Also, the bidirectional flows are unique as well as several other items.
We have been getting a few calls with questions on the uniqueness of the NetFlows exported by the Cisco ASA. Check out this PDF:
http://www.plixer.com/files/netflow-on-the-asa-11-18-09.pdf
Here is a video I recorded on it:
http://media.plixer.com/screencasts/scrutV7ASA/scrutV7ASA/scrutV7ASA.html
Jake
03-25-2010 07:39 AM
Is there NetFlow support on VRF-lite configured on 6500 switches and Firewall Service Modules on the 6500?
David Lai
Network Engineer
Brooke Army Medical Center
210-916-3644 Office
210-916-7488 Desk
03-25-2010 08:01 AM
Thank you Jake.
I once again checked the Cisco web page and there is no information about OctetDeltaCount
or TotalOctetCoun.
See the URL: http://www.cisco.com/en/US/docs/security/asa/asa83/netflow/netflow.html
In the netflow export is only NF_F_FLOW_BYTES field, but number of packets field is missing!
So I guess that you are not able to display how many packets contain the flow. For example
you can only display that flow from IP A went to the IP B... + how many bytes were transferred
but there is no information about number of packets.
Or I'm wrong?
Jan
03-29-2010 11:45 AM
Hi David,
I googled "VRF-lite netflow" and the prognosis doesn't look good.
Jan, I should have been more clear. NetFlow v9 http://www.ietf.org/rfc/rfc3954.txt kicks out IN_BYTES and IN_PKTS. IPFIX http://tools.ietf.org/html/rfc5101 kicks out inOctetDeltaCount inPacketDeltaCount and when the two RFC's conflict, we go with the IPFIX naming convention.
The ASA exports NF_F_FLOW_BYTES which we save as stated above to inOctetDeltaCount. Agreed, I don't see any packet count in the ASA flows.
03-29-2010 12:01 PM
Jake,
What about FWSM on 6509?
David Lai
Network Engineer
Brooke Army Medical Center
210-916-3644 Office
210-916-7488 Desk
03-31-2010 12:15 PM
my searching brought me to:
http://www.networkworld.com/community/node/38585
"This is where the FWSM uses NetFlow information….." However, it does not say it exports NetFlow. My google searching came up empty for FWSM NetFlow support.
04-01-2010 07:42 AM
It would be nice if Cisco could enable export of "NetFlow-like" stats from the FWSM and VRF-Lites in upcoming code releases.
David Lai
Network Engineer
Brooke Army Medical Center
210-916-3644 Office
210-916-7488 Desk
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide