WAAS and Netflow, traffic reports are inflated unpredictably

Unanswered Question
Jul 17th, 2010

Not sure if anybody has any luck getting Netflow to report correctly when WAAS is in a picture.  We have about 30 sites deployed with WAAS in out of line configuration and every single one of them incorrectly report Netflow traffic to our NetQoS Reporter Analyzer product.  Typically the traffic throughput seems to be inflated several times higher.  We tried every which way to alter the netflow configuration in the router including Egress Netflow but the traffic is still showing higher than actual traffic coming out of a port.  In one site, even the "show interface" command on the router shows 5-minute rate of 16Mbps on a 6Mbps Mulitlink circuit. 

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jakewilson Sun, 07/18/2010 - 03:01

Hello Thang Lu,

We have run into this issue with a few customers and here are a some things to consider:

- If you have 'Flexible' NetFlow enabled: Beware, Flexible NetFlow does not export the flow direction by default you must configure the direction bit to be set for egress flows.  Traditional NetFlow v9 does this automatically.

- Are you excluding certain protocols in NetQoS?  If you don't do this, some tunnels and VPN connections will be exported twice!

These are the protocols we exclude by default in Scrutinizer NetFlow Analyzer:

I hope these suggestions help you.


cfolkerts Mon, 07/19/2010 - 08:30

By chance are you running GRE negotiated return on your WAEs?  We had a similar issue and went with generic GRE and our Netflow stats are now inline with the actual throughput.



This Discussion