Netflow report with ifName?

Unanswered Question
Sep 16th, 2010

Hi,

Need some help on Netflow reporting...

I am using Cisco Netflow Collector version 6.0 and it is collecting Netflow data correctly.

Question is which report (aggregation schemes) will give me flow data with the router's interface name? I tried using the "key builders" in the collector but fail....

Any suggestion will be really appreciated....

Thanks..

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Giuseppe Larosa Fri, 09/17/2010 - 00:46

Hello Chowvy,

as far as I know all netflow export packets contain the SNMP ifindex of the interface and not the name.

you can easily check the corrispondence of SNMP ifindex and interface name using the following command

show snmp mib ifmib ifindex

you can take the output of the show in a text file and you can write a script that puts the interface name in place of SNMP ifindex.

it is also recommended to configure snmp if-index persist so that SNMP ifindexes are kept the same across device reloads ( note this is not guaranteed in case of IOS upgrade when moving between trains / feature sets)

Hope to help

Giuseppe

choywy Sun, 09/19/2010 - 16:23

Hi guislar,

thanks for your info....Hmm..Is it possible resolve the ifindex via the collector to the ifName and presented in the flow reports?

We've hunderds of devices hence it is a major task for us to write a script and match ifindex to ifName on those devices. Not to mention when there is a IOS upgrade and we have to re-write the mapping again..

Can we ask the collector to snmp poll the devices and resolve it and present it in the flow report?

Thanks..

Giuseppe Larosa Sun, 09/19/2010 - 23:56

Hello Chowvy,

you can have an SNMP query performed on the same server where NFC is running.

However, if you are using Cisco netflow collector  there is a text configuration file that provides the mapping:

nfcifname.xml

/opt/CSCOnfc/config

SNMP interface name mapping configuration file

see

http://www.cisco.com/en/US/docs/net_mgmt/netflow_collection_engine/6.0/tier_one/installation/guide/config.html#wp1057224

you may have a script that executes appropriate SNMP queries on network devices and then populates the above configuration file.

>> NetFlow Collector caches the SNMP query results in memory. You can...changes are made in the nfcifname.xml file, you must restart NetFlow Collector for these changes...

see

www.cisco.com/en/US/docs/net_mgmt/netflow_collection_engine/6.0/tier_one/user/guide/T1User.pdf

Hope to help

Giuseppe

jakewilson Tue, 09/21/2010 - 05:40

Exporting interface names in NetFlow was introduced in IOS 12.4(2)T or 12.4(4)T depending on what Cisco documentation you reference and is supported in NetFlow v9.

Router(config)# ip flow-export interface-names

Interface Names via NetFlow v9 look like this:

The above can also be used with NetFlow NBAR:
Router(config)# ip flow-export template options nbar

Scrutinizer v8 (currently in beta) leverages the above so that administrators have no dependency on SNMP.  You can read more about this by searching the plixer blog.

I hope this helps.

Actions

Login or Register to take actions

This Discussion

Posted September 16, 2010 at 11:35 PM
Stats:
Replies:4 Avg. Rating:
Views:3555 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard