Netflow Configuration Guide

Answered Question
Nov 23rd, 2011

I am trying to provide a guide on how to configure interfaces on Cisco routers to get the correct netflow sent to the CA Technologies NetQos product. Below is what I have so far, but there are so many veriables it is hard to make this a simple document. Can anyone provied some input on what I could do to clean this up?

Information that produced the directions below:

  • “ip route-cache flow” is collecting inbound netflow only, so to get the entire picture on what is coming in and out of a particular interface, this command needs to be added to all interfaces that receive traffic that may exit the interface to be monitored. Is this the correct approach?
  • For the IOS that added the “ip flow egress” command, is the “ip route-cache flow” command still used to get inbound flow information? I am confused on that.
  • Is there a case where the “ip flow ingress” is the only command that can be used? If so what is the recommended configuration?

Interface Commands:

Cisco interface commands to be used are dependent on the router model, IOS level and commands supported. The following guidelines should help you to identify which commands to use. If the commands are allowed on the sub-interface, using them at this level will reduce the amount of traffic sent to the netflwo collector.

  • If your IOS level is below 12.4(2)T or 12.2(18)SXD and the ip route-cache flow is the only command available. Use this command on primary interfaces only (if you are trying to monitor a sub-interface, place the command on the primary interface for this sub-interface. It will apply to all sub-interfaces.) Add this command to all primary interfaces on the router that have incoming traffic that will exit on the interface to be monitored.

! Replace {#} with interface name

Interface [#]

ip route-cache flow

  • If your IOS level is 12.3 T and the “ip flow egress” command is the only command available, use this command ????????

  • If your IOS level is 12.4(2)T or 12.2(18)SXD or higher and the “ip flow egress” and “ip flow ingress” commands are both available, use both of these commands on the primary or sub-interface but not both.
    ! Replace {#} with interface or sub-interface name

Interface [#]

ip flow egress

ip flow ingress

I have this problem too.
0 votes
Correct Answer by jakewilson about 2 years 4 months ago

If your question is on when to export ingress Vs. egress flows.  Plixer has blogged extensively on this topic.  For example, lovemytool.com has a great post that will give you the cli syntax.

Jake

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)

Actions

Login or Register to take actions

This Discussion

Posted November 23, 2011 at 7:30 AM
Stats:
Replies:1 Avg. Rating:5
Views:689 Votes:0
Shares:0

Related Content

Discussions Leaderboard