Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
901
Views
0
Helpful
1
Replies

Problem exporting netflow over GRE tunnel

Nikolaos Milas
Level 1
Level 1

‎04-21-2015 09:14 AM

Hello, we have two routers connected as shown below:

 

{Please, view image and zoom in to full scale for clearer reading!}

With this configuration, the tunnels 7 and 8 seem to be working correctly, however when we switch traffic between Site 1 (R1) and Site 2 (R2) so that it goes through the tunnels rather than through the ISP, then netflow export from R1 to our netflow server (using nfdump/nfsen) which is located at a LAN connected to R2, is not recorded correctly; I see (on R1):

# sh ip flow export
Flow export v9 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Source(1)       195.251.xxx.yyy (Loopback0)
    Destination(1)  195.251.xxx.xxx (9995)
  Version 9 flow records
  680074 flows exported in 8490 udp datagrams
  0 flows failed due to lack of export packet
  1579 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures

and after that I find that our traffic is not recorded correctly.

When we don't use these tunnels to route traffic between R1 and R2, then "export packets sent up to process level" are 0 and netflow export works correctly.)

Can you please help identify the cause of this problem and suggest a solution?

Please advise.

Thanks,
Nick

 

Labels:
0 Helpful
1 Reply 1

Nikolaos Milas
Level 1
Level 1

‎04-23-2015 01:03 AM

Could the above displayed behavior be caused by fragmentation of UDP packets, as is explained here (fragmentation causing checksum errors):

https://www.plixer.com/blog/general/interesting-cisco-asa-netflow-fragmentation-issue/

In that case, turning on pre-fragmentation for IPSec VPNs worked.

But what could we do with simple GRE tunnels?

Please advise.

Thanks,
Nick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents