Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Netflow Information in ASA8.2

I understand from some research that the netflow implemented in ASA 8.2 is not standard netflow. The ASA sends security info (i.e. ACL permit and deny information, etc.). Is there any plans in the future to have the ASA support the standard flow data? I know I would find it useful to see traffic flow data same as I get off my routers showing conversation information. And please correct me if I'm wrong that it doesn't show the same conversation data that a router does today.

1 REPLY
Cisco Employee

Re: Netflow Information in ASA8.2

The ASA only supports NetFlow version 9 and there are no plans to support NetFlow version 5. NetFlow on the ASA is event driven. Unlike routing platforms we do not send incremental updates; NSEL records are only sent during flow creation, teardown or ACL deny events. This is an issue as many customers expect to see flow information in real time, unfortunately this is not how NetFlow operates on the ASA. The total bytes transferred can only be seen after the flow is torndown and the NSEL has been generated. Also unlike the routing platforms we will not populate the ToS bits or the TCP flags. Lastly, all flows on the ASA are bidirectional. All counters for a flow will increase for traffic flowing from A->B or B->A.

Limitations

* Template refresh records can only be sent based on time intervals, not based on number of data records.

* NetFlow records can not be seen live on the ASA as data is collected.

* NetFlow has a significant performance impact, but it should not be any worse than normal syslog operations of the same information. There will be an uptick in memory but it should also be minimal. NetFlow configured with overlapping syslogs can cause a significant performance hit.

A lot of customers are accustomed to the operations of NetFlow on Cisco Routers and wish to implement NetFlow to see who is using bandwidth on the network. Unfortunately NetFlow on the ASA does not provide the ability to see this data in realtime. The data can be collected after the flow has been terminated and analyzed but we do not support real time viewing of the NetFlow records.

191
Views
0
Helpful
1
Replies
CreatePlease to create content