Solved: Flexible Netflow on Port Channels

randms2610 · ‎10-16-2017

I have a Cisco 3650 with IOS XE version 03.07.03E and unable to implement flow monitor on a L3 port-channel. Please advise how can I get this flow configuration to work in Port-Channel interface.

Response that I got:

Sw3650-01(config-if)#ip flow monitor Netflow-Monitor-In input
% Flow Monitor: Flow Monitor 'Netflow-Monitor-In' flexible netflow not supported on port channels

Port-channel config:

Sw3650-01#sh run int po11
Building configuration...

Current configuration : 125 bytes
!
interface Port-channel11
 description etherchannel to Core-1
 no switchport
 ip address 10.y.y.y 255.255.255.252
end

Netflow config:

flow exporter Netflow-to-Orion
 destination 10.x.x.x
 source Vlan10
 transport udp 2055
!
!
flow monitor Netflow-Monitor-In
 exporter Netflow-to-Orion
 cache timeout inactive 10
 cache timeout active 30
 record Netflow-In
!
!
flow monitor Netflow-Monitor-Out
 exporter Netflow-to-Orion
 cache timeout inactive 10
 cache timeout active 30
 record Netflow-Out

Update:

I've tried changing netflow source to a loopback interface and the apply the ip flow monitor to a physical ports that are member of the etherchannel but it never send any flow

randms2610 · ‎10-25-2017

As there is still no answer to this question, I will follow up my own post.

After days of digging and trial & error, what I thought could be the solution to this issue was applying the ip flow monitor command on physical interfaces that are the member of the etherchannel (instead of applying ip flow monitor on the port channel interface). The command was accepted successfully on the physical interface.

However, when I did it that way, there was no flow traffic sent at all. It made me believe that I've done things wrongly but then I stumbled upon this bug article -> CSCut08292

It is said there's a bug when applying flow monitor to a L3 etherchannel in Cisco 3850 that causes flow traffic invisible. They didn't say anything about 3650, however since I think that they both running in the same IOS XE, I believe that this applies to 3650 as well.

What I did then is converting my etherchannel to L2 , then use SVI for L3 communication. Flow monitor applied to the VLAN and then everything works as expected. So I guess I wasn't doing it wrongly, but it was a bug that causing the issue and luckily we still have workaround for that. A little routing downtime occurs when I convert the etherchannel but then it is worth the result.

Thanks to this forum for letting me post a question, and answering it myself.

View solution in original post

randms2610 · ‎10-25-2017

As there is still no answer to this question, I will follow up my own post.

After days of digging and trial & error, what I thought could be the solution to this issue was applying the ip flow monitor command on physical interfaces that are the member of the etherchannel (instead of applying ip flow monitor on the port channel interface). The command was accepted successfully on the physical interface.

However, when I did it that way, there was no flow traffic sent at all. It made me believe that I've done things wrongly but then I stumbled upon this bug article -> CSCut08292

It is said there's a bug when applying flow monitor to a L3 etherchannel in Cisco 3850 that causes flow traffic invisible. They didn't say anything about 3650, however since I think that they both running in the same IOS XE, I believe that this applies to 3650 as well.

What I did then is converting my etherchannel to L2 , then use SVI for L3 communication. Flow monitor applied to the VLAN and then everything works as expected. So I guess I wasn't doing it wrongly, but it was a bug that causing the issue and luckily we still have workaround for that. A little routing downtime occurs when I convert the etherchannel but then it is worth the result.

Thanks to this forum for letting me post a question, and answering it myself.

penncro1 · ‎11-13-2017

I was reading your solution but seems like my 3650 running IOS 3.06.04 does not accept commands you are showing. Am I missing something? When I tried to enter the 'flow' at the config prompt followed by anything it says Unrecognized command. Any help is much appreciated.

Regards, Herb

lucio_1966 · ‎12-15-2017

Hi there, this confign seems to work on a C3650 with version 03.06.06E

flow record rm_1

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

collect interface output

collect counter bytes long

collect counter packets long

!

flow exporter EXPORTER-1

destination 192.168.156.158

source Vlan1

transport udp 9901

!

flow monitor MM_1

exporter EXPORTER-1

cache timeout active 60

record rm_1

(…)

interface GigabitEthernet1/1/1

description Uplink to Router

switchport trunk allowed vlan 1,20,200

switchport mode trunk

ip flow monitor MM_1 input

let me know if it work for you as well;

question: i have a C3750 with version 12.2(25)SEE3, RELEASE SOFTWARE (fc2) , is there any version I can upgrade it to, where I can get this config to work as well?

thanks