netflow export problem

mlopacinski · ‎01-13-2012

Hello

ip flow-cache timeout active 1

ip flow-export source Vlan1

ip flow-export version 5

ip flow-export destination 10.205.41.50 3055

interface FastEthernet4

bandwidth 512

ip address x.x.x.x 255.255.255.248

ip flow ingress

ip flow egress

router#ping 10.205.41.50 source vlan 1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.205.41.50, timeout is 2 seconds:

Packet sent with a source address of 172.28.29.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/19/24 ms

But: debug ip flow export:

*Mar 3 23:37:54.183: IPFLOW: Sending UDP export pak 61010 to 10.205.41.50 port 3055

*Mar 3 23:37:54.183: IPFLOW: Error sending export packet: Adjacency failure

*Mar 3 23:37:54.183: Enqueued to process level.sh ru n

And i do not receive flows. Why ?

Thanx

Latchum Naidu · ‎01-13-2012

Hi,

Remove your the following command "ip flow-cache timeout active 1"
And keep either "ip flow ingress" or "ip flow egress" only under the interface FastEthernet4 config.
Things should be fine after that. Because I had the same issue and did the changes as per ManageEngine advice.

ip flow-export source Vlan1
ip flow-export version 5
ip flow-export destination 10.205.41.50 3055

interface FastEthernet4
bandwidth 512
ip address x.x.x.x 255.255.255.248
ip flow egress

Please rate all the helpfull posts.
Regards,
Naidu.

s.kanth · ‎01-13-2012

Hi,

I faced the same problem.

I cleared ip cef talble and which fixed the issue.

Thanks

Sri

ajay chauhan · ‎01-13-2012

Hi,

Is it a router on switch ? can you make sure if your collector is listening on port 3055 ? what is configured on vlan 1 .

Also post output for -

show ip flow export

Thanks

Ajay

mlopacinski · ‎01-13-2012

Nothing has helped:

router#clear ip cef * prefix-statistics

router#clear ip cef inconsistency

router#sh ip flow export

Flow export v5 is enabled for main cache

Export source and destination details :

VRF ID : Default

Source(1) 172.28.29.1 (Vlan1)

Destination(1) 10.205.41.50 (3055)

Version 5 flow records

74184 flows exported in 5667 udp datagrams

0 flows failed due to lack of export packet

0 export packets were sent up to process level

0 export packets were dropped due to no fib

5667 export packets were dropped due to adjacency issues

0 export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

Still the same errors. I sniffed tcpdump on colletor (no packets on udp/3055)

ajay chauhan · ‎01-13-2012

Are you able to ping 172.28.29.1 from Netflow collector ? Also if there is any firewall in between.

Latchum Naidu · ‎01-13-2012

Ajay,

He is able to ping which is shown in the first post.
mlopacinski, Try to keep only "ip flow egress" under interface config and see.

interface FastEthernet4
bandwidth 512
ip address x.x.x.x 255.255.255.248
ip flow egress

Please rate all the helpfull posts.
Regards,
Naidu.

mlopacinski · ‎01-13-2012

I had a cryptomap on outside interface (easy vpn client).

It seems that IOS netflow subsytem can not send that packets into tunnel.

I've made local policy routing and set that traffic to lo0, which make this traffic "transit".

After that it started working.

Right now i have 871W, on SOHO91 it worked without local policy routing.

Both configurations had CEF enabled.

Thanx for help