cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1389
Views
1
Helpful
3
Replies

Nexus 7K F2 and Netflow

Is anybody successfully collecting Netflow from a N7K running F2 line cards with Sup1?  I'm on 6.2(6), I've applied the TCAM hardware ACL (which is still required in 6.2(6)) and no love.  In packet captures on the collector I see the CFLOW packets hitting the server, but the flowset fields in the capture contain the field descriptions (I think) rather than the actual data they are supposed to contain.  See the attached screenshot.  We are sending the export to SolarWinds NTA.

flow timeout 0

flow timeout active 60

flow exporter nta-exp

  description export netflow to SolarWinds NTA

  destination x.x.x.x use-vrf management

  transport udp 2055

  source mgmt0

  version 9

    template data timeout 30

flow record nta-rec

  description Netflow record for SolarWinds NTA

  match ipv4 source address

  match ipv4 destination address

  match ip protocol

  match ip tos

  match transport source-port

  match transport destination-port

  collect routing source as

  collect routing destination as

  collect routing forwarding-status

  collect routing next-hop address ipv4

  collect transport tcp flags

  collect counter bytes

  collect counter packets

  collect timestamp sys-uptime first

  collect timestamp sys-uptime last

  collect flow sampler id

  collect ip version

flow record netflow-orginal

sampler nta-sam

  description Netflow Sampler

  mode 1 out-of 1

flow monitor nta-mon

  description Netflow Monitor for STA

  record nta-rec

  exporter nta-exp

Applied as:

ip flow mon nta-mon input sam nta-exp to layer 3 interfaces (VLANs).

I've had both TAC and SolarWinds engineers looking into this, I suspect this is a Nexus issue more than SolarWinds though (if not a configuration problem).  I've already tried using the netflow-orginal template and switching to v5.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.       

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
3 Replies 3

bump?

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

bopage
Cisco Employee
Cisco Employee

I found another customer with this same issue running 6.2.6 code and nothing worked until we upgraded to 6.2.8a - then all worked as expected.

1368680816
Level 1
Level 1

help,The device version is 6.2.8A, SUP1, F2line cards, and now netflow is collected, but the device only emits template packets, no packets, is that the reason for the version?

flow timeout active 60
flow timeout fast 32 threshold 100
flow timeout session
flow timeout aggressive threshold 75
flow exporter NFAExporter
  destination x.x.x.x
  transport udp 9999
  source port-channel5
  version 9
    template data timeout 60
    option exporter-stats timeout 60
    option sampler-table timeout 60
sampler NFAsampler
  mode 1 out-of 100
flow monitor NFAmonitor
  record netflow-original
  exporter NFAExporter
interface Ethernet1/x
  ip flow monitor NFAmonitor input sampler NFAsampler
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: