Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Re: Netflow ...

Hi,

Would like to confirm for netflow, the IOS lookup tool says that 'ip route-cache flow' has been replaced with 'ip flow ingress'.

When I checked the 'ip flow ingress' command, it says that it sends accounting information for input traffic

reaching the interface. If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?

Pls advice,

Cheers,

- InternetB -

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: Re: Netflow ...

If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?

Correct.

__

Edison.

3 REPLIES
Hall of Fame Super Bronze

Re: Re: Netflow ...

If so, do we need to enter the 'ip flow egress' command to monitor the outbound traffic on the inteface if one wants to monitor the ingress and egress traffic flow from the interface ?

Correct.

__

Edison.

Bronze

Re: Re: Netflow ...

Hello,

I'm not sure with previos answer. If you want to monitor all traffic that is going throught the device, type in "ip flow ingesss" on all interfaces. If you enter ingress and egress on all interfaces you will see traffic twice, because one flow will be created when packet enter the device and another one on the exit.

If you was "ip route-cache flow" on all interfaces, simply replace it with "ip flow ingress" and result will be the same.

Jan Nejman

Caligare, Co.

http://www.caligare.com

BTW: "ip flow egress" is very useful in special situations (i.e. device with IPSEC tunnel - on "non-encrypted" interface is the right solution use both (ingress and egress) commands and on IPSEC interface there is not flow monitoring configured).

Hall of Fame Super Bronze

Re: Re: Netflow ...

If you enter ingress and egress on all interfaces you will see traffic twice, because one flow will be created when packet enter the device and another one on the exit.

Correct, assuming there is only one entry/exit point. In many circumstances, a packet may enter an interface but not necessarily leave that interface.

In addition, the packet entering the network will have different characteristics from the packet exiting the network (packet size, Layer3-7, among others). You may want to capture those as well.

HTH,

__

Edison.

135
Views
0
Helpful
3
Replies
CreatePlease to create content