We have a Cat Switch placed on Internet circuit and users are reporting an issue of Network Slowness & the basic problem is that we have a software which works based on Netflow feature to gather the traffic data but switch doesn't have this feature so we need to troubleshoot the issue manually so please help in this of what steps need to be performed one by one.
What you do is setup a netflow probe and one or two SPAN ports (depending on your needs) that leads traffic to the probe. The probe will send the netflow data to the collector. (fprobe or ndsad might be interesting)
The switch does not need to have the netflow feature as long as the probe can get all the traffic you want to inspect.
We do not know of what switch you have there is a quite new feature called smartlog that might be interesting to use if your equipment have it.
I agree with Glen.grant here, I was a little carried away and just answer half your question. ie what to do to get netflow data.
The first thing you should do is check the counters on the interface to see if there are any errors or problematic situations going on
Show interface nameoftheinternetinterface
Another thing is to check the logs if there is anything there that explains slownes of the
Another thing is to check if the link is saturated, ie are you simply just filling up the Internet link ?
if you are paying för a 20 Mbit Internet link
how much is your interface sending out and recieving ? this i think is best done via snmp and graphs.
one free software that I like is the solarwinds Orion to monitor for things like this, but that is way over the top for just checking a thing so they have a small free easy solution that is called real-time bandwith monitor. it is perfect for things like this.
Another thing is to check configuration for fx QoS things that can give the type of symptoms that you are experiencing.
we have not spoken of a firewall/router and the throughput of that but that is also a point where you should take a look at the same things.
If you find that the link is saturated. then fx netflow can be a nice thing to find out what and who is the big culprit, if there is one.
so Soroushm is right the way he have told you to do SPAN ports. but he have not explained why.
First you need to know if you need one or two ports to span,
the way to determin that is.
if the destination interface speed must be more than 2x the speed of the internet link. (traffic inbound and outbound)
if you fx have a 100 Mbit link but the interface speed of the destination interface is gig then you need only one.
if the destination interface is not more than 2x the internet speed then you need to split the traffic to two interfaces, one interface for outgoing traffic (tx) and one for incoming (rx). or you will risk loosing information.
you connect the netflow probe to the correct ports ie 1 or 2 ports and then you connect another port to the netflow monitor to recieve the information.
from this point on it is all different dependant on your tools.
First thing to check for is any speed /duplex mismatches on your switch. Unless you know the far ends of a link is hardcoded on switch settings should be left as auto . Most interconnects from an ISP are left at auto/auto . If you hardcoded anything on your end that could be an issue. On the switch do a " show interf counters errors" and see if any ports are incrementing errors . Clear the counters and then watch is again. Do a show int status command , anything that shows up as half duplex is also suspect.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...