i'm new in here.need some information on Netflow configuration on a cisco 28xx router with 12.4 SP IOS.
This router is the access in to a customer data center and im trying to help them by providing application wise BW utilisation on a 10 Mbps pipe terminating on this router from the ISP. This is Metro Ethernet link from the ISP.
The current netflow configuration on the router is as follows:
router (config)# ip flow-export source fastethernet 0/0
router(config)# ip flow-export version 5
router(config)# ip flow-export destination 22.214.171.124 2055
router(config) int fastethernet 0/0
router(config-if)#ip flow ingress
router(config-if)#ip flow egress
router(config-if)#ip route-cache flow
fa0/0 is the single point of entry into customer network and it makes sense to deploy the Netflow export on that interface to see all ingress and egress traffic.
My Observation over the past few days were that the SNMP BW util report provided by the ISP as well as the 5 min out put rate on the fa0/0 interface on the router does not match the netflow BW shown by the Anaylser. The avg utilisation of the 10 Mbps link is around 50% (i.e 5 Mbps) but the Netflow report shows a different picture.
So i wanted to know from the experts,
1) is my netflow config on the router correct?
2) i suspect its not exporting everythin seen on the interface. All Layer 2, 3 traffic perhaps? May be im only seeing some filtered traffic?
3) Recommendations for netflow configuration that can export all possible traffic on that interface so that the netflow BW util report matches what is seen by SNMP.
Any help really appreciated so as to solve the customer issue of visibility into what is eating up the BW of his 10 Mbps link.
Hello Thanks. I need to check on the PPP encapsulation. Whats the alternative if i need to capture all traffic (assuming im indeed missing some of the encapsulated traffic). There is a switch (Catalyst) further downstream to the router (in the data center). I guess i need to tap the flow there?
You can monitor the netflow ingress on the PPP link but the values will not reflect the counters you see on snmp.
If what you are trying to achieve is get close between interface counters and netflow, you can try this on the next hop device. But keep in mind, not only L3 traffic goes via routers/switches, so you will never get an exact match between a L2 counter (interface counters) and Netflow, L3 counters.
The accurate information for BW is snmp.
Netflow is usually used to understand the proportions of L3 protocols : for example 20% is FTP traffic, 50 % is HTTP and so forth.
Thanks, Im not trying to get the SNMP functionality via NetFlow. I want to make sure that the discrepancies in the two reports are not highly skewed thats all. I understand that NetFlow gives a ratio of the traffic composition and thats exactly what im trying to achieve.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...