I have a few simple questions regarding netflow. Would anyone please clarify them for me?
1. I usually configured netflow with "ip route-cache flow" command. Anyway, I have seen articles mentioning "ip flow ingress" and "ip flow egress" commands. What is different exactly i.e. ip route-cache flow and ip flow ingress|egress? Which one should be used?
2. I understand netflow needs to be configured on every interface to export completely netflow data. Is it correct?
3. If there are 2 physical and 2 logical i.e. tunnel interfaces, how many/which interfaces should netflow be configured? Are only physical interfaces enough?
2. It's generally correct, due to the unidirectional nature of NetFlow records. Otherwise, you run the risks such as only seeing one direction of a given "conversation".
3. My understanding was NetFlow cache could only be enabled on layer-3 interfaces. However, on the catalyst 6000s (and sup720?), you can get layer-2 bridged traffic between hosts in the same VLAN, using the following config:
ip flow ingress layer2-switched vlan ip flow export layer2-switched vlan
2. I understand netflow needs to be enabled on every interface because it (netflow v5) works on an ingress basis. Anyway, if there are 4 interfaces; 2 are physical and 2 are logical (gre tunnel) interfaces. What is different between enabling only 2 physical interfaces and enabling all of them? I think maybe just 2 physical interfaces are enough because they are all physical. Please correct me if I misunderstand anything.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...