Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Network flow collector problem---urgent assistance needed

Hi all,

Iam having an NFC configured for monitoring the port traffic for Cisco GSR routers.It is showing very less output traffic and the input traffic is showing correctly.Iam exporting a version 5.Please assist me with your possibilities.

globally configured:

ip flow-sampling-mode packet-interval1000

ip flow-export source Loopback0

ip flow-export version 5

ip flow-export destination <ip add> 9996

ip tacacs source-interface Loopback0

ip flow-cache timeout active 1

ip flow-cache timeout inactive 15

In interface:

ip route-cache flow sampled output

Many thanks

Mahesh

3 REPLIES
Hall of Fame Super Silver

Re: Network flow collector problem---urgent assistance needed

Hello Mahesh,

you have sampling one packet every 1000 is processed by netflow on the router (choice for scalability implementation on GSR).

So the traffic volume is 1/1000 of the real traffic and short-lived flows like DNS queries are likely missed.

Then on the NFC you have faculty to introduce a multiplier.

It is important also to know what type of linecard you are using and the IOS version.

Be aware that netflow has started working on inbound only.

egress was added later.

according to

http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/ios_netflow_roadmap_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1057299

egress netflow accounting is supported in ios 12.2 SB

you are likely using a 12.0S version

Hope to help

Giuseppe

New Member

Re: Network flow collector problem---urgent assistance needed

Hi,

Thanks for the response.

Iam using an ios version of 12.0(32)SY1 in my GSR.

from your response i came to know like with this IOS NFC could not detect the egress traffic.

So which is the proper IOS version need to use ,so that i can map the egress traffic in the NFC.

Many thanks

Mahesh

Hall of Fame Super Silver

Re: Network flow collector problem---urgent assistance needed

Hello Mahesh,

the answer could be negative with any IOS: when we deal with GSR we need to look also at what type of linecard we use.

you can chesk this with

sh gsr

sh inventory

sh diag

the type of engine the linecard has is important here.

To be noted that you can use ingress netflow by enabling it on other interfaces: for many years ISP providers used only inbound netflow and they were able to see traffic in their network.

At the NFC level you can define filters based on SNMP port ifindex to divide traffic received on external interfaces from traffic received by internal interfaces and directed to internet.

I think that for normal uses you can find an equivalent ingress only configuration that does what you need.

Edit:

unless internal interfaces are MPLS interfaces and the GSR is acting as PE / Edge LSR in this case egress netflow is probably the right tool.

Hope to help

Giuseppe

101
Views
5
Helpful
3
Replies