Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
5
Helpful
3
Replies

Network flow collector problem---urgent assistance needed

mahesh_kv3
Level 1
Level 1

‎07-03-2009 09:17 PM - edited ‎03-04-2019 05:19 AM

Hi all,

Iam having an NFC configured for monitoring the port traffic for Cisco GSR routers.It is showing very less output traffic and the input traffic is showing correctly.Iam exporting a version 5.Please assist me with your possibilities.

globally configured:

ip flow-sampling-mode packet-interval1000

ip flow-export source Loopback0

ip flow-export version 5

ip flow-export destination <ip add> 9996

ip tacacs source-interface Loopback0

ip flow-cache timeout active 1

ip flow-cache timeout inactive 15

In interface:

ip route-cache flow sampled output

Many thanks

Mahesh

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-03-2009 09:41 PM

Hello Mahesh,

you have sampling one packet every 1000 is processed by netflow on the router (choice for scalability implementation on GSR).

So the traffic volume is 1/1000 of the real traffic and short-lived flows like DNS queries are likely missed.

Then on the NFC you have faculty to introduce a multiplier.

It is important also to know what type of linecard you are using and the IOS version.

Be aware that netflow has started working on inbound only.

egress was added later.

according to

http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/ios_netflow_roadmap_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1057299

egress netflow accounting is supported in ios 12.2 SB

you are likely using a 12.0S version

Hope to help

Giuseppe

mahesh_kv3
Level 1
Level 1
In response to Giuseppe Larosa

‎07-03-2009 10:00 PM

Hi,

Thanks for the response.

Iam using an ios version of 12.0(32)SY1 in my GSR.

from your response i came to know like with this IOS NFC could not detect the egress traffic.

So which is the proper IOS version need to use ,so that i can map the egress traffic in the NFC.

Many thanks

Mahesh

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to mahesh_kv3

‎07-04-2009 08:39 AM

Hello Mahesh,

the answer could be negative with any IOS: when we deal with GSR we need to look also at what type of linecard we use.

you can chesk this with

sh gsr

sh inventory

sh diag

the type of engine the linecard has is important here.

To be noted that you can use ingress netflow by enabling it on other interfaces: for many years ISP providers used only inbound netflow and they were able to see traffic in their network.

At the NFC level you can define filters based on SNMP port ifindex to divide traffic received on external interfaces from traffic received by internal interfaces and directed to internet.

I think that for normal uses you can find an equivalent ingress only configuration that does what you need.

Edit:

unless internal interfaces are MPLS interfaces and the GSR is acting as PE / Edge LSR in this case egress netflow is probably the right tool.

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card