07-08-2024 11:52 AM
Is there anything equivalent to the `show flow exporter` command to show the source IP address for Netflow records sent by the switch via the Cisco ACI API?
07-08-2024 12:57 PM
Hi @zo3 ,
moquery -c netflowExporterPol | grep srcAddr
The Host part of the subneted IP is replaced by the Switch Node ID (e.g. if 10.1.0.0/20, Node ID 125 will use 10.1.0.125).
Regards
07-08-2024 01:30 PM - edited 07-08-2024 01:33 PM
Hi @Remi-Astruc - thank you so much for the response! In this case, are node IDs are unique across pods? I want to be able to associate the subneted IP to the specific node every time! For the example you gave, if the subneted IP is 10.1.0.0/20 - I would like to know that the policy is including Node ID 125. There's some point in configuring the Netflow policy where it asks which leaf nodes should be associated, but it doesn't seem like that appears in the response for `netflowExporterPol`
edit:
https://www.youtube.com/watch?v=6Yl_GelaS7g
this is the video I'm referencing when I was setting up my netflow configuration - it seems I'd need to query for the `netflowExporterPol` and then whatever the MO is for the leaf switch profile (if that gives the switch associations?)
07-08-2024 10:47 PM
The Node ID per switch is unique across a whole Single-/Multi-Pod Fabric and permanent, so when you know the Netflow source subnet, you know the Netflow source IP is unique per switch and permanent (assuming it is configured for Netflow, as explained in the first section of your video).
Regards
07-09-2024 03:01 PM
@Remi-Astruc Thank you! I just want to confirm also as I rewatch the video and am getting a bit confused - when a block of nodes is selected (i.e. nodes 101-102) in the fabric policies that only enables Netflow for those nodes?
When I follow the video further and refer to this document - https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_Cisco_APIC_and_NetFlow.html#id_42875 which outlines creating the exporter policy, records, profiles, etc. I'm trying to see when the associated leaf nodes are determined to be given an exporter IP address from the subnet but it seems like if Netflow is enabled then it should be assigned as such? I'm not sure if that makes sense - I just want to gather a list of all the possible exporter IP addresses by knowing what nodes/leafs are selected when I watch the video
07-10-2024 12:59 PM
If a given Leaf is part of a switch profile set with Netflow priority, then any Netflow export sourced from that Leaf will use the IP "subnet set in that export policy + Leaf node ID". That's all.
You will not find that explicit IP in some config object.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide