02-09-2022 01:04 AM
Hello Team!,
I configured Flexible Netflow on ISR4331 with one [Exporter, Record, Monitor] I have multiple GRE tunnels and Subinterfaces on the router on which I want to apply the Netflow configuration on and use PRTG as a collector.
My question is: What is the best practice to apply Netflow on multiple interfaces on the same device to get the best output results?, is it better to use {input & output} on the same interface OR just {input} using the same [Monitor].
Configuration:
flow record FLOW_REC
match ipv4 source address
match ipv4 destination address
match interface input
match ipv4 fragmentation offset
match ipv4 fragmentation flags
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos
collect interface output
collect counter bytes
collect counter packets
exit
!
flow exporter FLOW_EXP
description **NetFlow Exporter to PRTG**
destination 10.x.x.x
source GigabitEthernet0/0/0.1
transport udp 9996
exit
!
flow monitor FLOW_MON
exporter FLOW_EXP
cache timeout active 60
record FLOW_REC
exit
!
Thanks!
02-09-2022 01:57 AM
i will configure different monitor and apply to respected interface -
i will use below example :
flow record FLOW_REC
................
flow monitor FLOW_MON
.............
flow record FLOW_REC1
.............
flow monitor FLOW_MON1
............
interface GigabitEthernetx/x/0
ip flow monitor FLOW_MON input
ip flow monitor FLOW_MON output
interface GigabitEthernetx/x/1
ip flow monitor FLOW_MON1 input
ip flow monitor FLOW_MON1 output
02-09-2022 03:10 AM
In this case, I have to configure a different [Exporter] with a different UDP port# for each Netflow [Record, Monitor] that will be associated with it, so from the collector side I will be able to add multiple sensors for each interface. right?
02-09-2022 04:58 AM
If you are using different ports, other side need to able to receive same ports, so the information can reach far end.
yes high level should work, never changed ports different collector, but as long both side agreed as send and receive should be ok technically.
02-09-2022 05:57 AM
Sure, Ports must match from both ends.
Thanks a lot Balaji.
02-09-2022 07:13 AM
Let us know how that works, if all good, make it resolved with your feedback will help other community members
02-11-2022 06:29 AM
Here is the scenario i came up with:
I used the same configuration that i have mentioned earlier in this thread, using one [Exporter, Record, Monitor] and applied it to all the interfaces that i want to monitor in one direction as an {input}, which gave me the best results output without flow duplication. from the PRTG side, all the output will be under one sensor per device like an aggregation for all the flows of all the interfaces.
if for example i used the same scenario above and i wanted to monitor an interface individually to see the BW utilization or anything i want to monitor for this particular interface, i have to create a different [Exporter] with a different UDP port No. so i can add a separate sensor on PRTG.
you have mentioned earlier to use different [Record] for each interface. using different [Record] will allow you to collect different information on a particular interface by choosing the information you want to match.
for example:
flow record FLOW_REC
match ipv4 source address
match ipv4 destination address
match interface input
................
flow monitor FLOW_MON
.............
flow record FLOW_REC1
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos
.............
flow monitor FLOW_MON1
............
interface GigabitEthernetx/x/0
ip flow monitor FLOW_MON input
ip flow monitor FLOW_MON output
interface GigabitEthernetx/x/1
ip flow monitor FLOW_MON1 input
ip flow monitor FLOW_MON1 output
02-11-2022 06:46 AM
yes if you like to have different ports, then you need to send to different ports.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide