Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1665
Views
0
Helpful
3
Replies

Bandwidth monitor using Netflow v5

Go to solution
Edson Vuma
Level 1
Level 1

‎10-17-2014 07:41 AM

Hi, all.

I actually have a router with sub-ifs...

I want to monitor the bandwidth with PRTG on each sub-if at the same time using Netflow.

I managed to make this configuration, but until now only accepts one sub-if each time.

Here is what I have on the router:

flow exporter PRTG
 description FLOW_EXPORTER_TO_PRTG
 destination 10.10.10.10
 source GigabitEthernet0/1.1
 transport udp 1000
 export-protocol netflow-v5
!

interface GigabitEthernet0/1.1
 encapsulation dot1Q 1
 ip address <IP-ADDRESS>  <MASK>
 ip nbar protocol-discovery ipv4
 ip flow ingress
 ip flow egress
!

ip flow-export source GigabitEthernet0/1.1
ip flow-export version 5
ip flow-export destination 10.10.10.10 1000
!

This only works if I add the commands in red.

 

I created a new flow exporter, e.g.>

flow exporter PRTG_2
 description FLOW_EXPORTER_TO_PRTG_2
 destination 10.10.10.10
 source GigabitEthernet0/1.2
 transport udp 1000
 export-protocol netflow-v5
!

And configured on the sub-if

interface GigabitEthernet0/1.2
 encapsulation dot1Q 1
 ip address <IP-ADDRESS>  <MASK>
 ip nbar protocol-discovery ipv4
 ip flow ingress
 ip flow egress
!

 

But, on the PRTG it doesnt import/receive the flow.

 

Because of the source command in RED above.

 

I use show ip flow and this is what it shows>

Router#sh ip flow export
Flow export v5 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Source(1)       <IP-ADDRESS> (GigabitEthernet0/1.1)
    Destination(1)  10.10.10.10 (1000)
  Version 5 flow records
  50914209 flows exported in 1697147 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
Router#

 

Am I doing something wrong here?

Is there a way to activate the SOURCE simultaneosly?

 

P.S.: Without the commands in red it doesnt work.

P.S. 2: I tried to use the interface and not the sub-if

 

Any help?

Warm regards

/EV

 

-- Regards Edson Vuma
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
houtan haddadlarijani
Level 1
Level 1

‎10-19-2014 01:35 PM

Dear Edson

 

The red lines which you added are legacy netflow commands. First you used NFN ( Flexible NetFlow). These are separate things and their operations do not correspond  each other.

About NFN:

You created Flow Exporter but missed the next step. You must enable flow monitor to complete your configuration; here's an example

 

flow exporter PRTG

source 192.168.1.1 

destination 10.10.10.2

export-protocol netflow-v5

transport udp 500 

!

flow monitor MONITOR1
record netflow ipv4 original-input

exporter PRTG

!

interface Ethernet 0/0

ip address 192.168.1.1 255.255.255.0

 ip flow monitor MONITOR1 input

 

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
houtan haddadlarijani
Level 1
Level 1

‎10-19-2014 01:35 PM

Dear Edson

 

The red lines which you added are legacy netflow commands. First you used NFN ( Flexible NetFlow). These are separate things and their operations do not correspond  each other.

About NFN:

You created Flow Exporter but missed the next step. You must enable flow monitor to complete your configuration; here's an example

 

flow exporter PRTG

source 192.168.1.1 

destination 10.10.10.2

export-protocol netflow-v5

transport udp 500 

!

flow monitor MONITOR1
record netflow ipv4 original-input

exporter PRTG

!

interface Ethernet 0/0

ip address 192.168.1.1 255.255.255.0

 ip flow monitor MONITOR1 input

 

 

 

0 Helpful

Go to solution
Edson Vuma
Level 1
Level 1
In response to houtan haddadlarijani

‎10-20-2014 01:57 AM

Hi, Houtan H Larijani

Thanks for you reply...

It worked just fine.

Thanks.

 

But on the flow exporter config, it didn't allow me to use:

source <IP Address>

Only the interface...So I used the interface and it worked.

Here is what it allows me:

Router(config)#flow exporter PRTG
Router(config-flow-exporter)#source ?
  Async                          Async interface
  Auto-Template                  Auto-Template interface
  BVI                            Bridge-Group Virtual Interface
  CDMA-Ix                        CDMA Ix interface
  CTunnel                        CTunnel interface
  Dialer                         Dialer interface
  Embedded-Service-Engine        cisco embedded service engine module
  GigabitEthernet                GigabitEthernet IEEE 802.3z
  Group-Async                    Async Group interface
  LongReachEthernet              Long-Reach Ethernet interface
  Loopback                       Loopback interface
  MFR                            Multilink Frame Relay bundle interface
  Multilink                      Multilink-group interface
  Null                           Null interface
  Port-channel                   Ethernet Channel of interfaces
  Tunnel                         Tunnel interface
  Vif                            PGM Multicast Host interface
  Virtual-PPP                    Virtual PPP interface
  Virtual-Template               Virtual Template interface
  Virtual-TokenRing              Virtual TokenRing
  vmi                            Virtual Multipoint Interface

Router(config-flow-exporter)#


Few questions:

1. Can I use the "original-output" on the same flow monitor?

So, putting something like (check red):

flow monitor MONITOR_PRTG
 exporter PRTG
 record netflow ipv4 original-input
 record netflow ipv4 original-output

 

2. On the interfaces Im monitoring, I left like this:

interface GigabitEthernet0/1.2
 encapsulation dot1Q 1
 ip address <IP-ADDRESS>  <MASK>
 ip nbar protocol-discovery ipv4
 ip flow ingress
 ip flow egress
 ip flow monitor MONITOR_ENH input

Using the flow monitor, do I have to keep or remove the red commands above?

 

3. On the interface below for example, can I use the input with output at the same time?
Or the "input" itself works?

interface GigabitEthernet0/1.2
 encapsulation dot1Q 1
 ip address <IP-ADDRESS>  <MASK>
 ip nbar protocol-discovery ipv4
 ip flow ingress
 ip flow egress
 ip flow monitor MONITOR_ENH input

 

Thanks again for your reply.

 

Regards

/EV

-- Regards Edson Vuma
0 Helpful

Go to solution
houtan haddadlarijani
Level 1
Level 1
In response to Edson Vuma

‎10-20-2014 02:58 AM

 

Q1- There's no limitation for using input and output simultaneously.

 

Q2- "ip flow egress/ingress" monitor old net flow command (ip flow-export) and are not related with your new configuration, "remove them".

 

Q3- using record input/output or both of them is up to you and what do you want to measure on interface. 

 

Good luck

 

 

0 Helpful
Customers Also Viewed These Support Documents