Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3580
Views
15
Helpful
5
Replies

Configuring NetFlow for Solarwinds?

Go to solution
CiscoBrownBelt
Level 6
Level 6

‎01-29-2020 02:30 PM

Is it best to configure the interface you want on the router/switch/fw for ip flow ingress and egress? 

Should you configure Netflow to be enabled on all interfaces?

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎01-29-2020 04:47 PM

Hi,

 

It depends upon your objective what you want to achieve. If you are looking to analyze the network traffic on the wan or

 internet uplink then you need to enable Netflow on the egress direction at least on the Edge Router.

 

If you are looking for the visibility in solarwinds analyzer for your internal LAN traffic, if you want to observe internal network traffic behaviour, any intrusion activity then you should enable Netflow at least on all your core switch interfaces , you can enable ingress only or both.  Further if you have DMZ/internal servers zone then it is also good idea to enable Netflow on the firewall to have visibility for the traffic reaching your DMZ or your internal applications.

View solution in original post

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to CiscoBrownBelt

‎01-29-2020 06:18 PM - edited ‎01-29-2020 06:19 PM

Hi,

 

Yes you can safely enable and netflow requires very less overhead as it is sending only Metadata, not the actual data. It consume typically less than 0.5% of actual traffic.

 

But still if you have concerns about the bandwidth utilization, you can put some traffic shaping to limit the rate for the traffic sent to netflow server. By this, you will be able to monitor also the traffic match to netflow class map.

 

I personally never face issue in customer LAN enabling Netflow on all the ports of core switches but you can start by enabling some ports and enabling them gradually. 

View solution in original post

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to CiscoBrownBelt

‎01-30-2020 07:43 PM

Hi,

 

On the appropriate edge Router, you can use traffic shaper  to control or limit the bandwidth. There is no such need to do that on any internal network. Benefit for applying it at the edge that traffic will be policed before it reach to your internal server resources.

View solution in original post

5 Replies 5

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎01-29-2020 04:47 PM

Hi,

 

It depends upon your objective what you want to achieve. If you are looking to analyze the network traffic on the wan or

 internet uplink then you need to enable Netflow on the egress direction at least on the Edge Router.

 

If you are looking for the visibility in solarwinds analyzer for your internal LAN traffic, if you want to observe internal network traffic behaviour, any intrusion activity then you should enable Netflow at least on all your core switch interfaces , you can enable ingress only or both.  Further if you have DMZ/internal servers zone then it is also good idea to enable Netflow on the firewall to have visibility for the traffic reaching your DMZ or your internal applications.

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Muhammad Awais Khan

‎01-29-2020 05:59 PM

So its best to go ahead and enable it on all active links on the switches and routers if I want to analyze pretty much all internal and external/wan traffic correct? Any possible considerations I may need to be concerned about in regards to network performance simply running Netflow and exporting the data to let's say Solarwinds or Service Manager,etc.?
0 Helpful

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to CiscoBrownBelt

‎01-29-2020 06:18 PM - edited ‎01-29-2020 06:19 PM

Hi,

 

Yes you can safely enable and netflow requires very less overhead as it is sending only Metadata, not the actual data. It consume typically less than 0.5% of actual traffic.

 

But still if you have concerns about the bandwidth utilization, you can put some traffic shaping to limit the rate for the traffic sent to netflow server. By this, you will be able to monitor also the traffic match to netflow class map.

 

I personally never face issue in customer LAN enabling Netflow on all the ports of core switches but you can start by enabling some ports and enabling them gradually. 

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Muhammad Awais Khan

‎01-30-2020 07:25 PM

Ok awesome info thanks!

Let's say I wanted to limit bandwidth for a particular customer/remote location. Is it best to just configure a bandwidth shaper policy on the applicable edge router interface or whatever is used to connect to the customer? Is there still a need to enter qos traffic shaper configs for that customer at other internal devices in the network that connect to any other servers, resources, or network devices that the customer traffic may be allowed through or is simply limiting th e bandwidth on the connection/pipe used for connecting to the customer good enough?

0 Helpful

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee
In response to CiscoBrownBelt

‎01-30-2020 07:43 PM

Hi,

 

On the appropriate edge Router, you can use traffic shaper  to control or limit the bandwidth. There is no such need to do that on any internal network. Benefit for applying it at the edge that traffic will be policed before it reach to your internal server resources.

Customers Also Viewed These Support Documents