I am not sure if I fully

poulid.cma · ‎03-18-2015

Hi there. We've requested that our network provider export Netflow from the WAN facing interface on their CE router in every regional office we have, to our collector at head office. They are concerned about the fact that we would be seeing their management traffic on our collector, since the management of the router is not OOB, so it will be exported along with the rest of the traffic.

They are proposing setting up a new VRF for management traffic, and it looks like this is going to be a complicated change considering we've got 60-70 locations.

Is it not possible to simply configure Netflow to not export data to/from the providers management IP's? This seems like something flexible netflow should be able to do...or maybe not?

Cisco Freak · ‎03-19-2015

Hi,

Can you please clarify what you meant by management traffic? Is there a lot of management traffic that will make significant changes in the netflow report?

CF

poulid.cma · ‎03-19-2015

I guess they're concerned about us seeing the IP's that they use within the MPLS cloud for management (SSH, traps, etc), they say its a security concern. I called BS, but they're the largest carrier in the country, and won't make an exception for one client.

Cisco Freak · ‎03-19-2015

I am not sure if I fully understood your network setup.

But once netflow is enabled in an interface, all the traffic flow that is being flown through that interface will be reported to netflow harvester server. We can't make exception for a particular IP/flow.

CF

Excluding addresses/segments from Netflow export