Flow Monitor Error on ISR4331 - No packet output

cHrome08 · ‎03-26-2020

Hey Guys,

I think this is a Cisco bug, but I would like to check with everyone first before contacting Cisco.
I have a ISR4331 router which has its Netflow configured to point to a Solarwind NTA.

Router is running Version 16.9.3.

Confguration for netflow are as follow:-

1) Record

flow record SOLARWINDS_RECORD
description config for NTA
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
collect flow sampler
collect transport tcp flags
collect timestamp sys-uptime first
collect timestamp sys-uptime last

2) Exporter

flow exporter SOLARWINDS_EXPORTER
description Exporter for NTA
destination 10.x.x.x vrf INTERNAL
source GigabitEthernet0/0/2
transport udp 2055
template data timeout 60

3) Monitor

flow monitor NPM_MONITOR
exporter SOLARWINDS_EXPORTER
cache timeout active 60
statistics packet protocol
record SOLARWINDS_RECORD

4) Assign to interface

interface g0/0/0

ip flow monitor NPM_MONITOR input
ip flow monitor NPM_MONITOR output

I believe all my configurations are working fine.
When i perform the show ip flow mon stats, the output is always 0.

Flow Exporter SOLARWINDS_EXPORTER:
Packet send statistics (last cleared 00:10:32 ago):
Successfully sent: 0 (0 bytes)

Client send statistics:
Client: Flow Monitor NPM_MONITOR
Records added: 0
Bytes added: 0

I can confirm that the Solarwind is able to get access to this ISR router as it is currently monitoring the device via SNMP.
I am just not able to get the flow to be exported out to Solarwinds.

Fyi, my records are working as I can see the results via the command below

show flow monitor NPM_MONITOR cache
Cache type: Normal (Platform cache)
Cache size: 200000
Current entries: 86
High Watermark: 321

Flows added: 7396
Flows aged: 7310
- Active timeout ( 60 secs) 504
- Inactive timeout ( 15 secs) 6806

Is this a Cisco bug?

Thanks.

Cristian Matei · ‎03-26-2020

Hi,

Is the exporter defined destination of 10.x.x.x reachable/routable? Is it reachable from the router via VRF INTERNAL? Ensure those settings are correct, and:

1. verify with command "show flow exporter statistics"

2. use the following debugs to see if you're exporting or not: "debug flow exporter event", "debug flow exporter error", "debug flow exporter packets 300".

Regards,

Cristian Matei.

cHrome08 · ‎03-26-2020

Hi Cristian,

The Solarwind is able to collect data from the router via SNMP.
From that, I assume that the Solarwind has connectivity to the router.

Performing the show flow export stat is still indicating as 0 packets sent

Flow Exporter SOLARWINDS_EXPORTER:
Packet send statistics (last cleared 13:42:40 ago):
Successfully sent: 0 (0 bytes)

Client send statistics:
Client: Flow Monitor NPM_MONITOR
Records added: 0
Bytes added: 0

I added the debug commands that you suggested.
However, there is nothing shown on the logs after implementing the debug commands.
I even remove and reapply the flow on the interface to initiate the flow again to see if that will generate any debug logs, but it didn't.
Any other idea?

Cristian Matei · ‎03-27-2020

Hi,

Is this the proper VRF (INTERNAL) and is the Gig0/0/2 in the same VRF, or do you perform VRF route leaking so that 10.x.x.x is reachable in that VRF?

destination 10.x.x.x vrf INTERNAL
source GigabitEthernet0/0/2

Regards,

Cristian Matei.