08-03-2016 05:07 AM
hi folks,
I can't force this router to send NetFlow data.
things I configured:
1. custom records (or used netflow-original)
2. exporters with the destinations, sources and ports.
3. monitor with the exporters and sometimes options.
4. applied this monitor to the interface
I can see cache records about traffic but it doesn't send anything. I tried PI, PRTG, ManageEngine and even nfsen. Finally I managed to see statistics and saw next:
Flow Exporter PI-2.2:
Packet send statistics (last cleared 2w3d ago):
Successfully sent: 2760 (3785610 bytes)
Reason not given: 684966 (943297544 bytes)
Client send statistics:
Client: Flow Monitor BGP-AS-INT
Records added: 18851588
- failed to send: 18851588
Bytes added: 923727812
- failed to send: 923727812
I've heard about ASR1k and their inability to use management interface but I have dedicated port-channel subinterface and VRF for it for separating management traffic. hope someone have some thoughts or advices.
thanks in advance!
08-03-2016 05:18 AM
Hi
looks like it did send some data , this is my flex netflow works fine on 4331s you could try that if its still not working I would try a different ios-xe if your certain your not blocking the port somewhere its using
saying that we hit a bug as well and if your sourcing from a VRF it wont work unless your on higher than 15.5.(3)S3 it just wont export correctly
flow exporter xxxx
destination x.x.x.x
source GigabitEthernet0
transport udp 9995
export-protocol ipfix
option interface-table
option vrf-table
option sampler-table
option application-table
option c3pl-class-table
option c3pl-policy-table
option application-attributes
!
!
flow monitor xxxxxx
exporter xxxxx
exporter xxxxx
cache timeout inactive 10
cache timeout active 60
record xxxxxxxxx
flow record xxxxx
match flow direction
match interface input
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match ipv4 tos
match transport destination-port
match transport source-port
collect application name
collect counter bytes
collect counter packets
collect flow sampler
collect interface output
collect ipv4 destination mask
collect ipv4 dscp
collect ipv4 id
collect ipv4 source mask
collect ipv4 source prefix
collect routing destination as
collect routing next-hop address ipv4
collect routing source as
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect transport tcp flags
Flow Exporter xxxxxxxxxxxx
Packet send statistics (last cleared 3w5d ago):
Successfully sent: 6540975 (7710281076 bytes)
Reason not given: 12672 (15605048 bytes)
!
08-03-2016 06:15 AM
hi Mark,
thanks for your suggestion.
I somehow managed to solve my issue, I saw a thread about catalyst 6k and their issues, something pinged me and I decided decided to try one more thing:
was:
flow exporter prtg
destination x.x.x.x
source Port-channel1.y
transport udp 9995
became:
flow exporter prtg
destination x.x.x.x vrf mgmt
source Port-channel1.y
transport udp 9995
I was sure before that stating interface which is already in the VRF is enough to use VRF setting, but no it didn't work. I'm posting it to help others because I didn't find this little but important detail in the configuration guides neither examples for IOS-XE.
I have a little bit shorter record list for flows:
flow record PI-2.2
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect flow direction
collect timestamp sys-uptime last
collect timestamp sys-uptime first
collect counter bytes long
collect counter packets long
collect flow sampler
collect transport tcp flags
and this brings another question: which traffic collector do you using? I'm seeing traffic at PRTG, ManageEngine, nfsen but not on Prime Infrastructure 2.2.
thanks in advance
08-03-2016 06:19 AM
good stuff for posting the fix it will help someone
Im using LiveAction for our IWAN flows and global mapping of our netflow traffic and then I use Prime 3.1 to collect all Cisco device info and then CA NetQos for Cisco and non Cisco , we have some other collector intermapper as well but i rarely use it
08-03-2016 06:34 AM
thanks for the information!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide