Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
0
Replies

Monitoring Traffic on a tunnel - Netflow Version 7

nfordhk
Level 1
Level 1

‎10-26-2012 09:05 AM

Hi,

I am trying to setup monitoring for Netflow and it is working but it doesn't seem I am capturing all the traffic as the utilization only shows 1-2%.

My current setup is this:

ip flow-cache timeout active 1

ip flow-export source GigabitEthernet0/1

ip flow-export version 5

ip flow-export destination xxx.xxx.xxx.xxx 9996 vrf xxxxxxxxxxxx

interface Tunnel1

ip vrf forwarding xxxxxxxxxxxxx

ip address xxxxxxxxxxxxxxxxxx

tunnel source xxxxxxxxxxxxxxxxxxxxxx

tunnel destination xxxxxxxxxxxxxxxxxxxx

tunnel vrf INTERNE

!

interface Tunnel2203

description WAN: US | xxx.xxx.xxx.xxx | xxx.xxx.xxx.xxx | xxx.xxx.xxx.xxx

ip vrf forwarding xxxxxxxxxxxxxxxx

ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

ip mtu 1500

ip route-cache flow

ip tcp adjust-mss 1350

ip ospf authentication-key 7 xxxxxxxxxxxxxxxxxxx

ip ospf cost 20

keepalive 10 3

tunnel sourcexxx.xxx.xxx.xxx

tunnel destination xxx.xxx.xxx.xxx

tunnel key xxx.xxx.xxx.xxx

tunnel checksum

!

interface GigabitEthernet0/1

description xxxxxxxxxxxxx, F0/45

no ip address

ip flow ingress

ip flow egress

ip route-cache flow

duplex auto

speed auto

!

interface GigabitEthernet0/0
description xxxxxxxxxxxxxxxx, xxxxxxxxxxxxx
ip vrf forwarding xxxxxxxxxxxxxxxx
ip address xxxxxxxxxxxxxxxxx
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip route-cache flow
load-interval 30
duplex full
speed 100
no mop enabled

Both Gig0/0 and 0/1 connect to the core however, as you see Gig0/0 uses VRP forwarding which is how I have it setup for our Netflow. I only seem be able to see Tunnel 1 and Gig0/0. I cannot see tunnel 2203 or Gig0/1.

xxxxxxxxxxxxxxx#show ip flow export

Flow export v5 is enabled for main cache

  Export source and destination details :

  VRF ID : 1

    Source(1)       xxxxxxxxxxx (Tunnel2203)

    Destination(1)  xxxxxxxxxx (9996)

  Version 5 flow records

  3423675 flows exported in 115622 udp datagrams

  0 flows failed due to lack of export packet

!

show ip cache flow
IP packet size distribution (1616M total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
   .000 .398 .065 .054 .017 .030 .015 .011 .007 .007 .008 .005 .004 .003 .003

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .002 .002 .003 .038 .321 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes
  287 active, 3809 inactive, 62297999 added
  1265353168 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 25800 bytes
  287 active, 737 inactive, 3406160 added, 3406160 added to flow
  0 alloc failures, 0 force free
  1 chunk, 1 chunk added
  last clearing of statistics never

Please help?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents