Hi,
I am trying to setup monitoring for Netflow and it is working but it doesn't seem I am capturing all the traffic as the utilization only shows 1-2%.
My current setup is this:
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination xxx.xxx.xxx.xxx 9996 vrf xxxxxxxxxxxx
interface Tunnel1
ip vrf forwarding xxxxxxxxxxxxx
ip address xxxxxxxxxxxxxxxxxx
tunnel source xxxxxxxxxxxxxxxxxxxxxx
tunnel destination xxxxxxxxxxxxxxxxxxxx
tunnel vrf INTERNE
!
interface Tunnel2203
description WAN: US | xxx.xxx.xxx.xxx | xxx.xxx.xxx.xxx | xxx.xxx.xxx.xxx
ip vrf forwarding xxxxxxxxxxxxxxxx
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip mtu 1500
ip route-cache flow
ip tcp adjust-mss 1350
ip ospf authentication-key 7 xxxxxxxxxxxxxxxxxxx
ip ospf cost 20
keepalive 10 3
tunnel sourcexxx.xxx.xxx.xxx
tunnel destination xxx.xxx.xxx.xxx
tunnel key xxx.xxx.xxx.xxx
tunnel checksum
!
interface GigabitEthernet0/1
description xxxxxxxxxxxxx, F0/45
no ip address
ip flow ingress
ip flow egress
ip route-cache flow
duplex auto
speed auto
!
interface GigabitEthernet0/0
description xxxxxxxxxxxxxxxx, xxxxxxxxxxxxx
ip vrf forwarding xxxxxxxxxxxxxxxx
ip address xxxxxxxxxxxxxxxxx
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip route-cache flow
load-interval 30
duplex full
speed 100
no mop enabled
Both Gig0/0 and 0/1 connect to the core however, as you see Gig0/0 uses VRP forwarding which is how I have it setup for our Netflow. I only seem be able to see Tunnel 1 and Gig0/0. I cannot see tunnel 2203 or Gig0/1.
xxxxxxxxxxxxxxx#show ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : 1
Source(1) xxxxxxxxxxx (Tunnel2203)
Destination(1) xxxxxxxxxx (9996)
Version 5 flow records
3423675 flows exported in 115622 udp datagrams
0 flows failed due to lack of export packet
!
show ip cache flow
IP packet size distribution (1616M total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .398 .065 .054 .017 .030 .015 .011 .007 .007 .008 .005 .004 .003 .003
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.002 .002 .003 .038 .321 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
287 active, 3809 inactive, 62297999 added
1265353168 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 25800 bytes
287 active, 737 inactive, 3406160 added, 3406160 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Please help?