Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
976
Views
0
Helpful
6
Replies

NetFlow Feature card support needed

ssieger
Level 1
Level 1

‎07-24-2009 12:17 AM

Hi,

i've installed a NFC in the following scenario: Cat4500 SUPIV, IOS 12.2(25)EWA1.

Netflow commands configured:

ip route-cache flow infer-fields

ip flow ingress infer-fields

ip flow ingress layer2-switched

ip flow-cache timeout inactive 30

ip flow-cache timeout active 2

ip flow-export source Vlan147

ip flow-export version 5

ip flow-export destination <ip> 9996

I've several SVI's connected, all configured in a uniform manner. But the WAN SVI-Interface, which is a DTM ethernet connection, only shows incoming traffic. The peer interface which is homed on a 6509 show in- and outgoing traffic. Netflow collector is Netflow Analyzer 7. I'm stumped, why is only one SVI showing this issue?

Labels:
0 Helpful
6 Replies 6

yjdabear
VIP Alumni
VIP Alumni

‎07-24-2009 05:25 AM

On the 6509, are there other interfaces that have "ip route-cache flow" turned on, or just the peer interface to the 4500?

0 Helpful

ssieger
Level 1
Level 1
In response to yjdabear

‎07-26-2009 10:25 PM

There are over 150 SVI's on the 6509, but the problem with traffic in only one direction is on the 4506.

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to ssieger

‎07-27-2009 06:21 AM

I suspect the 4506 only has that one WAN-SVI interface with "ip route-cache flow" configured, so it's entirely expected behavior you only see incoming traffic, because NetFlow is unidirectional only and ingress by default (and as configured).

On the other hand, the 6509 does not exhibit the problem, probably because it has multiple interfaces with "ip route-cache flow" on. So you're getting the bi-directional picture of the traffic flowing through two of the 6509's interfaces (in through one, out through another), because the Netflow Analyzer software can stitch two interfaces' ingress records into one duplex conversaion.

0 Helpful

ssieger
Level 1
Level 1
In response to yjdabear

‎07-27-2009 10:25 PM

It is not possible to configure "ip route-cache flow" on the svi's of the 4506. it has ios 12.2(25)EWA1 installed and the command is not available. I guess i'll do an update the next days first, and try to configure the command again after the new version is running.

Greetings,

Stephan

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to ssieger

‎07-28-2009 12:41 PM

It appears the 4500 does not support "ip route-cache flow" per interface. The "ip route-cache flow infer-fields" that I assumed was applied on the SVI interface is all it takes, globally.

Lastly, try appending "peer-as" or "origin-as" after "ip flow-export version 5".

0 Helpful

ssieger
Level 1
Level 1
In response to yjdabear

‎07-28-2009 10:18 PM

I've tried appending the commands, but they have no impact at all. I'll do the ios update next wednesday.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card