07-01-2021 10:50 PM
I'm not able see specific VRF traffic coming in from a tunnel configured with flow monitoring. This tunnel is used to establish a VPNv4 BGP neighborship with another router that is generating the traffic. I'm wanting to verify the traffic flow in a VRF as far as input and output traffic flow. However, if the VRF is not configured on an interface netflow doesn't seem to be able to record the traffic. I am able see traffic in a VRF so long as it goes into an interface configured in the VRF. Below is my configuration example:
flow record Record
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
collect routing source as
collect routing vrf input
collect ipv4 tos
collect ipv4 dscp
collect ipv4 fragmentation flags
collect ipv4 fragmentation offset
collect transport tcp flags
collect counter bytes
collect counter packets
collect routing vrf output
flow exporter Exporter
destination DESTINATION ADDRESS vrf VRF_NAME
source Loopback99
transport udp 2055
flow monitor Monitor
exporter Exporter
cache timeout inactive 5
cache timeout active 60
cache entries 10000
record Record
interface Tunnel1234 <---Tunnel that router has MP-BGP neighbor ship with interesting traffic is coming from.
ip flow monitor Monitor input
ip flow monitor Monitor output
interface GigabitEthernet0/0/0.102 <---- Can see traffic in this VRF
encapsulation dot1Q 102
vrf forwarding VRF-102
ip flow monitor Monitor input
ip flow monitor Monitor output
Can not see traffic in VRF-114
Both VRFs are configured on a Cisco ASR1006 running 16.12.5. Any suggestions to be able to monitor other VRF traffic without having an interface in the VRF?
07-02-2021 01:13 AM
I would look first step, from this VRF are netflow server able to reach ?
are you able to netflow stats on the device on VRF ?
07-02-2021 06:26 AM
I think what you are asking is if the flow exporter is reachable within the VRF. Correct me if I am wrong but the flow exporter is used to send netflow traffic for consolidation to be viewed as historical data. What I am trying to do in this case is see live data local to the router as it flows from one interface to another or local to the router. This way I can immediately identify issues with routing as end-user traffic is generated. The problem I having on this router is netflow is not seeing this traffic through the VRF and I'm not sure why.
07-06-2021 06:47 AM
Also wanted to indicate this router has many VRFs that transit through it to other routers but only have interfaces in a few of the VRFs. These interfaces I can see netflow traffic but not the VRFs that don't have an interface that traffic is flowing into or out of.
07-06-2021 07:41 AM
VRF is seperate instance right, so to reach destination it required route.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide