04-04-2005 06:03 PM
Hi.
I'm wondering if I can enable netflow on an interface and capture just the flows for specific prefixes. The problem is that I have netflow enable on a couple of OC-3 interfaces and my netflow collector is getting a lot of stats and is getting full with just a couple of hours of stats. I would like to capture stats for at least 3 weeks for those specific prefixes.
I can enable netflow on the access layer but the problem is that the prefixes are spread all over the place and the OC3 links are the exit point.
Any idea on how to gather those statistics.... without overloading the NFC Server... :)
TIA,
-Jose
04-08-2005 11:57 AM
The Netflow collector would use a particular port on which the exported data from the routers will be collected. Try putting an access-list or some other kind of filtering that would block the unwanted Prefixes from reaching the Netflow collector. Identify the port used by the Netflow collector and filter the unwanted prefixes from reaching the Netflow collector.
04-15-2005 08:21 AM
One approach may be to get a commercial or freeware NetFlow analysis/reporting tool that imports the NFC data into its own database periodically, say every 15 mins, so you don't have to worry about data storage on the NFC anymore. The tool can possibly report on specific prefixes too.
Another is to replace NFC completely with a third-party collection that can filter by prefixes.
BTW, NetFlow version 8 seems to support both dst-prefix and src-prefix aggregation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide