Hi, I've a customer running on the mentioned core switch with software of c6msfc2-pk2sv-mz.121-13.E11. I'm implementing a netflow collector into their environment, but it turn out that this version of IOS only support netflow v5/v6, and with only fast-switching flow-cache supported.
My initial plan is as follows:
ip flow-export destination < >
ip flow-export source < >
ip flow-export version 5
interface vlan <server_vlan>
ip route-cache flow.
what's the main difference between "ip route-cache flow" and "ip flow ingress/egress".
Does server -> server in the same vlan consider a flow as well?
appreciate if anyone could comment on this
ip route-cache flow is deprecated command, use
the "ip flow ingress" instead.
No if you want to account communication between host in the same VLAN use the commands:
ip flow ingress layer2-switched vlan
ip flow export layer2-switched vlan
Enable also mls netflow ...
For more information see:
unfortunately "ip route-cache flow" is the only option in that particular IOS, I just wondering is there anything I miss using "ip route-cache flow" instead of "ip flow ingress/egress". And is it possible to enable the netflow for the layer2-switched traffics using the "ip route-cache flow"?
I've spoke to the customer but they're reluctant to upgrade their current working IOS due to various reasons. I've conducted some other netflow collection using the "ip route-cache flow" but the end-result was not really satisfying/acceptable as the result does not seem to reflect the actual traffics.
Is there any other options?
did you enable mls nde? Try the following:
switch(config)# mls nde sender version 7
switch(config)# mls aging long 128
switch(config)# mls aging normal 32
switch(config)# mls flow ip full
switch(config)# mls flow ip interface-full
"ip route-cache flow" enable L3 switched traffic accounting.
well, decided not to send the layer2 switched traffic through netflow, only account for the layer3 switched traffics. So only the "ip route-cache flow" command and the ip flow-export commands are required.
I've done this better and think was not the best way as the collected result does not seems to reflect the actual traffics...just wondering whether there's another way to do this without upgrading their current IOS?
You still need to enable nde on the CatOS side to account for mls traffic. If you only enable NetFlow on the MSFC, you only account for the first packet in the flow in the NetFlow statistics.
By default, you will get will get NetFlow data only on the routed traffic. If you enter "set mls bridged-flow-statistics enable