Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2239
Views
5
Helpful
5
Replies

Problem with Netflow Egress

Go to solution
rodrigo.hernandez
Level 1
Level 1

‎12-07-2011 06:38 AM

Dear Mister

I have a 7204VXR Router, with Neflow.

The collection for all interfaces is ok, but one interface (Gigabitethernet 1/0), is not showing the egress traffic in the pictures.

The configuration has "ip route-cache flow", ip flow egress, and ip flow ingress set. But, is not showing the egress traffic.

Will be a bug???

Or the ifindex is falling. The interface description is send in the flow packet??

Best Regards

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Don Jacob
Level 1
Level 1

‎12-08-2011 10:57 PM

Hi Rodrigo,

Do a "sh ip cache flow" and check if the Gi1/0 is present under the output interface field or if you see NULL. If it is present, you may want to troubleshoot the flow collector and if it shows NULL, the reason could be any of the below:

1. The packets are blocked by an ACL.

2. The packets are process switched. This could be because the feature is not supported by CEF or fast switching. Do a "show int stats" to distinguish between data being process switched instead of cef/fast switched. Also, check "show cef interface" and "show ip interface" to check if CEF is disabled or packets are being punted/dropped due to an unsupported feature configured.

3. Multicast traffic.

4. Packets destined for the router.

5. Tunnels (IPIP, GRE, IPSEC, L2TP) & WCCP.

6. Static route to null0 - e.g. ip route 10.1.0.0 255.255.0.0 Null0

7. Dropped by CAR-QoS.

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if your query has been answered

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.

View solution in original post

5 Replies 5

Go to solution
yjdabear
VIP Alumni
VIP Alumni

‎12-08-2011 12:06 PM

Are you exporting Netflow v9 to your NF collector?

If so, do a packet capture of the NF export from the 7204 to your collector. What do the Direction field show, in the packets concerning g1/0? Are they 0 or 1, or a mix of both? The 1s would be the "ip flow egress" exports.

0 Helpful

Go to solution
Don Jacob
Level 1
Level 1

‎12-08-2011 10:57 PM

Hi Rodrigo,

Do a "sh ip cache flow" and check if the Gi1/0 is present under the output interface field or if you see NULL. If it is present, you may want to troubleshoot the flow collector and if it shows NULL, the reason could be any of the below:

1. The packets are blocked by an ACL.

2. The packets are process switched. This could be because the feature is not supported by CEF or fast switching. Do a "show int stats" to distinguish between data being process switched instead of cef/fast switched. Also, check "show cef interface" and "show ip interface" to check if CEF is disabled or packets are being punted/dropped due to an unsupported feature configured.

3. Multicast traffic.

4. Packets destined for the router.

5. Tunnels (IPIP, GRE, IPSEC, L2TP) & WCCP.

6. Static route to null0 - e.g. ip route 10.1.0.0 255.255.0.0 Null0

7. Dropped by CAR-QoS.

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if your query has been answered

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.

Go to solution
rodrigo.hernandez
Level 1
Level 1
In response to Don Jacob

‎12-12-2011 11:08 AM

Thank you Tomas

OK, I am working now.

But, I have a doubt. The name of description must to be the same in the Router interface and the netflow analyzer?

Best Regards

0 Helpful

Go to solution
Don Jacob
Level 1
Level 1
In response to rodrigo.hernandez

‎12-12-2011 10:46 PM

Hi Rodrigo,

Yes, NetFlow collector products can retrieve the  interface name, alias or description and most of them depend on SNMP for  this. Configure the SNMP parameters of your router on your flow  collector and try to retrieve the interface name or description as per  your requirements. For eg. ManageEngine NetFlow Analyzer has an 'edit'  icon near a router name/IP Address from where you can set SNMP  parameters. The same way, each product may have its own settings.

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if your query has been answered

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.
0 Helpful

Go to solution
CSCO12099251
Level 1
Level 1
In response to Don Jacob

‎09-07-2017 09:44 PM

Hello All,

I have got a problem. Netflow Egress is not exporting flows on my physical interface which is a source for a IPsec GRE tunnel. Ingress flow is working fine.

Can someone please help to advise on this?

 

Regards,

Godwin. S

0 Helpful
Customers Also Viewed These Support Documents