Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3204
Views
0
Helpful
2
Replies

Setting up netflow on Nexus 7K - ver 6.1(3)

sdavids5670
Level 2
Level 2

‎05-23-2013 10:02 AM

I was trying to get Netflow setup on one of my 7K VDCs and ran into a problem.  While netflow data was reaching the collector, IP src/dst information was not appearing in the analyzer tool.  I could not see any information about conversations.  So I contacted the company that makes the collector/analyzer and the directed me to a blog on their site and told me to setup the 7K exactly as it is described in the blog post.  I did and a bit later the ip src/dst address information appeared.  So the only difference between the two configurations was that in the first case I tried to define a record and in the second case, no record was defined and instead the orginial-netflow parementer was used in the "flow monitor" section.

Here's the original config (that didn't work):

feature netflow

!

flow timeout active 60

!

flow exporter NETFLOW-COLLECTOR

  destination 172.19.30.136 use-vrf management

  transport udp 9996

  source mgmt0

  version 9

!

flow record Default-Netflow-Record

  match ipv4 source address

  collect counter bytes long

  collect counter packets long

!

flow monitor My-Flow-Monitor

  record Default-Netflow-Record

  exporter NETFLOW-COLLECTOR

!

interface Vlan3049

  (partial-config)

  ip flow monitor My-Flow-Monitor input

And here is the config (that does work):

feature netflow

!

flow timeout active 60

!

flow exporter NFAexporter

  destination 172.19.30.136 use-vrf management

  transport udp 9996

  source mgmt0

  version 9

!

flow monitor NFAmonitor

  record netflow-original

  exporter NFAexporter

  ip flow monitor NFAmonitor input

!

interface Vlan3049

  (partial config)

  ip flow monitor NFAmonitor input

I referenced the document "Cisco Nexus 7000 Series NX-OS System Management Configuration Guide,Release 6.x", Chapter 19 - Configuring NetFlow.

It's clear to me that I didn't do something right in defining my own record since that's really the only difference between the config that worked vs the config that didn't.  However, the documentation I referenced doesn't really provide helpful information about how to create a record (above and beyond what I can already see by typing '?' at the CLI).  For example, the "match" command makes no sense to me.  Usually when you have a match command it is accompanied by some sort of ACL.  In the "flow record" section a match command would be something like "match ipv4 source address" but that's it.  What does that mean?  Match anything that has a IPv4 source address??  That doesn't make much sense.  The collect commands are equally as bewildering.  If I want to define my own record (and not use the original-netflow parameter) what do I need to do in the "flow record" sub-configuration to get Nexus to send ip src/dst information to the collector (which, I would think, is basic information to send - what good is netflow data without it)?

Regards,

Steven

Labels:
0 Helpful
2 Replies 2

jakewilson
Level 1
Level 1

‎05-23-2013 06:03 PM

HI Steven,

I found a link on Cisco's site in a google search:Nexus 7000 NetFlow NX OS configuration

This other blog post on Nexus 7000 NetFlow might help with the question "how to create a record" as your match and collect statements look a little thin to me.  There is a good blog on how match and collect work.  

Please vote on my post if this information helps.

Sincerely,

Jake - NetFlow Knight

0 Helpful

luioskaung90
Level 1
Level 1

‎10-01-2018 12:16 AM

Hello Steven,

 

Have you already resolve this issue ?
if you are using vrf management IP but you trying to get data from different vrf. is it possible to get the data ?

0 Helpful
Customers Also Viewed These Support Documents