Re: Flexible netflow not generating flows

girish_gavandi · ‎11-19-2013

Dear All,

I have configured a cisco 2951 router for cisco flexible netflow v9. Router running IOS image version

c2951-universalk9-mz.SPA.151-4.M4.bin. But it is not generating any flows nor populating the cache.

Network node manager is configured to collect the flows from the 2951 router.

Any ideas why it is not generating the flows? Your suggestions are highly appreciated.

Below are the commads applied to the router and also the show output of the cache,

flow record MOIFR

desc NBAR Flexible Netflow Record

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

match interface output

match flow direction

match ipv4 source mask

match ipv4 destination mask

collect transport tcp flags

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

!

flow exporter MOIFE

description Flexible NetFlow Exporter

destination 10.10.10.1

source loopback0

transport udp 9996

template data timeout 600

option interface-table

option exporter-stats

option sampler-table

!

flow monitor MOIFM

record MOIFR

exporter MOIFE

cache timeout active 60

!

int gig 0/1

ip flow monitor MOIFM input

ip flow monitor MOIFM output

==========================================================

R02#sh flow monitor MOIFM cache format table

Cache type: Normal

Cache size: 4096

Current entries: 0

High Watermark: 0

Flows added: 0

Flows aged: 0

- Active timeout ( 60 secs) 0

- Inactive timeout ( 15 secs) 0

- Event aged 0

- Watermark aged 0

- Emergency aged 0

There are no cache entries to display.

R02#sh flow monitor MOIFM cache format record

Cache type: Normal

Cache size: 4096

Current entries: 0

High Watermark: 0

Flows added: 0

Flows aged: 0

- Active timeout ( 60 secs) 0

- Inactive timeout ( 15 secs) 0

- Event aged 0

- Watermark aged 0

- Emergency aged 0

There are no cache entries to display.

Regards,

Girish

jakewilson · ‎11-19-2013

Hello Girish,

When you state "it is not generating any flows nor populating the cache" does this mean that wireshark didn't see any flows? I would verify this by putting a packet analyzer as close as possible to the interface that the datagrams should be leaving on.

I noticed that your record description includes 'NBAR'. If you want to export NBAR, you need to include the following in the record definition:

match application name

When you define the flow exporter, I would change 600 to 60 and you need to include the NBAR application-table option template:

template data timeout 60

option application-table timeout 60

I hope this helps. Here's a good post on NetFlow v9 NBAR.

Jake

girish_gavandi · ‎11-20-2013

Hi Jake,

Tested your suggestions, no luck!

The router itself is not generating any packets. Debug command doest give any output. The network node manager was configured to receive these netflow packets. The people managing this NNM also tried capturing the packets but nothing.

This happens not only with this particular router but there many others with different hardware configurations and IOS versions. Same comamnds have been put on them as well.

Any ideas would be appreciated.

Regards,

Girish

jakewilson · ‎11-20-2013

Perhaps try traditional NetFlow 5 configuration without flexible netflow. See if that works.