02-19-2019 05:34 AM - edited 03-03-2019 09:00 AM
Dear All,
I am not sure if I am correct with my netflow question in this category. But I hope so.
I am running "nfsen" as netflow collector. I am collecting the netflow data from two cisco devices: this is a C2921 as Internet gateway and a WS-C6506-E as central switch with routing module and several routed VLAN's. This 6506 has IOS Version 12.2(33)SXJ10. The netflow graphs for C2921 are looking quite fine. What we are seeing could be what really goes over this router. But if I look at graph of 6506 I see typically less than 5 Mbit which can't be true in a network of hundred of users and a lot of servers. I made some tests between two routed VLANs with "iperf" and netflow shows less than 0.1% of the reported throughout. Obviously I made something wrong with the cisco configuration.
These are the relevant part of my config:
global section:
ip flow-cache entries 128000
ip flow-cache timeout active 1
ip flow ingress layer2-switched vlan 1,25,52,56,80,90,125
mls aging fast time 15 threshold 3
mls aging long 64
mls aging normal 32
mls netflow interface
mls flow ip interface-full
mls flow ipv6 interface-full
mls nde sender version 5
mls sampling time-based 64
mls qos map dscp-cos 40 to 4
VLAN interfaces I have for example:
interface Vlan1
ip flow ingress
ip flow egress
Finally I have:
ip flow-export source Vlan1
ip flow-export version 9
ip flow-export destination some.ip.add.ress 10002
ip flow-aggregation cache protocol-port
cache entries 1024
cache timeout inactive 300
export destination some.ip.add.ress 10002
enabled
!
ip flow-top-talkers
top 50
sort-by bytes
Any help is welcome.
Kind regards
Hans
02-25-2019 12:13 AM
Hi there,
Ah nfsen, a great product!
Looking at your config I would try reverting the cache timeout value to default (30 minutes). You already have configured an above default cache size, so timing active flows out after one minute seems excessive and may be where you hare losing the data.
! no ip flow-cache timeout active 1 !
cheers,
Seb.
02-26-2019 08:31 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide