netflow : 6506E IOS 12.2(33)SXJ10 only a small part of data collected
I am not sure if I am correct with my netflow question in this category. But I hope so.
I am running "nfsen" as netflow collector. I am collecting the netflow data from two cisco devices: this is a C2921 as Internet gateway and a WS-C6506-E as central switch with routing module and several routed VLAN's. This 6506 has IOS Version 12.2(33)SXJ10. The netflow graphs for C2921 are looking quite fine. What we are seeing could be what really goes over this router. But if I look at graph of 6506 I see typically less than 5 Mbit which can't be true in a network of hundred of users and a lot of servers. I made some tests between two routed VLANs with "iperf" and netflow shows less than 0.1% of the reported throughout. Obviously I made something wrong with the cisco configuration.
These are the relevant part of my config:
ip flow-cache entries 128000 ip flow-cache timeout active 1
ip flow ingress layer2-switched vlan 1,25,52,56,80,90,125
mls aging fast time 15 threshold 3 mls aging long 64 mls aging normal 32 mls netflow interface mls flow ip interface-full mls flow ipv6 interface-full mls nde sender version 5 mls sampling time-based 64 mls qos map dscp-cos 40 to 4
VLAN interfaces I have for example:
interface Vlan1 ip flow ingress ip flow egress
Finally I have:
ip flow-export source Vlan1 ip flow-export version 9 ip flow-export destination some.ip.add.ress 10002 ip flow-aggregation cache protocol-port cache entries 1024 cache timeout inactive 300 export destination some.ip.add.ress 10002 enabled ! ip flow-top-talkers top 50 sort-by bytes
Looking at your config I would try reverting the cache timeout value to default (30 minutes). You already have configured an above default cache size, so timing active flows out after one minute seems excessive and may be where you hare losing the data.
The following documents are reviewed on the Ask The Experts Session titled: Use Case Overview and Planning: Cisco DNA Center Project Planning.
Here you can find editable versions of the
Solution Requirements Document UCOP_CiscoDNACenterProjectPlann...
If so, we’d like to speak with you to understand you and your team’s process on how you monitor and troubleshoot network traffic.
We ask that you complete our brief survey: https://ciscoux.az1.qualtrics.com/jfe/form/SV_d4LYJ5oWqWj9CCy Based on your ...
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...