Netflow on ASR 1000 and Whatsupgold

asepiacci · ‎06-17-2014

Hi,

I'm using Whatsupgold as a Netflow collector .

When I configure Flexible Netflow on a Cisco ASR 1000 as follows:

flow exporter Whatsupgold
destination 192.168.10.10
source GigabitEthernet0/0/0.970
ttl 10
transport udp 9999

flow monitor Flow-Monitor
exporter Whatsupgold
record netflow-original

interface GigabitEthernet0/0/1.909
ip flow monitor Flow-Monitor unicast input
ip flow monitor Flow-Monitor unicast output

it works because the record is configured as "netflow-original" and it uses the old standard keys.

But when I try to use a custom record like this:

flow record AS-Path
match routing source as peer
match routing destination as peer
match ipv4 destination address
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow monitor Flow-Monitor
exporter Whatsupgold
record netflow-original

Whatsupgold does not show anything.

Is it something wrong with the configuration or there is a compatibility issue between the new version of Netflow and Whatsupgold?

Thanks

Alessandro

lonmc1977 · ‎07-02-2014

This is all I have on my router and I use it on flow monitor:

ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-export interface-names
ip flow-export destination 172.16.1.248 9996

I assume youve told flow monitor what port to listen to for netflow. Once you do that, under flow sources it should just pop up but it takes a few minutes sometimes. Either version 5 or 9 will work, so Ive read but I use 9.

asepiacci · ‎09-17-2014

Hi,

I've managed to make it working but I still have a problem: I cannot interpret the data.

Most of the traffic appears to come from an UNKNOWN AS: what does it mean?

Thanks.

Alessandro