Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3516
Views
0
Helpful
3
Replies

Cisco 4331 flow export from vrf

Kevin.Beierstettel
Level 1
Level 1

‎01-11-2018 04:37 AM - edited ‎03-05-2019 09:44 AM

Dear all,

 

I have a problem regarding netflow export from a Cisco 4331. I want to export netflow traffic to a specific destination. The problem is that the source should be the loopback interface on the router which is in a specific VRF:

 

Example:

 

flow exporter TEST
destination x.x.x.x
source Loopback1
transport udp 2055
template data timeout 1

 

flow monitor My-Flow-Test
exporter TEST
record netflow-original

 

interface Loopback1
ip vrf forwarding TEST_VRF
ip address Y.Y.Y.Y 255.255.255.255
end

 

It´s working when I´m using a Loopback Interface which is not in an VRF but when I use the "vrf forwarding" the source Interface IP is wrong:

 

sh flow exporter TEST
Flow Exporter TEST:
Description: User defined
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: X.X.X.X
Source IP address: "Not Y.Y.Y.Y"
Source Interface: Loopback1
Transport Protocol: UDP
Destination Port: 2055
Source Port: 53015
DSCP: 0x0
TTL: 255
Output Features: Used

 

Does anyone have an Idea how to resolve this problem? I need to export through this Loopback Interface over that VRF.

 

Best regards,

 

Kevin 

Labels:
0 Helpful
3 Replies 3

Julio E. Moisa
VIP
VIP

‎01-11-2018 04:42 AM - edited ‎01-11-2018 04:43 AM

Hi

If you are using VRF probably there is no communication between your loopback and the Netflow collector server because the loopback is under a VRF and the Netflow collector is over the global routing table, so you could verify it to enable routing between them, you could use static routes depending of your topology.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Kevin.Beierstettel
Level 1
Level 1
In response to Julio E. Moisa

‎01-11-2018 06:52 AM - edited ‎01-11-2018 06:59 AM

Thanks for your reply. The routing between the loopback(In the TEST_VRF) and the destination server is working fine. I guess it´s a configuration issue because if we use the normal ip-flow commands we have the same issue on other Cisco routers.

 

We have to configure the VRF explicit to make it work:

 

#ip flow-export destination x.x.x.x 2055 vrf TEST_VRF

 

Otherwise if we use "#ip flow-export destination x.x.x.x 2055" in the "sh ip flow export" the given Loopback IP-Address is not right:

 

 

#sh ip flow export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) "Not the LoopbackIP" (Loopback1)
Destination(2) x.x.x.x (2055)
Version 9 flow records

 

But this configuration will not work on Cisco 4331.

0 Helpful

perkin
Level 1
Level 1

‎09-19-2019 01:18 AM

Hello 

I have the same question and after I googled it seems that is work as (cisco) design

you can refer to this discussion 

https://community.cisco.com/t5/switching/netflow-vrf-export/td-p/1339418

 

even I tried on 16.9 code and that still the same..

so that is support on VRF but it (seems) it is not supported on the "real" mgmt interface / mgmt-intf

 

hope this help form a year later.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card