Solved: Cisco netflow ingress vrf id and egress vrf id

Buy or Renew

2118

Views

Helpful

Replies

I've been trying to understand how to monitor the network state on my router with VRF id's.

and i struggle to understand
what are the cases behind ingress VRF being zero.

what are the cases behind egress VRF being zero.

on top of that it seems there are different cases when ingress and egress VRF is are zero.

1 Accepted Solution

Accepted Solutions

Hello @arcanain ,

I would expect egress VRF ID = 0 to mean global routing table

I would expect a non zero value to be seen if the incoming interface belongs to a VRF and that number to be related to the VRF in some way.

We configure VRF by using a name, it is also possible to assign a VPN id or it is assigned automatically this should be the value used to fill the netflow fields we are talking aboutl.

>> And what's the value if some flowspecks tells router to drop the packet or blackhole it somehow? Will it have some "invalid" value set in vfr id?

I do not follow you on this if the packets of the flow are silenty discarded the exit interface is null0 and so yo should see the SNMP ifindex of null0 in the field exit interface.

VRF ID should still stay at zero .

Hope to help

Giuseppe

View solution in original post

3 Replies 3

Hello @arcanain ,

likely 0 = Default VRF = global routing table

what type of Netflow are using ? Flexible Netflow version 9?

Edit: a qiuck search on Cisco website

Flexible NetFlow—Ingress VRF Support Overview

The Flexible NetFlow—Ingress VRF Support feature enables collecting the virtual routing and forwarding (VRF) ID from incoming packets on a device by applying an input flow monitor having a flow record that collects the VRF ID as a key field.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-3/configuration_guide/nmgmt/b_173_nmgmt_9200_cg/configuring_flexible_netflow.html#concept_jvt_2ff_qgb

Hope to help

Giuseppe

Thank you for your reply, I'm using Netflow9. That quick search is basically what I'm familar with and does not really answer any questions ... unfortunatelly.

So what you are saying is that the netflow will have always some value asignt to ingress VRF unless it's comming from global routing table in which case it will be 0.

What about the engress VRF, is it the same?
And what's the value if some flowspecks tells router to drop the packet or blackhole it somehow? Will it have some "invalid" value set in vfr id?

Hello @arcanain ,

I would expect egress VRF ID = 0 to mean global routing table

I would expect a non zero value to be seen if the incoming interface belongs to a VRF and that number to be related to the VRF in some way.

We configure VRF by using a name, it is also possible to assign a VPN id or it is assigned automatically this should be the value used to fill the netflow fields we are talking aboutl.

>> And what's the value if some flowspecks tells router to drop the packet or blackhole it somehow? Will it have some "invalid" value set in vfr id?

I do not follow you on this if the packets of the flow are silenty discarded the exit interface is null0 and so yo should see the SNMP ifindex of null0 in the field exit interface.

VRF ID should still stay at zero .

Hope to help

Giuseppe

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Review Cisco Networking products for a $25 gift card