Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2748
Views
5
Helpful
4
Replies

NetFlow from VRF on 4451-X

hypnotoad
Level 3
Level 3

‎03-03-2015 05:29 PM - edited ‎03-05-2019 12:55 AM

I have a 4451-X router running XE 3.13.

I want to get NetFlow data from interface G0/0/0 and sent it to my collector via the management VRF interface G0. Is this possible? If so, what is the configuration to make it work?

 

This is what I have so far:

flow record NetFlow
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect counter bytes
 collect counter packets
!         
!         
flow exporter NetFlow-to-Orion
 destination 10.y.y.90 vrf Mgmt-intf
 source GigabitEthernet0
 transport udp 2055
 export-protocol netflow-v5

!        
!         
flow monitor NetFlow-Monitor
 description Original Netflow captures
 exporter NetFlow-to-Orion
 cache timeout inactive 10
 cache timeout active 5
 record NetFlow


interface GigabitEthernet0/0/0
 ip address xxx.xxx.xxx.xxx/30
 ip flow monitor NetFlow-Monitor input
 ip flow monitor NetFlow-Monitor output
 media-type sfp
 no negotiation auto
 no lldp transmit

interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 10.x.x.37 255.255.255.0
 negotiation auto

 

What am I missing?

 

Thanks,

 

Patrick

2 people had this problem
Labels:
0 Helpful
4 Replies 4

Don Jacob
Level 1
Level 1

‎04-10-2015 12:05 AM

What netFlow tool do you have? Is the NetFlow tool seeing packets but not reporting anything?

If so, it can be because the flow records exported does not have the necessary information needed by the tool to process the NetFlow datagrams. Most NetFlow tools expect the below configuration:

flow record netfow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes
collect counter packets
collect flow direction

And in the flow exporter, reduce the active cache timeout to 1

If the server where the NetFlow tool is installed is not seeing packets, make sure that:

1. You have a route to the destination from the GigabitEthernet0

2. No firewalls on the server or ACLs are blocking packets from the switch to the NetFlow server

Thanks,

Don

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.
0 Helpful

Don Jacob
Level 1
Level 1

‎04-10-2015 12:06 AM

And because I see Orion as the exporter name, take a look at this:

http://knowledgebase.solarwinds.com/kb/questions/802/Required+flow+template+fields

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.
0 Helpful

jseely7150
Level 1
Level 1

‎07-24-2015 09:34 AM

I was in much same situation, which is how I got to see your question

I found this in my log file:

%FMANRP_NETFLOW-3-EXPORTERSRCIFINVALID: Management interface (GigabitEthernet0) cannot be used as source for an exporter

So I changed the source... problem solved! 

 

 

Ruslan Moldaliev
Level 1
Level 1

‎08-01-2016 10:56 AM

what if I put subinterface of the port-channel in VRF and can't see any of exported data?

I used records and predefined "netflow-original" I have exporters and monitors, applied to interfaces.
I see next output and assume my monitor/exporter are working:

zzz-R4451-zzz(config)#do sh flow monitor BGP-AS-INT cache 
 Cache type: Normal (Platform cache)
 Cache size: 200000
 Current entries: 4500
 High Watermark: 6353

 Flows added: 261064
 Flows aged: 256564
 - Inactive timeout ( 10 secs) 256564

IPV4 SRC ADDR IPV4 DST ADDR TRNS SRC PORT TRNS DST PORT INTF INPUT IP TOS IP PROT intf output flow dirn bytes pkts
=============== =============== ============= ============= ==================== ====== ======= ==================== ========= ========== ==========
157.55.235.159 x.x.x.x 40022 59845 Po1.571 0x00 17 Po1.9 Output 49 1
x.x.x.x 80.56.162.172 47447 41045 Po1.9 0x00 17 Po1.571 Input 134 1
x.x.x.x 8.8.8.8 25316 53 Po1.9 0x00 17 Po1.571 Input 78 1
x.x.x.x 216.58.209.78 64857 443 Po1.9 0x00 6 Po1.571 Input 2370 6
and so on...

but why I can't see my stuff on PI 2.2 neither manageengine neither just raw data by wireshark?

0 Helpful
Customers Also Viewed These Support Documents