Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
2
Replies

NetFlow in Cisco NCS 540

johnlloyd_13
Level 9
Level 9

‎12-20-2023 12:49 AM

hi,

i've applied this netflow config in our NCS 540 IOS-XR router which is an MPLS P router.

i checked in our netflow analyzer there's only 2-way/point-to-point traffic/OSPF between this router and another P router also an NCS 540 via the G0/0/0/19 link.

is there an additional command missing to "drill down" the MPLS traffic to see other top talker/IP address?

is sFlow should be configured instead?

flow exporter-map EXPORTER
destination 10.1.1.10
transport udp 2055
source Loopback0
version v9
template data timeout 60
template options timeout 60
options interface-table
options sampler-table

sampler-map SAMPLER
random 1 out-of 500

flow monitor-map MONITOR
record ipv4
exporter EXPORTER
cache entries 1000000
cache timeout active 60
cache timeout inactive 30
cache timeout rate-limit 2000

interface GigabitEthernet0/0/0/19
 flow ipv4 monitor MONITOR sampler SAMPLER ingress

 

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-25-2024 07:31 AM

Hello @johnlloyd_13 ,

>> i've applied this netflow config in our NCS 540 IOS-XR router which is an MPLS P router.

>>flow monitor-map MONITOR
>> record ipv4

if the router is a P node all user traffic travels inside MPLS. You should try to define the flow record to check and collect the MPLS fields.

I don't know if this platform can inspect inside MPLS packets

Hope t help

Giuseppe

 

0 Helpful

jhuffman
Level 1
Level 1

‎09-26-2024 06:56 AM

I am also trying to setup Netflow on a 540 for exporting to Calix Cloud for their services. The 540 is providing connectivity to the Calix shelf. For some reason the only traffic Calix is reporting they can see is upstream traffic for the end user and no downstream traffic. 

flow exporter-map CALIX_EXPORT_MAP
version v9
template timeout 60
template data timeout 60
!
transport udp 2058
source Loopback100
destination 54.244.180.84 vrf MGMT
!
flow monitor-map CALIX_MONITOR_MAP
record ipv4
exporter CALIX_EXPORT_MAP
cache entries 8000
cache timeout active 60
cache timeout inactive 20
!
sampler-map CALIX_SAMPLE_MAP
random 1 out-of 100
interface Bundle-Ether110
description LL-CRMU-SH1-C1-P4 (BE110)
lacp mode active
lacp system mac beef.0001.0110
lldp
!
load-interval 30
flow ipv4 monitor CALIX_MONITOR_MAP sampler CALIX_SAMPLE_MAP ingress

interface Bundle-Ether220.1027 l2transport
description CRMU DIA
encapsulation dot1q 1027
rewrite ingress tag pop 1 symmetric
flow ipv4 monitor CALIX_MONITOR_MAP sampler CALIX_SAMPLE_MAP ingress

 

interface Bundle-Ether220
description LL-CRMU-SH2-C1-P3 (BE220)
lacp mode active
lacp system mac beef.0001.0220
lldp
!
load-interval 30
flow ipv4 monitor CALIX_MONITOR_MAP sampler CALIX_SAMPLE_MAP ingress
!

 

interface Bundle-Ether220.1027 l2transport
description CRMU DIA
encapsulation dot1q 1027
rewrite ingress tag pop 1 symmetric
flow ipv4 monitor CALIX_MONITOR_MAP sampler CALIX_SAMPLE_MAP ingress

 

interface HundredGigE0/0/0/30
description RL-IGP:LL-CRMU-EDGE01
mtu 9208
ipv4 address 10.255.128.119 255.255.255.254
lldp
enable
!
flow ipv4 monitor CALIX_MONITOR_MAP sampler CALIX_SAMPLE_MAP ingress


Anyone run into this issue? 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card