Netflow ingress vs egress

Jerome C. · ‎07-20-2017

Hi

I have a Cisco router (2911). On the gi0/0, the router's network provider (WAN) is connected and on Gi0/1.618, it's my internal FW (and behind this FW, all my LAN server, clients..)

I'am able to monitor my bandwidth with PRTG but I would like to know, which protocol consumes the most bandwidth from my LAN to the WAN. I configured the netflow but when I look at on my monitoring tool (prtg) the value that I see is very slow and I think this is not correct.

Here my configuration: on my router :

# ip flow-export destination 10.1.1.1

# ip flow-export version 9

# ip flow-cache timeout active 1

# ip flow-cache timeout inactive 15

# ip flow-export source loopback0

# interface GigaEthernet 0/1.618

# ip flow ingress

Is it correct ?

BR

Jerome

Julio E. Moisa · ‎07-20-2017

Hi Jerome,

Your config looks fine, now are you passing a lot of traffic? what software are you using to monitor the traffic?

Now take in consideration these values:

# ip flow-cache timeout active 1 <---- in minutes

# ip flow-cache timeout inactive 15 <---- in seconds, so inactive entries will be removed in 15 seconds.

Try to increase these values.

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Georg Pauwen · ‎07-20-2017

Hello,

in addition to Julio's post, the recommended values by Paessler actually are:

ip flow-cache timeout active 5

ip flow-cache timeout inactive 10

Also, you might want to specify a UDP port number (make sure to configure the same port in the NETFLOW SPECIFIC SETTINGS/Receive NetFlow Packets on UDP Port in your Sensor Settings), e.g.:

ip flow-export destination 10.1.1.1 9991