cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3538
Views
40
Helpful
19
Replies

NetFlow issue

CiscoBrownBelt
Level 6
Level 6
NetFlow Export server reachable via Mgmt VRF but still not working

 

See attachment of simple topology.

So if the Solarwinds or whatever application you are sending NetFlow stats from a router is reachable via the router's Mgmt Int vrf which is assigned to G1 (so it pings 10.1.1.1 only sourcing from mgmt vrf), that should not be a problem correct as NetFlow is still not sending any statistics, nor can I add it to Solarwinds? I have the FlowMonitor input activated under a different interface that I want to see data from and not on the interface the Mgmt interface is assigned to.

 

Making sure I am not missing anything since the Router 1 is setup this way with reachability to the Solarwinds/NetFlow exporter via mgmt VRF.  

Also if I remember, 1 sh flow exporter statistics  does not show anything.

19 Replies 19

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Can you share your config please?

Have you tried capturing traffic on your switch to see if netflow packets are hitting the switch?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

This is basically the config. It is actually showing statistics however nothing is showing up in Solarwinds. SNMP to Solarwinds works for the device if that helps.


flow record Flow-Record1
description Netflow to SW
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match transport tcp destination-port
match transport udp destination-port
match ipv4 tos
match interface input
match interface output
collect interface input
collect interface output
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect timestamp absolute first
collect counter packets
collect application name
collect counter bytes long
collect counter packets long

More Options if needed:
collect routing source as
!
!
flow exporter Flow-Exporter1
destination 10.1.1.1 (dest 10.1.1.1 vrf-mgmt does not work either)
source int g0/1
export-protocol netflow-v9
transport udp 2055
template data timeout 60
option application-table timeout 60
option application-attributes timeout 300
!
!
flow monitor Flow-Monitor1
exporter Flow-Exporter1
cache timeout active 60
record Flow-Record1

 

int g0/1

ip flow monitor Flow-Monitor1 input

Hello @CiscoBrownBelt ,

I apologize if I put a dumb question:

have you configured the flow monitor under interfaces on the device inbound or outbound?

 

Hope to help

Giuseppe

Yes. Would source from mgmt interface have anything to do with it? I read that is not supported for ASR or something like that. The thing is, what if connected to the switch where the NetFlow collector resides has reachability through the mgmt vrf? I would have to make routing updates or changes.

Yes now you're mentioning it, i remember this is a limitation. Here the for Fuji saying not supported:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/xe-16-9/nf-xe-16-9-book/cfg-nflow-data-expt-xe.html#GUID-E8176824-AEC3-4A1D-9432-B70F67E2B776

Create a loopback and use it as source of the exporter within the same vrf.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Yes thanks!
It says not supported through management interface so I believe G0 is the management interface VRF on these ASRs.
Since you say create Lo and source still out the mgmt VRF that would work even though its still through the mgmt vrf (just so I am understanding correctly)?
It appears that this mgmt restriction applies to just version 9 no? Think trying version 8 or 5 may work?

Yes it's not supported through the management OOB physical interface. But in the config, you can have a loopback or any other physical interface from the mgmt vrf and it should work.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Think trying version 8 or 5 may work?

Go with netflow version 9 but yes both should work

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

So if a router only has connectivity to the switch where the NetFlow server lives via a interface assigned to mgmt vrf, exporting even using a different interface is still not working (Cisco says export via mgmt interface is not supported). I assume its because reach-ability only exists via the mgmt vrf. Do you think its the case?
Normal SNMP to server is fine.

So if a router only has connectivity to the switch where the NetFlow server lives via a interface assigned to mgmt vrf, exporting even using a different interface is still not working (Cisco says export via mgmt interface is not supported). I assume its because reach-ability only exists via the mgmt vrf. Do you think its the case?
Normal SNMP to server is fine.

Normally it should not work if sourcing with the physical management interface but it should work sourcing with a loopback sitting in the mgmt-vrf. If not working, I suggest you open a TAC case because doc doesn't say using the mgmt VRF wouldn't work.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

I am actually trying to source from the same interace NetFlow input is activated on as it is the only other interface I can use (I corrected source above).
I tied adding "Destination 10.1.1.1 vrf mgmt" as well however it still does not work. Do you think it is because i am trying to source from same interface it is turned on which is the interface I need to see data?

It well documented that Netflow won't work with Gig0 (Mgmt Vrf) as the source interface and as you said, you don't have spare interfaces. 

If you have SVIs, then you can source from an SVI or create a loopback. If you want to put any of your source interfaces in a VRF, add the following on your exporter config and test:

 

destination x.x.x.x vrf vrf_name
 source vlan or loopback

Review Cisco Networking for a $25 gift card