cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6164
Views
10
Helpful
20
Replies

ASR1002 NETFLOW FUNCTION DOESN'T WORK

tan2
Level 1
Level 1

Hi All, 

     I have configured the netflow v5 collection on one of my ASR1002 , but it never collect the flow . Could you guys give some suggestion ?

        Version :  ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.4(3)S10

        Configurations:

 

flow exporter ttt
destination 10.30.30.2
source GigabitEthernet0/0/3
transport udp 9999
export-protocol netflow-v5
!
!
flow monitor ttt
exporter ttt
cache timeout inactive 1
cache timeout active 1
cache entries 2000000
record netflow-original
!
sampler ttt
mode random 1 out-of 2

!

!

interface GigabitEthernet0/0/3
ip address 10.66.67.6 255.255.255.252 
ip flow monitor ttt sampler ttt input
ip flow monitor ttt sampler ttt output
negotiation auto
end

 

 Issue:

    

Cache type: Normal (Platform cache)
Cache size: 2000000
Current entries: 0

Flows added: 0
Flows aged: 0

 

 I have tried to change the sampling rate to 1/2 , but it still cannot generate any flow information . But actually , the configurations above works well in my another ASR1002 .

            

20 Replies 20

Current configuration:
!
flow monitor ttt
exporter ttt
cache timeout inactive 1
cache timeout active 1
record netflow-original
!
router#sh flow monitor ttt statistics
Cache type: Normal (Platform cache)
Cache size: 200000
Current entries: 88
High Watermark: 5453

Flows added: 326674833
Flows aged: 326674745
- Active timeout ( 1 secs) 326673279
- Inactive timeout ( 1 secs) 1466

reading the doc its same command does same thing , there must be a difference somewhere though or they would both work with same syntax , check show run all

NetFlow Original and NetFlow IPv4 Original Input Predefined Records

The Flexible NetFlow "NetFlow original" and "NetFlow IPv4 original input" predefined records can be used interchangeably because they have the same key and nonkey fields. The key and nonkey fields and the counters for the Flexible NetFlow "NetFlow original" and "NetFlow IPv4 original input" predefined records are shown in the table below.

Many thanks for your help  ,I will do some tests to confrim more 

I defined the same conditions as "sh ip flow record netflow ipv4 original-input" in record template , and then apply it in monitor template . At last invoke the monitor template under interface , But the error message was displayed :

        Warning: Exporter ttt could not be activated because: Invalid arguments provided

it may not like the v5 version like this users post

http://www.cordero.me/netflow-on-a-cisco-asr1002-x-for-orion/

I know this is an old post but I have same problem with ASR. I know Cisco doc says "Management Interface--NetFlow data export is not supported through the Management Interface port."

What if the NetFlow collector is only reachable via the managment vrf or port? You must establish reachability via a different port other than the mgmt 0 port or a port that is assigned with the mgmt-vrf correct (it still accepts the "destination 11.1.1.20 vrf-mgmt" command)?

So i have NetFlow turned on another port, g0/1 like below, and source from that same port (no other up port or Lo available to source) but still does not show any data exported nor does the Collector show it receives anything when there is statistics (see below - built same setup using VIRL so just tweeked some characters but this is exactly how it is on the ASR). 

 

Also, if you enable the Monitor on a interface can you enter a source command using the same interface?

   

This is my config:


flow record TEST-Record1
description Netflow to SW
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match transport tcp destination-port
match transport udp destination-port
match ipv4 tos
match interface input
match interface output
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect timestamp absolute first
collect application name
collect counter bytes long
collect counter packets long
!
!
flow exporter TEST-Exporter1
destination 11.1.1.20 vrf-mgmt (tried without the vrf-mgmt too)

source gigabitEthernet 0/1
transport udp 2055
template data timeout 8400
option application-table timeout 60
option application-attributes timeout 300
!
!
flow monitor TEST-Monitor1
exporter Flow-Exporter1
cache timeout active 60
record Flow-Record1

 

interface gigabitEthernet 0/1

ip flow monitor TEST-Monitor1 input

 

------------------------

 

Flow Exporter TEST-Exporter1:
Packet send statistics (last cleared 00:06:14 ago):
Successfully sent: 1219 (1604180 bytes)
Reason not given: 4 (288 bytes)

Client send statistics:
Client: Option options application-name
Records added: 9856
- sent: 9856
Bytes added: 818048
- sent: 818048

Client: Option options application-attributes
Records added: 2766
- sent: 2766
Bytes added: 625116
- sent: 625116

Client: Flow Monitor TEST-Monitor1
Records added: 6
- sent: 6
Bytes added: 372
- sent: 372

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco