Solved: ASR1002 NETFLOW FUNCTION DOESN'T WORK

tan2 · ‎04-22-2019

Hi All,

I have configured the netflow v5 collection on one of my ASR1002 , but it never collect the flow . Could you guys give some suggestion ?

Version : ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.4(3)S10

Configurations:

flow exporter ttt
destination 10.30.30.2
source GigabitEthernet0/0/3
transport udp 9999
export-protocol netflow-v5
!
!
flow monitor ttt
exporter ttt
cache timeout inactive 1
cache timeout active 1
cache entries 2000000
record netflow-original
!
sampler ttt
mode random 1 out-of 2

!

interface GigabitEthernet0/0/3
ip address 10.66.67.6 255.255.255.252
ip flow monitor ttt sampler ttt input
ip flow monitor ttt sampler ttt output
negotiation auto
end

Issue:

Cache type: Normal (Platform cache)
Cache size: 2000000
Current entries: 0

Flows added: 0
Flows aged: 0

I have tried to change the sampling rate to 1/2 , but it still cannot generate any flow information . But actually , the configurations above works well in my another ASR1002 .

tan2 · ‎04-23-2019

when I change the record in monitor template as below , it works now :

record netflow ipv4 original-input

very interesting , two device with different kind of record type ,,, then work

View solution in original post

tan2 · ‎04-22-2019

Mark Malone · ‎04-23-2019

Hi
Try this working example of my test switches just tweak it , you can ping the collector from the switch yes ?
the collector supports V5 too ?
is it set to port 9999 to collect

ip flow monitor TESTFLOW_nq input
ip flow monitor TESTFLOW_nq output

flow record FLOW-RECORD
description record to monitor network traffic
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter NetQos
description export Netflow traffic to HQ
destination X.X.X.X
source X.X.X.X
output-features
transport udp 2055
template data timeout 300
option interface-table timeout 1000
option exporter-stats timeout 1000
!
!
flow monitor TESTFLOW_nq
description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
exporter NetQos
statistics packet protocol
record FLOW-RECORD

#sh flow exporter statistics
Flow Exporter NetQos:
Packet send statistics (last cleared 45w6d ago):
Successfully sent: 144849339 (174558606134 bytes)
No destination address: 29 (37034 bytes)

tan2 · ‎04-23-2019

Hi Mark,

Thanks for you sharing .I can ping the collector from my asr . Ask I checked, there isn't any flow generated on my ASR . I do show monitor statistics , but there is no cache entry in the flow table . Any suggestion ?

sh flow monitor ttt cache
Cache type: Normal (Platform cache)
Cache size: 2000000
Current entries: 0

Flows added: 0
Flows aged: 0

Mark Malone · ‎04-23-2019

try the config i posted your missing a lot of the collector information you need the MATCH/COLLECT functions , change the UDP to 2055 instead of 9999 and make sure collector is the same

Mark Malone · ‎04-23-2019

did you apply the match and collection commands ?

tan2 · ‎04-23-2019

Hi Mark, I am using "record netflow-original" ,so I hadn't configured the record template . So ..

Mark Malone · ‎04-23-2019

Hi
so am i correct to say your trying to do this -----Emulating Original NetFlow with Flexible NetFlow

And not use full flexible netflow , im not familiar with this , im just reading teh doc , we have deployed full flex netflow with records

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/get-start-cfg-fnflow.html#GUID-0B4FBBA1-EC9E-41A9-9AEA-D8DAF1D9F963

Mark Malone · ‎04-23-2019

have your tired it without the sampling set ?
also CEF is enabled yes ?

i would also try create the record section and see if it makes a difference reading the document it supports that too

tan2 · ‎04-23-2019

let me define a record template to have a try . Actually , I use the same configuration in another ASR1002 , it works fine .

o(╥﹏╥)o

Mark Malone · ‎04-23-2019

hmm thats odd works in another ASR , is it running same IOS-XE version ?

tan2 · ‎04-23-2019

YES， runing the IOS-XE . I just create a record template and applied it in the monitor template . But when I configured the flow monitor under interface , an error occurred .

Warning: Exporter ttt could not be activated because: Invalid arguments provided

tan2 · ‎04-23-2019

when I change the record in monitor template as below , it works now :

record netflow ipv4 original-input

very interesting , two device with different kind of record type ,,, then work

Mark Malone · ‎04-23-2019

hmm yes thats odd , same license , same OS on both routers ?
i would do a config difference using one of the tools incase something was missing .....https://www.diffchecker.com/

it does show that command is required in the doc i sent over for using v5 with flex netflow, maybe the original router is the one not correctly configured

SUMMARY STEPS

1. enable
2. configure terminal
3. flow monitor monitor-name
4. description description
5. record netflow {ipv4 | ipv6} original-input

tan2 · ‎04-23-2019

yes, all the things are same , but if I use record netflow-original in the issue ASR , it cannot collect anything