Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3250
Views
0
Helpful
7
Replies

is it possible to use netflow on L2 Ports?

Go to solution
quake3bak
Level 1
Level 1

‎01-12-2012 04:31 AM - edited ‎03-07-2019 04:18 AM

Hi~ I'm a junior network engineer in SouthKorea, glad to joined here.

as u see, I'm not a good english writer, so I ask excuse to this bad writing.

I have a question related netflow and RSPAN between two BGP routers.

A big site is under my control, with a problem.

There are too many packets and traffics between two BGP routers, But I need to analyze on Both.

But I don't want to use both router's CPU, because those router's CPU are alread very high.

SO, I Just set mirroring (RSPAN) their packets to other new router.

I could find out many packes from both routers with omnipeak, but there were too many row data.

I need sampling their packets, So I set netflow on the mirrored port, but it didn't work.

I searched some information about netflow that is only work on Layer 3 network.

RSPAN port is just L2 switch port, so I changed again that netflow source to VLAN interface.

But, It' was same. didn't work. I searched again and again,

fianlly I found this command (ip flow export layer 2-switched)

but, I'm not sure this command is what I want to find.

I already used this command, but nothing has changed.

during 3 days stayed up all nights... with this issue.;;;

Now, I beg your kindness, is there anyone to rescue me?

any advices would be good to me.

thanks... for read my bad writting.

summary': is it possible to use netflow sampling analyze on L2 switch between L3 BGP routers?

E-mail : spector8@naver.com

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎01-12-2012 04:38 AM

Hi,

why don't you just use this feature on one of the routers: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_packet_capture_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

0 Helpful

Go to solution
Don Jacob
Level 1
Level 1
In response to quake3bak

‎01-15-2012 08:50 PM

Analyze 1 router at a time if you are concerned about CPU  utilization. If the traffic is passing between Router1 and Router2, I  guess you can enable NetFlow on Router1, analyze the traffic and then  based on the results and if needed, start the analysis on the Router2.

Additionally,  the CPU utilization and traffic generated by NetFlow is not high. You  can check the below link for information on NetFlow impact (page 75 for  CPU utilization and 83 for traffic volume) :

http://meetings.ripe.net/ripe-44/presentations/ripe44-eof-netflow.pdf

NetFlow analysis gives you almost immediate results  and some tools you can use are ManageEngine NetFlow Analyzer, NetFlow  Auditor, Plixer, etc, all of which have trial version. Enable NetFlow  export on the interfaces you need to monitor for the analysis and you  will see your results on traffic usage almost immediately.

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if your query has been answered

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎01-12-2012 04:38 AM

Hi,

why don't you just use this feature on one of the routers: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_packet_capture_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Go to solution
quake3bak
Level 1
Level 1
In response to cadet alain

‎01-12-2012 05:00 PM

I pushed correct answer button instead of reply... sorry, I don't know how I cancle this status,

anyway, really Thanks. I didn't know like this way to solve the issue, but I need smaller datas not full datas..

it took too many packets and went to full of disk rapidly...

is there any other way to sampling like netflow sampling?

thanks for your help and kindness.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to quake3bak

‎01-13-2012 12:57 AM

Hi,

it took too many packets and went to full of disk rapidly... 

you can filter with an ACL and you can transfer to a machine 

For netflow yes you can do it on the router themselves but I don't know of another solution as far as I'm concerned.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Go to solution
quake3bak
Level 1
Level 1
In response to cadet alain

‎01-15-2012 04:05 PM

Thanks Alain your trying to help me.

But, the way which you wrote that seems not matched what I find.

I need only sampled all data on various traffics, not filtered data.

well... It might be better way to appproach with setting netflow on both BGP routers.

have a good day~!

0 Helpful

Go to solution
Don Jacob
Level 1
Level 1
In response to quake3bak

‎01-15-2012 08:50 PM

Analyze 1 router at a time if you are concerned about CPU  utilization. If the traffic is passing between Router1 and Router2, I  guess you can enable NetFlow on Router1, analyze the traffic and then  based on the results and if needed, start the analysis on the Router2.

Additionally,  the CPU utilization and traffic generated by NetFlow is not high. You  can check the below link for information on NetFlow impact (page 75 for  CPU utilization and 83 for traffic volume) :

http://meetings.ripe.net/ripe-44/presentations/ripe44-eof-netflow.pdf

NetFlow analysis gives you almost immediate results  and some tools you can use are ManageEngine NetFlow Analyzer, NetFlow  Auditor, Plixer, etc, all of which have trial version. Enable NetFlow  export on the interfaces you need to monitor for the analysis and you  will see your results on traffic usage almost immediately.

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if your query has been answered

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.
0 Helpful

Go to solution
quake3bak
Level 1
Level 1
In response to Don Jacob

‎01-15-2012 10:23 PM

your answer was greatly helpful to me wih your linked file. thanks a lot~!

and could u teach me how to close this question?

I'm new here;;;

0 Helpful

Go to solution
Don Jacob
Level 1
Level 1
In response to quake3bak

‎01-16-2012 02:10 AM

Hi Alain,

Thanks a lot. And you have already closed  the question. To mark a question as answered click on "Correct Answer"  button and to reply, click reply button.

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if your query has been answered

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.
0 Helpful
Customers Also Viewed These Support Documents