Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5541
Views
5
Helpful
1
Replies

Netflow best practice setup

carl_townshend
Spotlight
Spotlight

‎03-02-2017 03:36 AM - edited ‎03-08-2019 09:34 AM

Hi All

If I want good accurate information from Netflow to be reported from my routers to PRTG, What are the best settings to use on the routers for this ?

cheers

Carl

Labels:
0 Helpful
1 Reply 1

Julio E. Moisa
VIP Alumni
VIP Alumni

‎03-02-2017 04:04 AM

Hi

Best practices:

NetFlow configuration varies slightly per hardware model.

Active timeouts should ALWAYS be set to 1-minute intervals (60 seconds in MLS and NX-OS). This value is the amount of time the device will flush the cache of any information pertaining to active flow conversations, and will ensure accurate trend and alarm information.

NetFlow should be enabled for ingress traffic at the interface only; providing both ingress and egress statistics will effectively double the amount of reported bandwidth for an existing flow and is unnecessary in most cases.

NetFlow is based on 7 key fields (7-tuple). If one of these fields is difference, a new flow record is created in the flow cache table:
o Source IP address
o Destination IP address
o Source port number
o Destination port number
o Layer-3 protocol type (ex., TCP, UDP)
o ToS (type of service) byte
o Input logical interface

Enable NetFlow on EVERY layer-3 interface for complete visibility.

It is best to source NetFlow export from an interface that will never go down, such as Loopback0.

Reference: https://www.lancope.com/blog/how-to-configure-netflow-on-cisco-ios-devices

L3 interface configuration:

interface g0/0
ip adress A.A.A.A  Z.Z.Z.Z
ip flow ingress
ip flow egress (optional)

Now  the global configuration could be:

Enable CEF
ip cef

Configure the list of the IP addresses which are generating more traffic:
ip flow-top-talkers

Configure the version 9: NetFlow Version 9 is a flexible and extensible means to carry NetFlow records from a network node to a collector. NetFlow version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration. In NetFlow version 9,
•record formats are defined using templates
•template descriptions are communicated from the router to the NetFlow Collection Engine
•flow records are sent from the router to the NetFlow Collection Engine with minimal template information so that the NetFlow Collection Engine can relate the records to the appropriate template
•version 9 is independent of the underlying transport (UDP, TCP, SCTP, and so on)
ip flow-export version 9

Select an interface to be the source of the updates, it can be a  loopback.
ip flow-export source loopback 0

Configure a cache timeout, it is in miliseconds
cache-timeout <miliseconds>

Verify the top talkers list with bytes as information
sort-by bytes

How may IP addresses you can see on the top-talker list
top 100

The following link also could be useful:

https://communities.cisco.com/thread/34957?tstart=0

Hope the comment is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Customers Also Viewed These Support Documents