Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1077
Views
0
Helpful
2
Replies

netflow - packets are not sent

9w.boye
Level 1
Level 1

‎07-24-2012 02:31 AM - edited ‎03-07-2019 07:56 AM

Hello folks,

I have a weird problem:

router 7200 (12.2(33)SRE1) , [ok, it is a bit old, but continue ...]

two interfaces with traffic going through, placed in a Data-VRF

Another physical interface and loopback interface in the global routing-table.

ip flow ingress on all physical interfaces configured

It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore

debug ip flow export  tells me "IPFLOW: Sending export pak to ... port 2055"

But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.

Export is in the global routing table:

ip flow-export destination ... 2055

ip flow-export source loopback0

ip flow-export version 9

show ip cache flow shows me the flow entries.

show ip flow export verbose shows me the counters about the flows and sent udp datagrams.

Anyone else having similar problems?

regards

William Boye

Labels:
0 Helpful
2 Replies 2

Alessio Andreoli
Level 5
Level 5

‎07-24-2012 04:37 AM

try to specify the ports...

9991 if i am not wrong:

http://www.cisco.com/en/US/docs/ios/12_1/switch/configuration/guide/xcdnfc.html

this is an old IOS but is the example you need

Alessio

0 Helpful

9w.boye
Level 1
Level 1
In response to Alessio Andreoli

‎07-24-2012 07:57 AM

Hello Alessio,

thank you for your posting, but I am sorry that I have to be a bit straight which can sound impolite. But be sure that I do not want to be impolite.

You should not post things which come to your mind, but those things which you can add from your experience or from your knowledge. Of course you can ask questions, if you want to deepen your knowledge.

So both of your hints do not really add something in this regard.

I talked to other colleagues - and so far we have to think about a software bug. The routers where we see these symptoms are up and running for now 2 years and 13 weeks. Netflow was working for a long time with no problems. I doublechecked the environment to see if some firewall or similar device stands in the way.

By setting up the ip sla monitor I was able to see with a "debug ip packet [acl]"  how the packets are leaving the device. The netflow packets are not. On a firewall which lets this kind of traffic pass, I can also see hits when I generate udp/2055-traffic with the ip sla monitor, but I do not see any hits which would be the result of the netflow traffic.

with kind regards, William

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card