netflow seems to be missing traffic

Posted on 2009-04-23
Last Modified: 2012-05-06

We are having problems getting netflow exported from our 6509.  It appears that we are logging all of our inbound traffic, but are unable to catch most (we do get some) outbound traffic.  We have a single VLAN interface on a trunk that connects to our border; it is on this interface that we'd like to collect the netflow data:

We have a pair of 6509 running 12.2.X with a Sup 720:

rtr-1#sh mod
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    0  2-subslot Services SPA Carrier-400     7600-SSC-400       xxxxxxxxxxx
  2    6  Firewall Module                        WS-SVC-FWM-1       xxxxxxxxxxx
  3    8  Intrusion Detection System             WS-SVC-IDSM-2      xxxxxxxxxxx
  4   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       xxxxxxxxxxx
  5    2  Supervisor Engine 720 (Active)         WS-SUP720-3B       xxxxxxxxxxx

rtr-1#sh run
ip multicast-routing
ip multicast cache-headers
ip flow-cache timeout active 5
mls netflow interface
no mls flow ip
no mls flow ipv6
mls cef error action reset
interface Vlan21
 ip address X.X.X.X Y.Y.Y.Y
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip pim sparse-mode
 ip ospf hello-interval 1
 ip ospf dead-interval 3
 arp timeout 900
ip flow-export version 9
ip flow-export destination X.X.X.X 9995

Any suggestions on what I may be doing wrong?

Question by:d-rohan
    LVL 32

    Accepted Solution


    Are you on a stable version of code?  

    Do you have these commands in your config

    mls netflow
    mls flow ip full
    ip flow ingress layer2-switched vlan X,Y,Z
    mls nde sender version 5 (version matches your collector)

    on interfaces:
    ip route-cache flow

    harbor235 ;}
    LVL 1

    Author Comment

    Hi harbor235,

    1) Yes, we're running 12.2(33)SXH2a

    2) I added in the ip flow ingress layer2-switched vlan x-- I'll let you know how that works.

    My 6509 does not support the mls sender command-- we have:
    rtr-1(config)#mls nde flow ?
      exclude  exclude keyword
      include  include keyword

    4.  When I add in the ip route-cache flow on the interface, it disappears from the running config.  Any ideas?


    LVL 1

    Author Comment

    I've found the problem.

    I thought I could simply monitor the ingress and egress on our trunk line to the border router.  However, after adding the ip flow ingress command to each vlan interface on the core, we are now seeing the inbound and outbound traffic.

    LVL 32

    Expert Comment


    Are you awarding to the points?

    harbor235 ;}

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now