netflow seems to be missing traffic

Hi,

We are having problems getting netflow exported from our 6509.  It appears that we are logging all of our inbound traffic, but are unable to catch most (we do get some) outbound traffic.  We have a single VLAN interface on a trunk that connects to our border; it is on this interface that we'd like to collect the netflow data:

We have a pair of 6509 running 12.2.X with a Sup 720:

rtr-1#sh mod
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    0  2-subslot Services SPA Carrier-400     7600-SSC-400       xxxxxxxxxxx
  2    6  Firewall Module                        WS-SVC-FWM-1       xxxxxxxxxxx
  3    8  Intrusion Detection System             WS-SVC-IDSM-2      xxxxxxxxxxx
  4   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       xxxxxxxxxxx
  5    2  Supervisor Engine 720 (Active)         WS-SUP720-3B       xxxxxxxxxxx

rtr-1#sh run
...
ip multicast-routing
ip multicast cache-headers
ip flow-cache timeout active 5
mls netflow interface
no mls flow ip
no mls flow ipv6
mls cef error action reset
...
interface Vlan21
 ip address X.X.X.X Y.Y.Y.Y
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip pim sparse-mode
 ip ospf hello-interval 1
 ip ospf dead-interval 3
 arp timeout 900
!
...
ip flow-export version 9
ip flow-export destination X.X.X.X 9995


Any suggestions on what I may be doing wrong?

Thanks!
LVL 1
d-rohanAsked:
Who is Participating?
 
harbor235Connect With a Mentor Commented:


Are you on a stable version of code?  

Do you have these commands in your config

mls netflow
mls flow ip full
ip flow ingress layer2-switched vlan X,Y,Z
mls nde sender version 5 (version matches your collector)

on interfaces:
ip route-cache flow

harbor235 ;}
0
 
d-rohanAuthor Commented:
Hi harbor235,

1) Yes, we're running 12.2(33)SXH2a

2) I added in the ip flow ingress layer2-switched vlan x-- I'll let you know how that works.

3.  
My 6509 does not support the mls sender command-- we have:
rtr-1(config)#mls nde flow ?
  exclude  exclude keyword
  include  include keyword


4.  When I add in the ip route-cache flow on the interface, it disappears from the running config.  Any ideas?

Thanks!

-Dan
0
 
d-rohanAuthor Commented:
I've found the problem.

I thought I could simply monitor the ingress and egress on our trunk line to the border router.  However, after adding the ip flow ingress command to each vlan interface on the core, we are now seeing the inbound and outbound traffic.

-Dan
0
 
harbor235Commented:


Are you awarding to the points?

harbor235 ;}
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.