Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1204
  • Last Modified:

netflow seems to be missing traffic

Hi,

We are having problems getting netflow exported from our 6509.  It appears that we are logging all of our inbound traffic, but are unable to catch most (we do get some) outbound traffic.  We have a single VLAN interface on a trunk that connects to our border; it is on this interface that we'd like to collect the netflow data:

We have a pair of 6509 running 12.2.X with a Sup 720:

rtr-1#sh mod
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    0  2-subslot Services SPA Carrier-400     7600-SSC-400       xxxxxxxxxxx
  2    6  Firewall Module                        WS-SVC-FWM-1       xxxxxxxxxxx
  3    8  Intrusion Detection System             WS-SVC-IDSM-2      xxxxxxxxxxx
  4   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       xxxxxxxxxxx
  5    2  Supervisor Engine 720 (Active)         WS-SUP720-3B       xxxxxxxxxxx

rtr-1#sh run
...
ip multicast-routing
ip multicast cache-headers
ip flow-cache timeout active 5
mls netflow interface
no mls flow ip
no mls flow ipv6
mls cef error action reset
...
interface Vlan21
 ip address X.X.X.X Y.Y.Y.Y
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip pim sparse-mode
 ip ospf hello-interval 1
 ip ospf dead-interval 3
 arp timeout 900
!
...
ip flow-export version 9
ip flow-export destination X.X.X.X 9995


Any suggestions on what I may be doing wrong?

Thanks!
0
d-rohan
Asked:
d-rohan
  • 2
  • 2
1 Solution
 
harbor235Commented:


Are you on a stable version of code?  

Do you have these commands in your config

mls netflow
mls flow ip full
ip flow ingress layer2-switched vlan X,Y,Z
mls nde sender version 5 (version matches your collector)

on interfaces:
ip route-cache flow

harbor235 ;}
0
 
d-rohanAuthor Commented:
Hi harbor235,

1) Yes, we're running 12.2(33)SXH2a

2) I added in the ip flow ingress layer2-switched vlan x-- I'll let you know how that works.

3.  
My 6509 does not support the mls sender command-- we have:
rtr-1(config)#mls nde flow ?
  exclude  exclude keyword
  include  include keyword


4.  When I add in the ip route-cache flow on the interface, it disappears from the running config.  Any ideas?

Thanks!

-Dan
0
 
d-rohanAuthor Commented:
I've found the problem.

I thought I could simply monitor the ingress and egress on our trunk line to the border router.  However, after adding the ip flow ingress command to each vlan interface on the core, we are now seeing the inbound and outbound traffic.

-Dan
0
 
harbor235Commented:


Are you awarding to the points?

harbor235 ;}
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now