Solved

Netflow not working properly

Posted on 2010-08-19
22
1,185 Views
Last Modified: 2012-05-10
We have a network with a number of remote sites all linked back to our HQ via site to site VPN's.

We wish to start monitoring the traffic is being used at each site with a view to a network upgrade.   We are using netflow to assist.

We have configured several of the renote routers now (all Cisco 877's) and they appear to be sending netflow when the commands "show ip flow export" and "show ip cache flow" are used.

The problem is the netflow only sends to server there when a router is re-booted, i.e the 877 reports it is sending netflow constantly, but the server will only receive once - that is as soon as the router starts up?

This would suggest the network is OK to receive Netflow, it seems as though the 877 is just not sending.

Can anyone help ?
0
Comment
Question by:stemc
  • 12
  • 10
22 Comments
 
LVL 14

Accepted Solution

by:
anoopkmr earned 250 total points
ID: 33475049
did u configure the netflow properly in 877 , I know you would have configured, just to double check

for eg ;

conf t
(config)#ip flow-export destination <netflow  monitor ip > 2048
(config)#ip flow-export source FastEthernet0/0
(config)#ip flow-export version 5
(config)#end

Verify you source-interface and destination ip/port and change accordingly. After that your router will export netflow-data to your collector/analyzer software


also did u enable it under interface
ip route-cahce flow
0
 

Author Comment

by:stemc
ID: 33475334
Thanks for the response anoopkmr.  The config is in place as above, we are trialling solar winds so the port  it uses is 2055.  

The frustrating thig is it does send the once as router boots up, then never again until next re-boot.

Thanks again
0
 
LVL 14

Assisted Solution

by:anoopkmr
anoopkmr earned 250 total points
ID: 33475400
can u try like this

Router(config)# ip cef
Router(config)# interface ethernet 1/0 .
Router(config-if)# ip flow ingress
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:stemc
ID: 33475546
Cheers ... Just applied but stil no netflow coming through ...

Something that may shed some light.  On the 877's we are using Vlans and I have to apply my netflow config on the Vlans rather than FE ports , config is :

interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
 switchport access vlan 102
!
interface FastEthernet3
 switchport access vlan 192
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 10.218.80.1 255.255.255.128
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Vlan101
 ip address 10.218.80.225 255.255.255.240
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Vlan102
 ip address 10.218.80.241 255.255.255.240
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Vlan192
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33475643


the above config showing int vlan with ip route-cache flow

can u change it to" ip flow ingress"

0
 

Author Comment

by:stemc
ID: 33476469
OK, jut to confirm on Vlans I have issued commands

no ip route-cache flow
ip flow ingress


Leaving conif like this :

interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.218.80.1 255.255.255.128
ip flow ingress
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Vlan101
ip address 10.218.80.225 255.255.255.240
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan102
ip address 10.218.80.241 255.255.255.240
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan192
ip address 192.168.1.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
 
-----------------
 
I'm still seeing no data come through to collection server ?

Thanks again
 
 
0
 
LVL 14

Assisted Solution

by:anoopkmr
anoopkmr earned 250 total points
ID: 33476600
can u just show me  after clear  the flows


clear ip flow stats
 
show ip cache flow
 
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33476609
can u able to rach the netflow monitor using the sorce IP of the flow
0
 

Author Comment

by:stemc
ID: 33479907
Hi anoopkmr, I have done the above sugestions, I captured the results in as log file for you to see (attached).  Thanks very much
netflow.txt
0
 
LVL 14

Assisted Solution

by:anoopkmr
anoopkmr earned 250 total points
ID: 33482418
ok packets displaying in the netflow cache.
can u give the out put of "show ip flow export "
also
0
 

Author Comment

by:stemc
ID: 33482782
Hi annopkmr, the log file is attached, thanks
sh-ip-fl-exp.txt
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33483428
18937 flows exported in 2856 udp datagrams

i can see flows are exporting ? is there anything blocking it from reaching the netflow monitor , any fw in  between
0
 

Author Comment

by:stemc
ID: 33483576
There is an ASA at head office that everthing has to pass through, I'm assuming this is all OK because when a router is first booted the flow is sent through to the server and then never agin until next re-boot.

I'm beginning to think it is a prob with the 877 series router ?
0
 
LVL 14

Assisted Solution

by:anoopkmr
anoopkmr earned 250 total points
ID: 33483909
before concluding that,
if possible  can  you place the netflow monitor server in vlan1 and see updates are comming or not ?
0
 

Author Comment

by:stemc
ID: 33484683
Not entirely sure what you mean by "place the netflow monitor server in vlan1".  The server is physically on a different site than the router.

If you mean to add some conif, please advise the config needed,

many thanks
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33485288
i mean physically move the server to vlan 1, I know it will be tough

otherwise try with a different IOS version
0
 

Author Comment

by:stemc
ID: 33485363
OK I see, I'll have a look at getting the software on a laptop and taken to site - leave it with me a few days, will let you know how it goes ....

Thanks again,

Ian
0
 

Author Comment

by:stemc
ID: 33532812
Hi anoopkmr,

We took the software to site and it worked, so ....

We investiigated the problem at network level and it is Netflow itself thats the problem. It can't be encapsulated over a VPN. To overcome this Cisco developed and updated a new version of Netflow this year, it's called Flexible Netflow.

0
 

Author Closing Comment

by:stemc
ID: 33532878
With all the guidance from annpkmr we eventually narrowed the problem down to get a solution
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33532896
ok thanks for the gr8 infirmation .  so your netflow monitor was in rmote area connected via VPN and after u brought the monitor server to local lan , problem solved . am i  right or not ?

0
 

Author Comment

by:stemc
ID: 33532944
Yes we have all our sites connected back to head office via IPSEC VPN, the Netflow server is at HQ and all the routers we want to monitor are at remote sites.   On your advice we took a laptop with the netflow capture to one of the remote sites and it worked when plugged in to the same switch as router.

Thanks again
0
 

Author Comment

by:stemc
ID: 33541769
The solution to this problem is having a flexible netflow configured. again i have the cisco guide lines. the problem now is some of the commands like flow monitor,flow record are not available. any guidence to configure flexible netflow will be appreciated
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Building small business network 4 106
Public IP Address - Subnet 4 43
Can't access router with user and pass 10 74
Advice on router and switch 25 36
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question