Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1193
  • Last Modified:

Netflow not working properly

We have a network with a number of remote sites all linked back to our HQ via site to site VPN's.

We wish to start monitoring the traffic is being used at each site with a view to a network upgrade.   We are using netflow to assist.

We have configured several of the renote routers now (all Cisco 877's) and they appear to be sending netflow when the commands "show ip flow export" and "show ip cache flow" are used.

The problem is the netflow only sends to server there when a router is re-booted, i.e the 877 reports it is sending netflow constantly, but the server will only receive once - that is as soon as the router starts up?

This would suggest the network is OK to receive Netflow, it seems as though the 877 is just not sending.

Can anyone help ?
0
stemc
Asked:
stemc
  • 12
  • 10
5 Solutions
 
anoopkmrCommented:
did u configure the netflow properly in 877 , I know you would have configured, just to double check

for eg ;

conf t
(config)#ip flow-export destination <netflow  monitor ip > 2048
(config)#ip flow-export source FastEthernet0/0
(config)#ip flow-export version 5
(config)#end

Verify you source-interface and destination ip/port and change accordingly. After that your router will export netflow-data to your collector/analyzer software


also did u enable it under interface
ip route-cahce flow
0
 
stemcAuthor Commented:
Thanks for the response anoopkmr.  The config is in place as above, we are trialling solar winds so the port  it uses is 2055.  

The frustrating thig is it does send the once as router boots up, then never again until next re-boot.

Thanks again
0
 
anoopkmrCommented:
can u try like this

Router(config)# ip cef
Router(config)# interface ethernet 1/0 .
Router(config-if)# ip flow ingress
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
stemcAuthor Commented:
Cheers ... Just applied but stil no netflow coming through ...

Something that may shed some light.  On the 877's we are using Vlans and I have to apply my netflow config on the Vlans rather than FE ports , config is :

interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
 switchport access vlan 102
!
interface FastEthernet3
 switchport access vlan 192
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 10.218.80.1 255.255.255.128
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Vlan101
 ip address 10.218.80.225 255.255.255.240
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Vlan102
 ip address 10.218.80.241 255.255.255.240
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Vlan192
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
0
 
anoopkmrCommented:


the above config showing int vlan with ip route-cache flow

can u change it to" ip flow ingress"

0
 
stemcAuthor Commented:
OK, jut to confirm on Vlans I have issued commands

no ip route-cache flow
ip flow ingress


Leaving conif like this :

interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.218.80.1 255.255.255.128
ip flow ingress
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Vlan101
ip address 10.218.80.225 255.255.255.240
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan102
ip address 10.218.80.241 255.255.255.240
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan192
ip address 192.168.1.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
 
-----------------
 
I'm still seeing no data come through to collection server ?

Thanks again
 
 
0
 
anoopkmrCommented:
can u just show me  after clear  the flows


clear ip flow stats
 
show ip cache flow
 
0
 
anoopkmrCommented:
can u able to rach the netflow monitor using the sorce IP of the flow
0
 
stemcAuthor Commented:
Hi anoopkmr, I have done the above sugestions, I captured the results in as log file for you to see (attached).  Thanks very much
netflow.txt
0
 
anoopkmrCommented:
ok packets displaying in the netflow cache.
can u give the out put of "show ip flow export "
also
0
 
stemcAuthor Commented:
Hi annopkmr, the log file is attached, thanks
sh-ip-fl-exp.txt
0
 
anoopkmrCommented:
18937 flows exported in 2856 udp datagrams

i can see flows are exporting ? is there anything blocking it from reaching the netflow monitor , any fw in  between
0
 
stemcAuthor Commented:
There is an ASA at head office that everthing has to pass through, I'm assuming this is all OK because when a router is first booted the flow is sent through to the server and then never agin until next re-boot.

I'm beginning to think it is a prob with the 877 series router ?
0
 
anoopkmrCommented:
before concluding that,
if possible  can  you place the netflow monitor server in vlan1 and see updates are comming or not ?
0
 
stemcAuthor Commented:
Not entirely sure what you mean by "place the netflow monitor server in vlan1".  The server is physically on a different site than the router.

If you mean to add some conif, please advise the config needed,

many thanks
0
 
anoopkmrCommented:
i mean physically move the server to vlan 1, I know it will be tough

otherwise try with a different IOS version
0
 
stemcAuthor Commented:
OK I see, I'll have a look at getting the software on a laptop and taken to site - leave it with me a few days, will let you know how it goes ....

Thanks again,

Ian
0
 
stemcAuthor Commented:
Hi anoopkmr,

We took the software to site and it worked, so ....

We investiigated the problem at network level and it is Netflow itself thats the problem. It can't be encapsulated over a VPN. To overcome this Cisco developed and updated a new version of Netflow this year, it's called Flexible Netflow.

0
 
stemcAuthor Commented:
With all the guidance from annpkmr we eventually narrowed the problem down to get a solution
0
 
anoopkmrCommented:
ok thanks for the gr8 infirmation .  so your netflow monitor was in rmote area connected via VPN and after u brought the monitor server to local lan , problem solved . am i  right or not ?

0
 
stemcAuthor Commented:
Yes we have all our sites connected back to head office via IPSEC VPN, the Netflow server is at HQ and all the routers we want to monitor are at remote sites.   On your advice we took a laptop with the netflow capture to one of the remote sites and it worked when plugged in to the same switch as router.

Thanks again
0
 
stemcAuthor Commented:
The solution to this problem is having a flexible netflow configured. again i have the cisco guide lines. the problem now is some of the commands like flow monitor,flow record are not available. any guidence to configure flexible netflow will be appreciated
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 12
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now