Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Cisco Flexible Netflow Question

Posted on 2014-02-03
Last Modified: 2014-02-21
Hello experts,

I'm in the process of configuring netflow on our Nexus 7K. I have read articles which suggest that I need to add the following command to every single interface

ip flow monitor 'flowname' input

Now we have the following interfaces:

IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan51         protocol-up/link-up/admin-up      
Vlan53         protocol-up/link-up/admin-up      
Vlan201          protocol-up/link-up/admin-up      
Vlan202          protocol-up/link-up/admin-up      
Vlan203          protocol-up/link-up/admin-up      
Vlan204          protocol-up/link-up/admin-up      
Vlan205          protocol-up/link-up/admin-up      
Vlan206          protocol-up/link-up/admin-up      
Vlan207          protocol-up/link-up/admin-up      
Vlan208          protocol-up/link-up/admin-up      
Vlan209          protocol-up/link-up/admin-up      
Vlan210          protocol-up/link-up/admin-up      
Vlan211          protocol-up/link-up/admin-up      
Vlan212          protocol-up/link-up/admin-up      
Vlan213          protocol-up/link-up/admin-up      
Vlan214          protocol-up/link-up/admin-up      
Vlan215          protocol-up/link-up/admin-up      
Vlan216          protocol-up/link-up/admin-up      
Vlan219          protocol-up/link-up/admin-up      
Vlan220          protocol-up/link-up/admin-up      
Vlan221          protocol-up/link-up/admin-up      
Vlan222          protocol-up/link-up/admin-up      
Vlan223          protocol-up/link-up/admin-up      
Vlan401          protocol-up/link-up/admin-up      
Vlan402          protocol-up/link-up/admin-up      
Vlan403          protocol-up/link-up/admin-up      
Vlan404          protocol-up/link-up/admin-up      
Vlan405          protocol-up/link-up/admin-up      
Vlan501          protocol-up/link-up/admin-up      
Vlan502          protocol-up/link-up/admin-up      
Vlan503          protocol-up/link-up/admin-up      
Vlan601         protocol-up/link-up/admin-up      
Vlan602         protocol-up/link-up/admin-up      
Vlan603         protocol-up/link-up/admin-up      
Vlan604         protocol-up/link-up/admin-up      
Vlan605         protocol-up/link-up/admin-up      
Vlan606         protocol-up/link-up/admin-up      
Vlan607         protocol-up/link-up/admin-up      
Vlan608         protocol-up/link-up/admin-up      
Vlan609         protocol-up/link-up/admin-up      
Vlan610         protocol-up/link-up/admin-up      
Vlan611         protocol-up/link-up/admin-up      
Vlan612         protocol-up/link-up/admin-up      

Should I really be adding the command to every interface here?

Also, when configuring the 'netflow exporter', can someone tell me what is the best practice when selecting the source interface through which NetFlow packets are exported?


Question by:cpatte7372
  • 3
  • 3
LVL 28

Expert Comment

by:Jan Springer
ID: 39829643
for every interface that you want to capture packets, yes.

i use either a loopback interface (preferred) or the interface on the router for the servers.

Author Comment

ID: 39829714

It was suggested, to apply the command on all interfaces with an ip address - whether you wish to capture packets on the interface or not.....!
LVL 28

Expert Comment

by:Jan Springer
ID: 39829747
I put that command on all layer 3 interfaces that I want to capture.  Putting it on your external interfaces and only some of your internal interfaces will result in lop-sided data but it's really all about what you want to see.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Accepted Solution

cpatte7372 earned 0 total points
ID: 39830365

I know its wrong to monitor both input and output on the same interface, but I can't explain it.

Can you explain why we shouldn't put both input and output on same interface. The same principle as if putting ingress and egress on the same interface...
LVL 28

Expert Comment

by:Jan Springer
ID: 39830879
It's not wrong -- it's just that (at least with Cisco and Brocade), you can only monitor traffic coming into the interfaces.

So, if you want to know all detail with regard to some subset (or all) of your address space, you have to monitor the input of both downstream and upstream to get a clear 2-way traffic pattern picture.

Author Closing Comment

ID: 39876308

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
New Server  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question