Solved

Cisco Flexible Netflow Question

Posted on 2014-02-03
6
231 Views
Last Modified: 2014-02-21
Hello experts,

I'm in the process of configuring netflow on our Nexus 7K. I have read articles which suggest that I need to add the following command to every single interface

ip flow monitor 'flowname' input

Now we have the following interfaces:

IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan51               10.44.248.25    protocol-up/link-up/admin-up      
Vlan53               10.44.248.41    protocol-up/link-up/admin-up      
Vlan201              10.50.16.3      protocol-up/link-up/admin-up      
Vlan202              10.50.17.3      protocol-up/link-up/admin-up      
Vlan203              10.50.18.3      protocol-up/link-up/admin-up      
Vlan204              10.50.19.3      protocol-up/link-up/admin-up      
Vlan205              10.50.20.3      protocol-up/link-up/admin-up      
Vlan206              10.50.21.3      protocol-up/link-up/admin-up      
Vlan207              10.50.22.3      protocol-up/link-up/admin-up      
Vlan208              10.50.23.3      protocol-up/link-up/admin-up      
Vlan209              10.50.24.3      protocol-up/link-up/admin-up      
Vlan210              10.50.25.3      protocol-up/link-up/admin-up      
Vlan211              10.50.26.3      protocol-up/link-up/admin-up      
Vlan212              10.50.27.3      protocol-up/link-up/admin-up      
Vlan213              10.50.28.3      protocol-up/link-up/admin-up      
Vlan214              10.50.29.3      protocol-up/link-up/admin-up      
Vlan215              10.50.30.3      protocol-up/link-up/admin-up      
Vlan216              10.50.31.3      protocol-up/link-up/admin-up      
Vlan219              10.50.34.3      protocol-up/link-up/admin-up      
Vlan220              10.50.35.3      protocol-up/link-up/admin-up      
Vlan221              10.50.36.3      protocol-up/link-up/admin-up      
Vlan222              10.50.37.3      protocol-up/link-up/admin-up      
Vlan223              10.50.38.3      protocol-up/link-up/admin-up      
Vlan401              10.50.80.3      protocol-up/link-up/admin-up      
Vlan402              10.50.81.3      protocol-up/link-up/admin-up      
Vlan403              10.50.82.3      protocol-up/link-up/admin-up      
Vlan404              10.50.83.3      protocol-up/link-up/admin-up      
Vlan405              10.50.84.3      protocol-up/link-up/admin-up      
Vlan501              10.50.96.3      protocol-up/link-up/admin-up      
Vlan502              10.50.97.3      protocol-up/link-up/admin-up      
Vlan503              10.50.98.3      protocol-up/link-up/admin-up      
Vlan601              10.50.128.3     protocol-up/link-up/admin-up      
Vlan602              10.50.129.3     protocol-up/link-up/admin-up      
Vlan603              10.50.130.3     protocol-up/link-up/admin-up      
Vlan604              10.50.131.3     protocol-up/link-up/admin-up      
Vlan605              10.50.132.3     protocol-up/link-up/admin-up      
Vlan606              10.50.133.3     protocol-up/link-up/admin-up      
Vlan607              10.50.134.3     protocol-up/link-up/admin-up      
Vlan608              10.50.135.3     protocol-up/link-up/admin-up      
Vlan609              10.50.136.3     protocol-up/link-up/admin-up      
Vlan610              10.50.137.3     protocol-up/link-up/admin-up      
Vlan611              10.50.138.3     protocol-up/link-up/admin-up      
Vlan612              10.50.139.3     protocol-up/link-up/admin-up      

Should I really be adding the command to every interface here?

Also, when configuring the 'netflow exporter', can someone tell me what is the best practice when selecting the source interface through which NetFlow packets are exported?

Cheers

Carlton
0
Comment
Question by:cpatte7372
  • 3
  • 3
6 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39829643
for every interface that you want to capture packets, yes.

i use either a loopback interface (preferred) or the interface on the router for the servers.
0
 

Author Comment

by:cpatte7372
ID: 39829714
Jesper,

It was suggested, to apply the command on all interfaces with an ip address - whether you wish to capture packets on the interface or not.....!
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39829747
I put that command on all layer 3 interfaces that I want to capture.  Putting it on your external interfaces and only some of your internal interfaces will result in lop-sided data but it's really all about what you want to see.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Accepted Solution

by:
cpatte7372 earned 0 total points
ID: 39830365
Jesper,

I know its wrong to monitor both input and output on the same interface, but I can't explain it.

Can you explain why we shouldn't put both input and output on same interface. The same principle as if putting ingress and egress on the same interface...
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39830879
It's not wrong -- it's just that (at least with Cisco and Brocade), you can only monitor traffic coming into the interfaces.

So, if you want to know all detail with regard to some subset (or all) of your address space, you have to monitor the input of both downstream and upstream to get a clear 2-way traffic pattern picture.
0
 

Author Closing Comment

by:cpatte7372
ID: 39876308
Cheers
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question