[nsp] NetFlow not exporting?
Chris Moore - GMD
chris.moore at gmd.com
Fri Apr 16 11:31:32 EDT 2004
Hi all,
I'm experimenting with exporting NetFlow info to nTop. My 3745 seems to
think it is exporting NetFlow datagrams, but I'm not seeing these packets
with my sniffer - let alone with nTop. My NetFlow config looks like this:
interface Serial0/0
ip address 172.17.1.6 255.255.255.252
ip flow ingress
ip route-cache flow
ip flow-export version 5
ip flow-export destination 10.12.23.201 2055
Where 10.12.23.201 is my collector. Very simple - like I said, at this point
I'm just trying to experiment, "see what I can see".
show ip flow export gives me this:
Flow export v5 is enabled for main cache
Exporting flows to 10.12.23.201 (2055)
Exporting using source IP address 172.17.1.6
Version 5 flow records
4657 flows exported in 181 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
And show ip flow cache gives me a bunch of info about packet size, protocol
summaries, conversations, etc - exactly what I would expect to see.
Unfortunately I just don't see the packets on the network. I can generate
traffic between 172.17.1.6 and 10.12.23.201 using ping or telnet and see
that just fine on my sniffer, so I'm pretty sure the path is correct, the
sniffer is in the right place to see the traffic and obviously I'm
communicationg successfully between the two devices. It looks like the
router just isn't sending the packets.
My only guess is that it has something to do with the line in the show ip
flow export output that reads "0 export packets were sent up to process
level". Unfortunately I have been unable to find an explantation of the
output in the Cisco docs. But I did find an exaple where the packets sent up
to process level matched the number of export datagrams. Any help with
reading the output of that command?
Any ideas what's happening to the NetFlow UDP packets?
Thanks,
Chris
More information about the cisco-nsp
mailing list