[nsp] NetFlow not exporting?

Bruce Pinsky bep at whack.org
Fri Apr 16 15:01:48 EDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Moore - GMD wrote:

| Hi all,
|
| I'm experimenting with exporting NetFlow info to nTop. My 3745 seems to
| think it is exporting NetFlow datagrams, but I'm not seeing these packets
| with my sniffer - let alone with nTop. My NetFlow config looks like this:
|
| interface Serial0/0
|  ip address 172.17.1.6 255.255.255.252
|  ip flow ingress
|  ip route-cache flow
|
| ip flow-export version 5
| ip flow-export destination 10.12.23.201 2055
|
| Where 10.12.23.201 is my collector. Very simple - like I said, at this point
| I'm just trying to experiment, "see what I can see".
|
| show ip flow export gives me this:
|
| Flow export v5 is enabled for main cache
|   Exporting flows to 10.12.23.201 (2055)
|   Exporting using source IP address 172.17.1.6
|   Version 5 flow records
|   4657 flows exported in 181 udp datagrams
|   0 flows failed due to lack of export packet
|   0 export packets were sent up to process level
|   0 export packets were dropped due to no fib
|   0 export packets were dropped due to adjacency issues
|   0 export packets were dropped due to fragmentation failures
|   0 export packets were dropped due to encapsulation fixup failures
|
| And show ip flow cache gives me a bunch of info about packet size, protocol
| summaries, conversations, etc - exactly what I would expect to see.
|
| Unfortunately I just don't see the packets on the network. I can generate
| traffic between 172.17.1.6 and 10.12.23.201 using ping or telnet and see
| that just fine on my sniffer, so I'm pretty sure the path is correct, the
| sniffer is in the right place to see the traffic and obviously I'm
| communicationg successfully between the two devices. It looks like the
| router just isn't sending the packets.
|
| My only guess is that it has something to do with the line in the show ip
| flow export output that reads "0 export packets were sent up to process
| level". Unfortunately I have been unable to find an explantation of the
| output in the Cisco docs. But I did find an exaple where the packets sent up
| to process level matched the number of export datagrams. Any help with
| reading the output of that command?
|
| Any ideas what's happening to the NetFlow UDP packets?
|

Silly question....any access lists that could be blocking the packets?

Tried "debug ip flow export"?  If so, anything telling in the output?

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAgC2bE1XcgMgrtyYRAlRBAJ4oBGQyjkiSwkf4nLzxQjcO4ZIvzwCgldv6
12NMzxrm7SYg2ADGxeZXpmA=
=MSnH
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list