FW: [nsp] NetFlow not exporting?

Andy Webster awebster at illinois.net
Fri Apr 16 16:16:45 EDT 2004 

hi,
	I am curious.  I have never seen the ip flow ingress command
when doing netflow before.  When I look it up on cisco's website it says
this command is for use on subinterfaces.  What is it doing on the main
interface in this example?
	  So is cisco's website wrong?  (that wouldn't surprise me!)  If
cisco's docs are wrong can someone help me out.  What is "ip flow
ingress" really doing? 

From
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_
reference_chapter09186a008017cf29.html#wp1101595

ip flow ingress 
To configure NetFlow on a subinterface, use the ip flow ingress command
in subinterface configuration mode. To disable NetFlow on a
subinterface, use the no form of this command. 

ip flow ingress

no ip flow ingress

Syntax Description 
This command has no arguments or keywords. 

Defaults 
This command is disabled by default. 

Command Modes 
Subinterface configuration 


-----Original Message-----
From: Chris Moore - GMD [mailto:chris.moore at gmd.com] 
Sent: Friday, April 16, 2004 10:32 AM
To: 'cisco-nsp at puck.nether.net'
Subject: [nsp] NetFlow not exporting?


Hi all,

I'm experimenting with exporting NetFlow info to nTop. My 3745 seems to
think it is exporting NetFlow datagrams, but I'm not seeing these
packets with my sniffer - let alone with nTop. My NetFlow config looks
like this:

interface Serial0/0
 ip address 172.17.1.6 255.255.255.252
 ip flow ingress
 ip route-cache flow

ip flow-export version 5
ip flow-export destination 10.12.23.201 2055

Where 10.12.23.201 is my collector. Very simple - like I said, at this
point I'm just trying to experiment, "see what I can see".

show ip flow export gives me this:

Flow export v5 is enabled for main cache
  Exporting flows to 10.12.23.201 (2055)
  Exporting using source IP address 172.17.1.6
  Version 5 flow records
  4657 flows exported in 181 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures

And show ip flow cache gives me a bunch of info about packet size,
protocol summaries, conversations, etc - exactly what I would expect to
see.

Unfortunately I just don't see the packets on the network. I can
generate traffic between 172.17.1.6 and 10.12.23.201 using ping or
telnet and see that just fine on my sniffer, so I'm pretty sure the path
is correct, the sniffer is in the right place to see the traffic and
obviously I'm communicationg successfully between the two devices. It
looks like the router just isn't sending the packets.

My only guess is that it has something to do with the line in the show
ip flow export output that reads "0 export packets were sent up to
process level". Unfortunately I have been unable to find an explantation
of the output in the Cisco docs. But I did find an exaple where the
packets sent up to process level matched the number of export datagrams.
Any help with reading the output of that command?

Any ideas what's happening to the NetFlow UDP packets?

Thanks,

Chris
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list