FW: [nsp] NetFlow not exporting?

Fri Apr 16 17:01:47 EDT 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andy Webster wrote:

If I recall, there was a move to provide a more consistent and intuitive
configuration method for Netflow and part of that was to move the
configuration on interfaces out from under the "ip route-cache" parse chain.

I just checked a couple of routers and it is definitely available on main
interfaces as well as subinterfaces:

3725-1#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3700 Software (C3725-IS-M), Version 12.2(15)T11,  RELEASE SOFTWARE
(fc2)
3725-1(config)#int fa 0/1
3725-1(config-if)#ip flow ?
~  ingress  Enable inbound NetFlow

7200-1#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-IS-M), Version 12.3(3), RELEASE SOFTWARE (fc2)
7200-1(config)#int s 2/0
7200-1(config-if)#ip flow ?
~  ingress  Enable inbound NetFlow

| -----Original Message-----
| From: Chris Moore - GMD [mailto:chris.moore at gmd.com]
| Sent: Friday, April 16, 2004 10:32 AM
| To: 'cisco-nsp at puck.nether.net'
| Subject: [nsp] NetFlow not exporting?
|
|
| Hi all,
|
| I'm experimenting with exporting NetFlow info to nTop. My 3745 seems to
| think it is exporting NetFlow datagrams, but I'm not seeing these
| packets with my sniffer - let alone with nTop. My NetFlow config looks
| like this:
|
| interface Serial0/0
|  ip address 172.17.1.6 255.255.255.252
|  ip flow ingress
|  ip route-cache flow
|
| ip flow-export version 5
| ip flow-export destination 10.12.23.201 2055
|
| Where 10.12.23.201 is my collector. Very simple - like I said, at this
| point I'm just trying to experiment, "see what I can see".
|
| show ip flow export gives me this:
|
| Flow export v5 is enabled for main cache
|   Exporting flows to 10.12.23.201 (2055)
|   Exporting using source IP address 172.17.1.6
|   Version 5 flow records
|   4657 flows exported in 181 udp datagrams
|   0 flows failed due to lack of export packet
|   0 export packets were sent up to process level
|   0 export packets were dropped due to no fib
|   0 export packets were dropped due to adjacency issues
|   0 export packets were dropped due to fragmentation failures
|   0 export packets were dropped due to encapsulation fixup failures
|
| And show ip flow cache gives me a bunch of info about packet size,
| protocol summaries, conversations, etc - exactly what I would expect to
| see.
|
| Unfortunately I just don't see the packets on the network. I can
| generate traffic between 172.17.1.6 and 10.12.23.201 using ping or
| telnet and see that just fine on my sniffer, so I'm pretty sure the path
| is correct, the sniffer is in the right place to see the traffic and
| obviously I'm communicationg successfully between the two devices. It
| looks like the router just isn't sending the packets.
|
| My only guess is that it has something to do with the line in the show
| ip flow export output that reads "0 export packets were sent up to
| process level". Unfortunately I have been unable to find an explantation
| of the output in the Cisco docs. But I did find an exaple where the
| packets sent up to process level matched the number of export datagrams.
| Any help with reading the output of that command?
|
| Any ideas what's happening to the NetFlow UDP packets?
|
| Thanks,
|
| Chris
| _______________________________________________
| cisco-nsp mailing list  cisco-nsp at puck.nether.net
| https://puck.nether.net/mailman/listinfo/cisco-nsp
| archive at http://puck.nether.net/pipermail/cisco-nsp/
|
| _______________________________________________
| cisco-nsp mailing list  cisco-nsp at puck.nether.net
| https://puck.nether.net/mailman/listinfo/cisco-nsp
| archive at http://puck.nether.net/pipermail/cisco-nsp/

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAgEm7E1XcgMgrtyYRAgczAJwIqqP3OnJUedfggxZPw8OxRbGgpwCbBCqh
TajhD31jAm3hulwFgvcwUWU=
=MJY4
-----END PGP SIGNATURE-----