[c-nsp] Netflow - 6509
Alex Rubenstein
alex at nac.net
Sun Jan 15 17:31:34 EST 2006
Actually, having netflow (mls nde, really) on the Sup2 and not the MSFC2
is perfectly OK, since all of your traffic *should* be switched on the
Sup2/PFC2, and not by the MSFC.
Also, in todays networks, sampling is recommended. Also good, if you have
junipers in your network, you can have the sampling match across your
machines to cut down on the post-processing craziness.
We use:
mls rp ip route-map
mls rp ip
mls aging fast time 8 threshold 64
mls aging long 64
mls aging normal 64
mls netflow usage notify 80 300
mls flow ip interface-full
mls flow ipx destination
mls nde sender version 5
mls nde interface
mls sampling packet-based 1024 4096
ip flow-export source Loopback0
ip flow-export version 5 origin-as
ip flow-export destination 64.xx.yy.ff [port]
Sampling is also nice because it is not global; you can do per-interface
netflow. By putting the commands in above, that alone will not cause
anything to be exported. On any interface (physical, or svi), you can:
interface Vlan43
description [something]
ip address a.b.c.d e.f.g.h
no ip redirects
mls netflow sampling
We do not use 'ip route-cache netflow' anywhere.
On Sun, 15 Jan 2006, Rubens Kuhl Jr. wrote:
> Sup2/MSFC2 can do Netflow themselves, no extra hardware needed, but
> you need to enable NetFlow collection on the Sup2 also, not only the
> MSFC2.
>
> A suggested config for this I saved from a list:
>
> mls aging long 64
> mls aging normal 32
> mls flow ip interface-full
> mls nde sender
> mls nde interface
>
> ip flow-cache timeout active 1
> mls flow ip interface-full
> ip flow-export source Loopback0
> ip flow-export version 5
> ip flow-export destination x.x.x.x 2055
>
>
> Rubens
>
>
>
>
> On 1/15/06, Paul Stewart <pstewart at nexicomgroup.net> wrote:
>> Sup2
>>
>> Thanks...
>>
>> -----Original Message-----
>> From: Rubens Kuhl Jr. [mailto:rubensk at gmail.com]
>> Sent: Sunday, January 15, 2006 10:51 AM
>> To: Paul Stewart
>> Subject: Re: [c-nsp] Netflow - 6509
>>
>> What's the supervisor, Sup1 or Sup2 ?
>>
>>
>> Rubens
>>
>> On 1/15/06, Paul Stewart <pstewart at nexicomgroup.net> wrote:
>>> Hi everyone...
>>>
>>> I'm trying to setup Netflow monitoring on a 6509 (MSFC2) but the data
>>> being received at the netflow collector (ManageEngine NetFlow Analyzer
>>> 5) is "sparse"... I'm trying to collect AS information to see which
>>> AS's we talk to the most etc... I've taken a peering router and setup
>>
>>> netflow on it (2811) and it works fine....
>>>
>>> Do I need a netflow card in the 6500? Someone suggest that to me but
>>> wanted to confirm if it's needed... We're running native IOS BTW...
>>>
>>> Thanks,
>>>
>>> Paul Stewart
>>> IP Routing/Switching
>>> Nexicom Inc.
>>> http://www.nexicom.net/
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Alex Rubenstein, AR97, K2AHR, alex at nac.net, latency, Al Reuben
Net Access Corporation, 800-NET-ME-36, http://www.nac.net
More information about the cisco-nsp
mailing list