[c-nsp] Netflow config
Joe Loiacono
jloiacon at csc.com
Thu Oct 5 15:52:15 EDT 2006
cisco-nsp-bounces at puck.nether.net wrote on 10/05/2006 02:35:38 PM:
>
> I then removed 'ip route-cache flow' and added 'ip flow ingress' &
> 'ip flow egress' on all physical interfaces i.e. Gi0/0, Gi01 and
> Serial0/0/0:0. Problem I have with this config is the total traffic
> is exceeding the WAN interface i.e. I'm getting a total of 3.5Mb
> traffic when the WAN circuit is only 2Mb. Seems I'm getting traffic
> duplicated from the netflow exports.
Yep. You're getting the same traffic counted twice, first as ingress to
some interface, and a second time as egress on a second interface. 'ip
route-cache flow' only collects and exports ingress data. Since each flow
has an output i/f in it, you can get a complete picture (from an analysis
tool) using only ingress on interfaces. Not having used the options
before, I can't speak to how best to employ them...
Joe
More information about the cisco-nsp
mailing list