[c-nsp] flexible netflow - ASR1K / vrf

CiscoNSP List cisconsp_list at hotmail.com
Sat Jan 10 16:48:19 EST 2015 

Thanks Gert - I have the exact (Netflow) config on BDI Int, as I do on the physical Int.....BDI netflow results were not giving me the results(I tried every combination of input+output on BDI Int, and x-connect link) I would expect....the physical Int netflow outputs are what I would expect (Seeing flows in both directions)

i.e.

With "old" netflow, you enabled "ip flow ingress" on the Ints you wanted to track flows in both directions (Example - Customer Interface, and IP Transit Interface)...customer pinging an Internet IP, egress traffic(From customer) would get captured by ip flow ingress on the customer interface, and ingress traffic(To customer) would be captured by ip flow ingress on IP Transit Interface.



> Date: Sat, 10 Jan 2015 22:05:25 +0100
> From: gert at greenie.muc.de
> To: cisconsp_list at hotmail.com
> CC: gert at greenie.muc.de; mrantoinemonnier at gmail.com; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] flexible netflow - ASR1K / vrf
> 
> Hi,
> 
> On Sun, Jan 11, 2015 at 06:28:50AM +1100, CiscoNSP List wrote:
> > Just an update to this - I opened a TAC case, but it wasnt progressing (They were saying it was expected behaviour).
> > 
> > I showed them similar test to+through a 7200 (ping), and Netflow reported trafffic in both directions.
> > 
> > 
> > I also tried connecting a laptop directly to the ASR(No BDI Int), enabled FNF on that Interface, and voila, saw flows in both directions....so it appears to be an issue with BDI Interfaces/Netflow....TAC agree, and are currently looking at it as a potential bug..how long this will take is anyones guess.
> 
> Whether you see input or output flows fully depends on how you *configure*
> your netflow.  Like, "ip flow ingress" plus "ip flow egress" on the same
> interface will show you both directions, only one of them will give you
> only one.
> 
> Some platforms have limitations, like 6500 without per-interface netflow
> will always give you "everything!" (which implies "both directions").
> 
> But if you configure your monitor with "in", TAC is right telling you that
> it is not supposed to give you flows "out".
> 
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                            //www.muc.de/~gert/
> Gert Doering - Munich, Germany                             gert at greenie.muc.de
> fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the cisco-nsp mailing list