Looking for guidance on implementing NetFlow

I've been given the task of evaluating Solarwinds Orion, a network managment tool which was purchased some time before I began working here. Part of that suite is a NetFlow traffic analysis tool.

I'm trying to get some guidance on how best to enable NetFlow in our production network. Our core and distribution layers are mostly 4510R,

8510, 4506, and 4507 switches and 3640, 7204vxr and 7206vxr routers. The access switches are 3500 and 2900 for the most part and I know that those don't support NetFlow.

- What's the best source of information on what's needed to enable NetFlow on all these devices? I've been doing some searching and I've found bits and pieces of info, some of which seems to conflict with each other.

- Is there some guidance on what to plan for as far as bandwidth and storage for the collector?

- The NetFlow tool I'm looking at expects NetFlow v5. If I use Sampled NetFlow, will that be worthwhile?

Thanks!

Reply to
pfisterfarm
Loading thread data ...

If these are older revs, all you need to do is enable ip route cache flow on each of the router or vlan interfaces, and then setup ip flow- export settings for destination (netflow server), port, version, source interface etc. Your netflow server then just needs to ensure it has the right snmp strings to provide descriptions, interface names, etc.

If its newer model, cisco has gone into slightly different configurations with central mls statements instead of each interface. You can search for netflow and mls on this forum and find some very good outlines of how to implement it, but Cisco all has good documentation on this stuff. I'm not sure what rev or hardware went to the newer mls configurations, but someone on here probably knows. Either way, that should get you started, its not too hard and you will probably find it very easy.

Reply to
Trendkill

Thanks for the quick response. As an example, I've just connected to a

4510R and tried to do 'ip route-cache flow' on one of the interfaces (Gigabit, Portchannel, Vlan) and 'mls' in global config mode, but neither one was recognized. Do I need to enable 'ip routing' or 'ip cef'... it seemed to me I saw something like that somewhere.
Reply to
pfisterfarm

Here is a great thread for the new configurations:

formatting link

Reply to
Trendkill

It looks like the routers I mentioned have 'ip route-cache flow' and 'ip flow-export', but the switches have neither 'ip route-cache flow' or mls commands available. The 4510R switch I mentioned above has

12.2(31)SGA3. That's our most recently installed switch. Is that old? I haven't been keeping up with IOS version numbers.

Thanks!

Reply to
pfisterfarm

I replied to this once, but I'm not sure where it went...

The routers seem to have the NetFlow commands, but not the switches. The switch I looked at above, the 4510R, which is the most recently installed switch, has IOS 12.2(31)SGA3. Should that be recent enough?

Reply to
pfisterfarm

When I used to mess with netflow a lot, it wasn't even available on switches, and I think (someone needs to correct me where I am wrong), that only the 6500 chassis with certain cards will support netflow from a switch perspective. You may be out of luck on your switches, but your routers should be good to go. I also know that hte 6500s are where the new mls configurations come into play. I'm sure someone else on the board will pipe up soon, but if you aren't seeing the mls configs on the switches, you are probably stuck.

Reply to
Trendkill

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.