1. Home
  2. Cisco Systems
  3. netflow config on a 7206

netflow config on a 7206

I have been experimenting with Netflows on my 7206 router as a replacement to switch-level MRTG monitoring.

A few things have come up.

My 7206 has 3 FE interfaces, one is the BGP Uplink to provider, the other two are internal, subnetted with my own IPs, etc.,.

So I configured the Netflows on the Uplink interface only.

interface FastEthernet 0/0 ip route-cache flow

Then in the main config added:

ip flow-export

I'm using flowtools and flowviewer on FreeBSD to do the analysis.

Everything works, but when I analyze the flows, I only see inbound traffic - i.e. my IP's are the destination, never the source (same thing is true when I just do sh ip cache flow on the router itself). Why am I not seeing outbound traffic?

Also, since I have never used netflows, I am curious if there is a performance hit when using it. Does it use up memory. If I dont clear the flow cache routinely, the sh ip cache flow cmd returns a ton of data, is that using up memory? If so, how can you force it clear out?

My 7206 is NPE-200 with 128Mb RAM, and it only pushes around 5-7Mbps.

Thanks John

Reply to
essenz
Loading thread data ...

Perhaps this helps:

mls ip flow full

Regards,

Lothar

Lothar Hofmann Mail: snipped-for-privacy@uni-siegen.de Universitaet Siegen / ZIMT Zentrum fuer Informations- und Medientechnologie Hoelderlinstr. 3 Phone: +49 271 740 4760 D - 57068 Siegen Fax: +49 271 740 2523

===================================================================

Diese Mail wurde digital signiert. Zur Pruefung wird ein Zertifikat der Zertifizierungsstelle (CA) der Universitaet Siegen benoetigt.

formatting link
===================================================================

Reply to
Lothar Hofmann

If you specify it in this way, Netflow accounting only happens on incoming traffic for that interface. An equivalent way of writing this (in recent IOS versions) is:

interface FastEthernet 0/0 ip flow ingress

That's the way it works. But - on recent IOS versions - you can get Netflow accounting for outgoing traffic as well:

interface FastEthernet 0/0 ip flow egress

As you suspect, the Netflow cache does use memory. The size of the different parts of the cache should be included in the output of "show ip cache flow".

I think (on this platform) there is a default cache size of 65536 entries, which can be changed using configuration. So the Netflow cache cannot grow out of proportion.

In that case the default settings for the Netflow cache should work. If you have many flows, if you are memory-starved, or if you aren't happy with the frequency at which long flows are expired (and exported), consider tuning the timeouts and cache size.

Reply to
Simon Leinen

That's a good suggestion on the Catalyst 6500/Cisco 7600, but not necessary on CPU-based platforms such as the 7200.

(Personally I recommend "mls ip flow interface-full" on the "MLS" platforms that support it.)

Reply to
Simon Leinen

This is a long past due followup to my original post.

I am using Netflows on my 7206 via the config:

interface FastEthernet 0/0 ip route-cache flow ip flow-export

To analyze the flow, I am using FlowViewer

formatting link
Everything is fine, but when I run an Destination AS report, it doesn't work. My flows dont appear to have any AS information in them. I would really like to get this AS report working because it will help me identify which providers to buy more bandwidth from.

Not sure if the issue is related to my routers overall BGP configuration, or if it is a netflow related config.

My router currently has a single BGP uplink (others are soon coming).

Any ideas?

-John

Reply to
essenz

Is this site off the air at the moment? Or is it only available for US internet users?

Reply to
Joop van der Velden

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.