Is it possible to pull data from this router?
I'm trying to ensure that we have everything set up. Source is loopback0. I have destination/port point to Orion server. However, no NetFlow traffic is being detected when we pull via Orion.
Any ideas?
This is really a Cisco question. Here's what I found from checking out Cisco's site:
www.cisco.com/.../technologies_white_paper0900aecd802a0eb9_ps6601_Products_White_Paper.html
Ive used netflow export on 3845`s no issues ( with source as a loopback and version 5 configured ) running 12.4 code.
Are you running any IPSec tunnels on this router? I ran into a similar problem where the netflow data was not getting sent through the VPN tunnel. I had to adjust NPM to poll the public interface of the 3845 router as well as the Netflow source interface . This fixed the issue.
i think its the case you will need to polling all the interfaces that you intend to monitor in NPM and netlfow, so in this instance you would need to be monitoring any interface you have netflow enabled on and your management interface ( source of netflow exports ), i don`t think that is specific to a model of router but just the way Orion works.
The source IP address of the datagrams exported by NetFlow is used by the destination system to determine which router the NetFlow data is arriving from. If your network has two or more paths that can be used to send NetFlow datagrams from the router to the destination system, and you do not specify the source interface to obtain the source IP address from, the router will use the IP address of the interface that the datagram is transmitted over as the source IP address of the datagram. In this situation it is possible that the destination system will receive NetFlow datagrams from the same router with different source IP addresses. This will cause the destination system to treat the NetFlow datagrams as if they are being sent from different routers unless you have configured the destination system to aggregate the NetFlow datagrams it receives from all of the possible source IP addresses in the router into a single NetFlow flow.
The interface that you configure as the ip flow-export source interface must have an IP address configured and it must be up.
Give this a shot; ip flow-export Loopback0
However, if your not receiving any data in orion, do you have an Access list blocking the ports your using for Netflow?
hope it helps
There is no ACL blocking ports on the Netflow collection server. We upgraded to Orion 8.5.1 and Netflow Traffic Analyzer 2.2.1 and we now see the flow is hitting the box, but because the loopback0 address is the flow source, it is discarding them because that IP is unknown/unmanaged.
We can't add that interface via SNMPv3. We can only add it via ICMP. That defeats the purpose because you're not getting that data.
The loopback does show up as an interface on the router. However, the router has one address and the loopback was assigned with a different address. That loopback address is the source. NetFlow sees the data but is dropping it because it doesn't recognize the address.
We have tried to add the loopback as a node, but with no success. You would think that the same credentials that work for the gig ethernet interface would work for the loopback, but it isn't the case.
I guess at the end of the day, I was wondering if there was a work around within Orion/Netflow Traffic Analyzer to make this work without turning things upside down.
