cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

To loopback or not to loopback (with NTA)

Hello all!  Quick question, and to be honest, I should just try it in the lab, but I'm feeling extra lazy today.  I have NTA deployed on my 100 of 200 plus MPLS routers which is working like a champ, I'm getting flow details and it is helping us out.   But as I develop a "config standard" to get this rolled out to the rest of the enterprise, I am considering changing the source to the loopback and not the Mu1 or xyz egress/ingress point for the sites.  Is there a best practice?  I am guessing if I go with Lo0 (or whatever loop we have set..) it will pick up on all of the interfaces.  How do you do it in your environment?  Am I missing a step?  I am getting the flows, and I do get the "unknown" interfaces found, which I promptly add, but is there a more efficient way to roll it out? 

Cisco Example:

ip flow-export source interface Mulilink1

ip flow-export version 5

ip flow-export destination X.X.X.X 2055

Juniper Example:

[edit interfaces ge-0/2/0 unit 402 family inet]

+       /* Configure sampling to collect packets for J-Flow */

+       sampling {

+ input;

+ output;

+       }

[edit interfaces ge-0/2/0 unit 407 family inet]

+       /* Configure sampling to collect packets for J-Flow */

+       sampling {

+ input;

+ output;

+       }

[edit interfaces ge-0/2/0 unit 416 family inet]

+       /* Configure sampling to collect packets for J-Flow */

+       sampling {

+ input;

+ output;

+       }

[edit interfaces ge-0/2/0 unit 426 family inet]

+       /* Configure sampling to collect packets for J-Flow */

+       sampling {

+ input;

+ output;

+       }

[edit interfaces ge-0/2/0 unit 430 family inet]

+       /* Configure sampling to collect packets for J-Flow */

+       sampling {

+ input;

+ output;

+       }

[edit interfaces ge-0/2/0 unit 432 family inet]

+       /* Configure sampling to collect packets for J-Flow */

+       sampling {

+ input;

+ output;

+       }

[edit interfaces ge-0/2/0 unit 624 family inet]

+       /* Configure sampling to collect packets for J-Flow */

+       sampling {

+ input;

+ output;

+       }

[edit]

+  forwarding-options {

+      sampling {  

+          input {

+ /* Collect 1 packet out of every 100 sent */

+ rate 100;

+          }

+          family inet {

+ output {

+ flow-server x.x.x.x. {

+ port 9995;

+ autonomous-system-type origin;

+ version 5;

+ }

+ }

+          }

+      }

+  }

0 Kudos
5 Replies
Level 9

Check this document that can help you:

http://thwack.solarwinds.com/docs/DOC-93695

great whitepaper!  However, is it better to add the flow source from the loopback or from the physical nodes? 

0 Kudos

We use the loopback interface most of the times, it´s easier, and we consider it as a best practice.

0 Kudos

I agree. Loopback address should never change whereas an interface potentially could.

0 Kudos
Level 9

No one ?

0 Kudos