Hey Guys,
I'm about to setup Solarwinds Netflow, so I can measure and analyze the data we are using. I'm just not 100% sure where to place the netflow exporters on my switches, so if I provide you with my setup you might be able to point me in the right direction.
So I have a office where 100 people are working. At that Office I have a ASA 5505 Firewall which is connected to our ISP. From the ASA as well there is cable going to my Core Switch Cisco 3850 on Port 1. My Core Switch is then connected using 4 cables going from port: 18,20,22,24 to my Distribution Switches Cisco 2960-X (all connected on Port 24 on each switch). All clients are then connected to the Distribution switches.
So:
ASA (Port 5) <---> (Port 01) Core Switch (Port 18) <---> (Port 24) Distribution Switch 1 <---> Clients connected on the rest of the ports
(Port 20) <---> (Port 24) Distribution Switch 2 <---> Clients connected on the rest of the ports
(Port 22) <---> (Port 24) Distribution Switch 3 <---> Clients connected on the rest of the ports
(Port 24) <---> (Port 24) Distribution Switch 4 <---> Clients connected on the rest of the ports
So I found this guide of how to set up the traffic analyzer: https://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2014/01/22/netflow-and-catalyst-switch-netflow-v9-configuration-for-cisco-catalyst-3850-switch#start=50
As far as I can see is it only inbound traffic - but I would like outbound as well (unless you wouldn't recommend it)
What would best practice be, should I set this netflow up on every single interface on the distribution switches or should I leave it only on the core switch on port the uplink ports?
Thanks guys - much appreciated.