16 Replies Latest reply on May 11, 2017 11:21 AM by rschroeder

    Not Netflow

    rcmagararu

      Hi Guys need some assistance,

       

      i'm not able to see netflow from our solarwinds.

      i've already configured it in our routers.

       

      interface GigabitEthernet0/0

      ip address 192.168.1.3 255.255.255.252

      ip flow ingress

      ip flow egress

      ip nat outside

      ip virtual-reassembly in

      duplex full

      speed 100

      no cdp enable

      no mop enabled

      bfd interval 500 min_rx 500 multiplier 3

       

      Source(1)       192.168.1.3 (GigabitEthernet0/0)

          Source(2)       100.65.0.30 (GigabitEthernet0/0)

          Destination(1)  10.2.1.10 (9996)

          Destination(2)  10.2.1.11 (9996)

       

      netlow 2.jpg

       

       

      Netflow.jpg

        • Re: Not Netflow
          ken_cohen

          there should be Monitor and Exporter configurations in the router, can you list them?

            • Re: Not Netflow
              rcmagararu

              Yes,

               

              ip flow-export source GigabitEthernet0/0

              ip flow-export version 5

              ip flow-export destination 10.2.1.10 9996

              ip flow-cache timeout active 1

              ip flow-cache timeout inactive 15

                • Re: Not Netflow
                  ken_cohen

                  Hi -

                   

                  I think you're using the older syntax.  Here's my configs for the flow record, flow exporter and flow monitor:

                   

                  flow record SWR

                  match ipv4 protocol

                  match ipv4 source address

                  match ipv4 destination address

                  match transport source-port

                  match transport destination-port

                  match interface input

                  match interface output

                  collect counter bytes

                   

                  flow exporter SWE

                  description SolarWinds Netflow

                  destination (ip address of the SW poller)

                  source Loopback1 (or whatever interface you want to use as the source)

                  transport udp 2055 (this may be whatever port number you prefer but must match with the NTA's port number)

                   

                  flow monitor SWM

                  description SolarWinds Netflow

                  exporter SWE

                  cache timeout active 60

                  cache entries 1000

                  record SWR

                   

                  BTW, there is no need to have the "ip flow" defined in the interface.   All viable interfaces will show up.

                  Keep us posted!

              • Re: Not Netflow
                Hock

                The default NTA port is 2055. Did you update it to 9996?

                 

                Do also make sure that your firewall allow udp 9996 if you are going to use this port

                • Re: Not Netflow
                  rcmagararu

                  Thanks Guys, i will try this one and ill let you know.

                   

                  Hock: yes we update it to 9996 and we allow it through firewall.

                   

                  my our main issue is. we've enabled both netflow and CBQOS but only the CBQOS is responding but not the netflow

                   

                   

                  error2.jpg

                  • Re: Not Netflow
                    superfly99

                    Are you monitoring the node in Solarwinds as 192.168.1.3?

                    • Re: Not Netflow
                      bartley

                      Is ever solved, because i see the same issue.

                      CBQOS is logged, but no netflow.

                      • Re: Not Netflow
                        rschroeder

                        I recorded this process for my team to implement Netflow, and to migrate from NetFlow to NBar2 on our Cisco routers.  Perhaps it will help you get it going in your environment:

                         

                        Convert NetFlow to NBar2 on Cisco routers & L3 switches

                         

                        1. Identify the Interface(s) on which to enable Netflow Nbar2.
                          Ex:  routers usually use int Gi0/0 for the WAN
                        2. Identify the source Interface for sending Netflow--usually Loopback0
                        3. Identify the destination IP address of the appropriate NTA Poller/Orion server and record it for use in the configurations below

                         

                        Use these commands on the router:
                        conf t
                        flow record NTArec
                        match ipv4 tos
                        match ipv4 protocol
                        match ipv4 source address
                        match ipv4 destination address
                        match transport source-port
                        match transport destination-port
                        match interface input
                        collect interface output
                        collect counter bytes
                        collect counter packets
                        collect application name
                        exit

                         

                        flow exporter NTAexp
                        destination (enter in the IP address of your Orion poller, discovered & recorded above)
                        source Loopback0
                        transport udp 2055
                        export-protocol netflow-v9
                        template data timeout 60
                        option application-table timeout 60
                        option application-attributes timeout 300
                        exit

                        flow monitor NTAmon
                        description NetFlow nbar
                        record NTArec
                        exporter NTAexp
                        cache timeout inactive 30
                        cache timeout active 60
                        exit

                        interface GigabitEthernet0/0
                        ip flow monitor NTAmon input
                        ip flow monitor NTAmon output
                        exit

                         

                          • Re: Not Netflow
                            bartley

                            Tried this, without success. and i see the netflow if i do a wireshark. very strange.

                            • Re: Not Netflow
                              miller2529

                              I have basically the same setup and I was seeing all the NTA diagrams filling up with information (I also have a Cisco TAC case open and a SOLARWINDS ticket open) and I was happy but at the same time I got all the information showing up, it stopped showing all of a sudden and come to find out my other coworkers were working on the router at the same time to fix a VPN tunnel to one of our remote sites and the Cisco TAC person said the reason the VPN was having problems was  because of some netflow statements I had and when those changes were made then some of my NETFLOW diagrams stopped showing information, so I am going back to the TAC notes to see if he noted what NETFLOW statements he changed or deleted.

                                • Re: Not Netflow
                                  rschroeder

                                  Hopefully you are using Network Configuration Manager  to track configuration changes on those tunnels.  If so, it will be a very easy two clicks to see what changed.  Then you can copy the original configuration and paste it back into the VPN appliance, and your Netflow information will begin working again.