4 Replies Latest reply on Apr 7, 2017 6:59 AM by dwsmithjr

    Not seeing what I would expect - configuring netflow

    dwsmithjr

      We are using a very simple configuration.

       

      On the WAN interface of the Cisco router we have this:

       

      ip flow ingress

      ip flow egress

       

      Then we use this where the destinations are the Orion server and another Netflow collector.

       

      ip flow-export source Loopback0

      ip flow-export version 9

      ip flow-export destination 1x.xx.x.xxx 2055

      ip flow-export destination 1x.xx.xx.xx 2055

       

      The issue is that at one time with Netflow we had detailed and helpful information in Orion, particularly regarding "conversations" and "end points", that allowed us to determine what was using up bandwidth at any given time. We would go to the interface in Orion and see the charts. Now, for some time, the charts don't contain much useful information. Typically, the only conversations are management traffic from Orion and our compliance and configuration management appliance. All other traffic doesn't appear.

       

      So, in a recent case, we had a location with a 10Mbps ethernet connection. The connection, during a particular period was at 7.5 to 8.0 Mbps according to utilization in Orion and users were complaining. When I looked at the netflow charts for that time period they only showed about 500Kbps of traffic and only management traffic, no other user traffic or conversations. This was not always the case and the configuration we are using has not really changed. it has always been this simple. We are on NTA 4.1.2 and the problem started earlier than this.

       

      Can someone suggest how we might change the configuration? Is there some issue with NTA that might explain this change and the paucity of information. Essentially at this point Netflow in Orion  is largely useless for us.