• State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 24 subscribers
  • Views 1285 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Cisco ip flow commands

BryanBecker

I was wondering how other customers set up NetFlow in their Cisco environment.  Traditionally, and this is how we do it today, on a router interface we have the "ip route-cache flow" on the LAN and WAN interfaces.  This is needed so that you get traffic coming in and going out of a router.

With newer code I see the the ip flow ingress and ip flow egress commands are available.  How are people using these in there environment?  Does this allow you to only enable NetFlow on the WAN interface and still get the to/from on that interface?

Thanks for you info.

BB
 

  • 0

    This has worked well for me on routers since SW released Netflow: 

    ip flow-cache timeout active 1
    ip flow-export source Loopback0
    ip flow-export version 5
    ip flow-export destination 10.x.x.x 9995


    On ALL routed interfaces:  ip route-cache flow

  • 0 in reply to joesim123

    This has worked well for me on routers since SW released Netflow: 

    ip flow-cache timeout active 1
    ip flow-export source Loopback0
    ip flow-export version 5
    ip flow-export destination 10.x.x.x 9995


    On ALL routed interfaces:  ip route-cache flow



     

    I use this now was well.  My question is more for the people using the newer ingress/egress commands and how they are different.

    BB

  • 0 in reply to BryanBecker

    the ip route-cache flow command works in the same way as ip flow ingress

  • 0 in reply to achrich

    One thing we are running into is if you have CEF enabled you will get flows from all CEF enabled interface.  It doesn't matter if the interface has the ip route cache flow on the interface or not.  We are working with our Cisco SE about this.  Now the Solarwinds part that also needs fixed is in NTA I have 1 interface for device X selected to receive flows .  Even though the Cisco device is sending flows for all CEF enabled interfaces (lets say a total of 3 interfaces)  I only have one of the 3 interfaces in NTA selected to except flow info.  However the interfaces in NTA is still collecting flow info and saving it in the database for the interfaces that I do not have selected.

  • 0 in reply to JTL

    Do you have Automatic addition of NetFlow sources enabled?

    Check in NetFlow Settings.

  • 0 in reply to mcbridea

    If you want to be able to distinguish egress flows, you need to have the "ip flow egress" command enabled. I just use "ip flow ingress" and "ip flow egress" instead of "ip route-cache flow", since I find it useful to distinguish directionality.

  • 0 in reply to jswan

    I have been using ip flow ingress as of late and it seems to work fine.

     

    One difference between ip route-cache flow and ip ingress is ip ingress/egress is targeted just for the interface you put it on.  IP route-cache  flow when put on a high level interface will also apply to subinterfaces automatically.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.