3 Replies Latest reply on Jan 28, 2009 8:13 AM by neil.kessler

    iperf traffic not appearing in netflow traffic analyzer

      I am running iperf processes sending udp packets between two servers on two different switches (and subnets) on a lan with a cisco router.  Even though in the netflow traffic analyzer it shows, in its main window, the 10 Mbps I'm pushing from one server to the other with iperf, when I run a netflow capture from either of the subnet's interfaces, it doesn't appear as udp traffic in the capture window, or associate that traffic with either server involved.  It seems that perhaps the netflow traffic analyzer is using snmp to pull the overall throughput, but that netflow itself from cisco may not be sending other statistics about it.  Is this true?  Has anyone had any experience with this?  Thanks!

      Neil

        • Re: iperf traffic not appearing in netflow traffic analyzer
          denny.lecompte

          It seems that perhaps the netflow traffic analyzer is using snmp to pull the overall throughput

          NTA does not use SNMP to pull data.  It's a receiver that listens for NetFlow data sent from the router.

          • Re: iperf traffic not appearing in netflow traffic analyzer
            jp

            Neil, can you paste the configuration of your cisco router providing the netflow export?

            Does the flow show up in show ip route-cache flow | i <ip> ?

              • Re: iperf traffic not appearing in netflow traffic analyzer

                Below is a dump of the router config.  I'm relying on the person who set it up for me, so don't know if you need the answer to the second question apart from this.  Let me know and I can get it to you quickly.  Also, yes, I understand that NetFlow doesn't use snmp specifically.  That makes sense.  I was only theorizing that NetFlow Analyzer might've been using it for some of the info it shows because a) it does communicate via snmp with the router and b) because you could see in the analyzer's main window that there was this udp traffic (shown just in MBps in or out) but could not see it in a Flow Capture.  Thanks!

                --------------------------

                Current configuration : 5774 bytes
                !
                ! Last configuration change at 12:53:00 EST Mon Jan 26 2009 by rgarlin
                ! NVRAM config last updated at 12:53:02 EST Mon Jan 26 2009 by rgarlin
                !
                version 12.4
                service timestamps debug datetime msec localtime show-timezone
                service timestamps log datetime msec localtime show-timezone
                service password-encryption
                !
                hostname ArubaRtr
                !
                boot-start-marker
                boot system flash c3825-advipservicesk9-mz.124-23.bin
                boot system flash c3825-advipservicesk9-mz.124-3i.bin
                boot-end-marker
                !
                logging count
                logging buffered 4096 debugging
                no logging console
                enable secret 5 xxxxxxxxxxxxxxxxxxx
                !
                aaa new-model
                !
                !
                aaa authentication login default none
                aaa authentication login ciscosec group radius local
                aaa authorization exec default group radius local
                aaa authorization network default group radius local
                aaa accounting exec default start-stop group radius
                aaa accounting network default start-stop group radius
                !
                aaa session-id common
                clock timezone EST -5
                clock summer-time EDT recurring
                ip cef
                !
                !
                no ip dhcp use vrf connected
                no ip dhcp conflict logging
                ip dhcp excluded-address 192.168.3.1 192.168.3.99
                ip dhcp excluded-address 192.168.5.1 192.168.5.99
                ip dhcp excluded-address 192.168.9.1 192.168.9.99
                ip dhcp excluded-address 192.168.3.200 192.168.3.254
                ip dhcp excluded-address 192.168.5.200 192.168.5.254
                ip dhcp excluded-address 192.168.9.200 192.168.9.254
                ip dhcp ping packets 5
                ip dhcp ping timeout 300
                !
                ip dhcp pool DHCP-Aruba-Voice
                   network 192.168.3.0 255.255.255.0
                   dns-server 4.2.2.2
                   netbios-node-type h-node
                   default-router 192.168.3.1
                   lease 2 8
                !
                ip dhcp pool DHCP-Aruba-Data
                   network 192.168.5.0 255.255.255.0
                   dns-server 4.2.2.2
                   netbios-node-type h-node
                   default-router 192.168.5.1
                   lease 2 8
                !
                ip dhcp pool DHCP-Aruba-Guest
                   network 192.168.9.0 255.255.255.0
                   dns-server 4.2.2.2
                   netbios-node-type h-node
                   default-router 192.168.9.1
                   lease 2 8
                !
                !
                no ip domain lookup
                ip domain name vzb-esl.com
                ip name-server 4.2.2.2
                ip multicast-routing
                ip auth-proxy max-nodata-conns 3
                ip admission max-nodata-conns 3
                ip sla monitor 1
                 type jitter dest-ipaddr 192.168.3.10 dest-port 5060 source-port 5060 num-packets 2000
                ip sla monitor schedule 1 life forever start-time now
                !
                voice-card 0
                 no dspfarm
                !
                !
                !
                !
                !
                !
                !
                !
                !
                !
                !
                !
                !
                !
                !
                username esladmin privilege 15 secret 5 xxxxxxxxxxxx
                !        
                !
                !
                !
                !
                !
                !
                interface GigabitEthernet0/0
                 no ip address
                 ip flow ingress
                 ip flow egress
                 ip nat inside
                 ip virtual-reassembly
                 ip route-cache flow
                 duplex auto
                 speed auto
                 media-type rj45
                !
                interface GigabitEthernet0/0.1
                 description Edgemarc VLAN 1
                 encapsulation dot1Q 1 native
                 ip address 192.168.1.1 255.255.255.0
                 ip accounting output-packets
                 ip flow ingress
                 ip flow egress
                 ip nat inside
                 ip virtual-reassembly
                !
                interface GigabitEthernet0/0.3
                 description Aruba VOICE Vlan
                 encapsulation dot1Q 3
                 ip address 192.168.3.1 255.255.255.0
                 ip flow ingress
                 ip flow egress
                 ip nat inside
                 ip virtual-reassembly
                !
                interface GigabitEthernet0/0.5
                 description Aruba DATA Vlan
                 encapsulation dot1Q 5
                 ip address 192.168.5.1 255.255.255.0
                 ip flow ingress
                 ip flow egress
                 ip nat inside
                 ip virtual-reassembly
                !
                interface GigabitEthernet0/0.9
                 description Aruba GUEST Vlan
                 encapsulation dot1Q 9
                 ip address 192.168.9.1 255.255.255.0
                 ip accounting output-packets
                 ip flow ingress
                 ip flow egress
                 ip nat inside
                 ip virtual-reassembly
                !
                interface GigabitEthernet0/0.112
                 encapsulation dot1Q 112
                 ip address 172.27.112.1 255.255.255.0
                 ip flow ingress
                 ip flow egress
                 ip nat inside
                 ip virtual-reassembly
                !
                interface GigabitEthernet0/0.113
                 encapsulation dot1Q 113
                 ip address 172.27.113.1 255.255.255.0
                 ip flow ingress
                 ip flow egress
                 ip nat inside
                 ip virtual-reassembly
                !
                interface GigabitEthernet0/1
                 ip address 1.1.1.1 255.255.255.0
                 ip flow ingress
                 ip flow egress
                 ip nat outside
                 ip virtual-reassembly
                 ip route-cache flow
                 duplex auto
                 speed auto
                 media-type rj45
                !
                ip forward-protocol nd
                ip route 0.0.0.0 0.0.0.0 1.1.1.2
                !
                ip flow-export version 5
                ip flow-export destination 192.168.3.50 9996
                !
                ip http server
                no ip http secure-server
                ip nat inside source list 1 interface GigabitEthernet0/1 overload
                !
                ip access-list standard sshallow
                 permit 192.168.0.0 0.0.0.255
                 permit 166.44.162.0 0.0.0.255
                 permit 192.168.0.0 0.0.255.255
                !        
                !
                access-list 1 deny   192.168.3.49
                access-list 1 deny   192.168.3.1
                access-list 1 permit 192.168.5.0 0.0.0.255
                access-list 1 permit 192.168.9.0 0.0.0.255
                access-list 1 permit 192.168.3.0 0.0.0.255
                access-list 10 permit 192.168.3.50
                access-list 198 permit ip host 192.168.3.136 host 192.168.9.130
                access-list 198 permit ip host 192.168.9.130 host 192.168.3.136
                access-list 198 permit ip host 192.168.3.136 any
                access-list 198 permit ip host 192.168.9.130 any

                snmp-server community public RO
                snmp-server community privatetZ RW 10
                snmp-server host 192.168.3.50 version 2c public
                !
                !
                !
                radius-server host 192.168.0.20 auth-port 1812 acct-port 1813 key 7 xxxxxx
                !
                control-plane
                !
                !
                !
                !
                !
                !
                !
                !
                !
                !
                line con 0
                 exec-timeout 300 0
                 login authentication ciscosec
                line aux 0
                line vty 0 4
                 access-class sshallow in
                 exec-timeout 300 0
                 login authentication ciscosec
                 transport input ssh
                !
                scheduler allocate 20000 1000
                ntp logging
                ntp clock-period 17179749
                ntp update-calendar
                ntp server 208.75.88.4
                !
                end