4 Replies Latest reply on Nov 12, 2010 11:11 AM by bgfl-tech

    MPLS, Netflow and Orion NTA - a few questions

    bgfl-tech

      Hi,

      I've got a few questions around how Orion Netflow Traffic Analyser handles MPLS Netflow and its suitability as a product for our network environment.

      I've attached a (very) high-level diagram that shows a basic overview of our network topology. Essentially there is a core network of MPLS PE routers (Cisco 6509s running 12.2(33)SXI3) that each have multiple (over a hundred in some locations) edge CE routers attached (Cisco 3550s, 3560s & 3750s) running VRF-lite and potentially multiple VRFs.

      All PE routers are dual-homed between two 'key' core routers and the traffic flowing through the MPLS interfaces on those two routers represents the majority of traffic on the network (with the obvious exception of traffic between two CE sites attached to the same PE). Some of the PEs just represent points-of-presence for the aggregation of sites but others are also data centres and the network is managed in-house, i.e. the MPLS network is not provided by a commercial service provider.

      What I'd like to know is whether I can export the (ingress/egress/both?) Netflow information associated with the MPLS interfaces on PE 1 and PE 2 into Orion NTA (around 20 interfaces or so) and are there any compromises by doing this, i.e. how does NTA display data associated with different VRFs, will any data be missing from the Netflow record, etc?

      Is the alternative collecting the ingress flows on all the non-MPLS interfaces on the PEs from the CEs (which would represent hundreds of interfaces)?

      An example of one of the PE MPLS interfaces is:-

      !
      interface GigabitEthernet9/1
       description *** 1 Gig Fibre to xxxxxxxxx ***
       mtu 9216
       ip address 10.x.x.x 255.255.255.252
       ip pim sparse-dense-mode
       ip router isis
       mls qos trust dscp
       mpls label protocol ldp
       mpls ip
       no isis hello padding
      end
      !

      with a interface to one of the CE routers looking something like this:-

      !
      interface GigabitEthernet1/9
       description *** Site A ***
       no ip address
       speed 10
       duplex full
      !
      interface GigabitEthernet1/9.2962
       description *** Site A management network connection***
       encapsulation dot1Q 2962
       ip address 10.x.x.x 255.255.255.252
      !
      interface GigabitEthernet1/9.4059
       description *** Site A VRF1 ***
       encapsulation dot1Q 4059
       ip vrf forwarding VRF1
       ip address 10.x.x.x 255.255.255.252
      !
      interface GigabitEthernet1/9.1793
       description *** Site A VRF2 ***
       encapsulation dot1Q 1793
       ip vrf forwarding VRF2
       ip address 10.x.x.x 255.255.255.252
      !

      Any advice on the subject would be gratefully received.

      thanks

      Matthew

        • Re: MPLS, Netflow and Orion NTA - a few questions
          Andy McBride

          Hi Matthew,

          For MPLS specific NetFlow you need to implement Flexible NetFlow (FNF). This is not too difficult but the issue is that you need a collector that can interpret MPLS templates and flows in the flow export. I don't believe that this exists today. You can still implement Netflow v9 or v5 on the CE IP interfaces and get aggregated information about the interface, but the information won't be VRF specific. I don't know if you have different configs for PE1 and PE2 compared to the other PEs but it may be more efficient to configure these as provider backbone (P) routers as they have no edge function.

          Andy

            • Re: MPLS, Netflow and Orion NTA - a few questions
              bgfl-tech

              Hi Andy,

              Thanks for the reply. Is this something you're looking to incorporate into NTA at any point? When you say it doesn't exist today are you talking specifically about NTA or your understanding of the capabilities of Netflow collectors in general?

              My organisation already uses NPM and NCM which is why NTA is the first Netflow app I've looked into.

              Although I haven't shown in on the diagram PE1 and PE2 also have CEs connected - I just admitted that for simplicity’s sake.

              Thanks

              Matthew

                • Re: MPLS, Netflow and Orion NTA - a few questions
                  Andy McBride

                  I'll mark this for the NTA PM to look at and comment on the the MPLS support. I've looked over a lot of collectors, some have FNF for a couple of use cases but I have not seen any supporting MPLS fields.

                    • Re: MPLS, Netflow and Orion NTA - a few questions
                      bgfl-tech

                      Thanks Andy. In terms of standard Netflow fields will NTA still report on all the usual fields - source, destination, ports, etc. of the underlying IP traffic passing through those MPLS interfaces?

                      As all the seperate VRFs are our own (for different functional areas) we don't actually have any duplication of IP addresses and could identify VPNs/VRFs by source/destination addresses.

                      Essentially, what does NTA collate when sent flows generated using the ip flow ingress / ip flow egress comamnds under an MPLS interface?

                      As we're already made an investment in the Orion family I'd prefer to go with NTA if possible as opposed to a seperate product with its own infrastructure requirements as long as I can get a good understanding of what it can deliver in our environment.

                      thanks

                      Matthew

                       

                      !
                      interface GigabitEthernet9/1
                       description *** 1 Gig Fibre to xxxxxxxxx ***
                       mtu 9216 ip address 10.x.x.x 255.255.255.252
                       ip flow ingress
                       ip flow egress

                       ip pim sparse-dense-mode
                       ip router isis
                       mls qos trust dscp
                       mpls label protocol ldp
                       mpls ip
                       no isis hello padding
                      end
                      !


                      'mpls netflow egress' translated to 'ip flow egress'