9 Replies Latest reply on Mar 16, 2011 6:51 PM by mavturner

    Netflow support for Cisco 2951

    a.narayanpur

      Hello

       

      I have the following setup.

      NTA---Nexus 1000v -----3750 stack----ASA----Cisco 2951. I am able to ping the NTA server and IP level access has been provided on the ASA. When I add the 2951 router using SNMP it adds the source and shows me traffic on every interface. It shows me the trends.

      But when I go to Netflow and add these devices, I see green icons showing that they are up but am unable to see information like top 5 receivers or transmitters.When I click on the interface that is the Netflow source, it gives me the following pop up.

       

       
      Node details not  available
      Details for node  'cr01' are not available because NetFlow and CBQoS data  are not available.

      Refer to vendor's device documentation to enable these  features.

      What is NetFlow? What is CBQoS?

      Also I saw a post from Marie that says that 2951 does not support Netflow. I saw a presentation where Solarwinds Geek Josh is explaing about Netflow and has the 2951 on his slide. Also another site where a customer confirmed that Netflow was working on the 2951. Cisco's website also says that netflow is supported on 2951. When I spoke to someone from SolarWinds during the demonstration meeting, even he said that 2951 does not support netflow. 

      Here are the links.

      Cisco devices that support NetFlow for flow-based traffic analysis

      Configuration Issues - NTA / Netflow on Outside Cisco Devices?CMP=LEC-SWFEED-RES-THR

      http://www.slideshare.net/SolarWinds/orion-nta-customer-training-part-ii

      Can someone please clarify this ?

        • Re: Netflow support for Cisco 2951
          jeff.stewart

          Can you provide us the netflow configuration from your router?

            • Re: Netflow support for Cisco 2951
              a.narayanpur

              cr02#sh running-config | i flow
               ip flow ingress
               ip flow egress
               ip flow ingress
               ip flow egress
               ip flow ingress
               ip flow egress
               ip flow ingress
               ip flow egress
               ip flow ingress
               ip flow ingress
               ip flow ingress
              ip flow-export source GigabitEthernet1/0.501
              ip flow-export version 5
              ip flow-export destination 10.107.0.46 2055
               flowcontrol software
              cr02#

                • Re: Netflow support for Cisco 2951
                  jeff.stewart

                  Can you verify that the device is sending flow information to the Orion server? 

                  'Show ip cache flow' to see the netflow statistics.

                  Also verify using wireshark that the packets are making it to the server.  If you want to filter for just those packets apply the cflow filter.

                    • Re: Netflow support for Cisco 2951
                      a.narayanpur

                      I am able to see the traffic being sent to the server.

                      cr02#sh ip flow export
                      Flow export v5 is enabled for main cache
                        Export source and destination details :
                        VRF ID : Default
                          Source(1)       172.16.1.3 (GigabitEthernet1/0.501)
                          Destination(1)  10.107.0.46 (2055)
                        Version 5 flow records
                        2651 flows exported in 846 udp datagrams
                        0 flows failed due to lack of export packet
                        0 export packets were sent up to process level
                        0 export packets were dropped due to no fib
                        0 export packets were dropped due to adjacency issues
                        0 export packets were dropped due to fragmentation failures
                        0 export packets were dropped due to encapsulation fixup failures

                       

                      cr02#sh ip cache flow
                      IP packet size distribution (464533 total packets):
                         1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
                         .000 .053 .932 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

                          512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
                         .000 .000 .000 .000 .012 .000 .000 .000 .000 .000 .000

                      IP Flow Switching Cache, 278544 bytes
                        12 active, 4084 inactive, 2665 added
                        152613 ager polls, 0 flow alloc failures
                        Active flows timeout in 30 minutes
                        Inactive flows timeout in 15 seconds
                      IP Sub Flow Cache, 34056 bytes
                        12 active, 1012 inactive, 2665 added, 2665 added to flow
                        0 alloc failures, 0 force free
                        1 chunk, 1 chunk added
                        last clearing of statistics never
                      Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
                      --------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
                      TCP-Telnet           2      0.0         3    50      0.0       1.0      15.3
                      TCP-WWW              7      0.0         6    77      0.0       3.3       3.5
                      TCP-SMTP             2      0.0         2    48      0.0       0.7      15.4
                      TCP-X                1      0.0         1    40      0.0       0.0      15.8
                      TCP-BGP            549      0.0         2   791      0.0       4.5      15.4
                      TCP-other           53      0.0        35    59      0.0       4.1      13.6
                      UDP-NTP             32      0.0         1    76      0.0       0.0      15.8
                      UDP-Frag             7      0.0       720  1144      0.0    1791.3       9.3
                      UDP-other         1356      0.0       321    82      0.1      39.9      15.3
                      ICMP               605      0.0        24    57      0.0       2.6      15.4
                      IP-other            40      0.0       100    79      0.0     943.1       9.4
                      Total:            2654      0.0       174    94      0.1      40.9      15.2

                      SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
                      Gi0/1         207.54.114.125  Local         64.201.170.158  06 966F 00B3     2
                      Gi1/0.104     192.168.4.54    Local         10.104.0.3      06 D922 0016    62
                      Gi1/0.501     172.16.1.2      Null          224.0.0.2       11 07C1 07C1   116
                      Gi1/0.501     10.107.0.46     Gi1/0.502     172.16.2.4      11 E4BD 00A1    27
                      Gi1/0.502     10.107.0.46     Gi1/0.502     172.16.2.4      11 E4BD 00A1  1701
                      Gi1/0.104     10.104.0.211    Null          232.0.1.10      11 0000 0000   128
                      Gi1/0.104     10.104.0.211    Null          232.0.1.10      11 2328 2328    37
                      Gi1/0.502     172.16.2.2      Null          224.0.0.2       11 07C1 07C1   115
                      Gi1/0.501     172.16.1.4      Null          224.0.0.5       59 0000 0000    26
                      Gi1/0.501     172.16.1.2      Null          224.0.0.5       59 0000 0000    31
                      Gi1/0.502     172.16.2.2      Null          224.0.0.5       59 0000 0000    33

                        • Re: Netflow support for Cisco 2951
                          a.narayanpur

                          How do you check that?

                            • Re: Netflow support for Cisco 2951
                              a.narayanpur

                              I installed Wireshark and verified that cflow packets from the router are hitting the NPM server.

                              Like Marie mentioned in one of the links pasted earlier, wonder if SolarWinds supports 2900 routers. Cisco TAC, the CLI and the website seems to claim that Cisco 2951 support Netflow. When I configure top talkers on the Cisco 2951 CLI I am able to see the top 10 talkers. So the 2951 definetly supports Netflow.

                              sh ip flow top-talkers

                              SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP Bytes
                              Gi0/1         64.x.x.x    Gi1/0.501     19.x.x.x                31  06 5DD9 01BB    32M

                              I am trying to do this with another server and router (Cisco 1811) and exporting data over an IPSec tunnel. I have the same issue there too.

                              Please suggest.

                                • Re: Netflow support for Cisco 2951
                                  mavturner

                                  Do you see any errors in the NTA event log? For example, something saying you are receiving flows from an unmonitored interface or unmanaged device?

                                  You must be managing the router with the same IP address (in NPM) as the source interface for the netflow configuration. I've seen many customers who are using a different management interface that the interface they are sourcing the flows from.

                                  Mav

                            • Re: Netflow support for Cisco 2951
                              a.narayanpur

                              I am able to see the traffic being sent to the server.

                              cr02#sh ip flow export
                              Flow export v5 is enabled for main cache
                                Export source and destination details :
                                VRF ID : Default
                                  Source(1)       172.16.1.3 (GigabitEthernet1/0.501)
                                  Destination(1)  10.107.0.46 (2055)
                                Version 5 flow records
                                2651 flows exported in 846 udp datagrams
                                0 flows failed due to lack of export packet
                                0 export packets were sent up to process level
                                0 export packets were dropped due to no fib
                                0 export packets were dropped due to adjacency issues
                                0 export packets were dropped due to fragmentation failures
                                0 export packets were dropped due to encapsulation fixup failures

                               

                              cr02#sh ip cache flow
                              IP packet size distribution (464533 total packets):
                                 1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
                                 .000 .053 .932 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

                                  512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
                                 .000 .000 .000 .000 .012 .000 .000 .000 .000 .000 .000

                              IP Flow Switching Cache, 278544 bytes
                                12 active, 4084 inactive, 2665 added
                                152613 ager polls, 0 flow alloc failures
                                Active flows timeout in 30 minutes
                                Inactive flows timeout in 15 seconds
                              IP Sub Flow Cache, 34056 bytes
                                12 active, 1012 inactive, 2665 added, 2665 added to flow
                                0 alloc failures, 0 force free
                                1 chunk, 1 chunk added
                                last clearing of statistics never
                              Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
                              --------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
                              TCP-Telnet           2      0.0         3    50      0.0       1.0      15.3
                              TCP-WWW              7      0.0         6    77      0.0       3.3       3.5
                              TCP-SMTP             2      0.0         2    48      0.0       0.7      15.4
                              TCP-X                1      0.0         1    40      0.0       0.0      15.8
                              TCP-BGP            549      0.0         2   791      0.0       4.5      15.4
                              TCP-other           53      0.0        35    59      0.0       4.1      13.6
                              UDP-NTP             32      0.0         1    76      0.0       0.0      15.8
                              UDP-Frag             7      0.0       720  1144      0.0    1791.3       9.3
                              UDP-other         1356      0.0       321    82      0.1      39.9      15.3
                              ICMP               605      0.0        24    57      0.0       2.6      15.4
                              IP-other            40      0.0       100    79      0.0     943.1       9.4
                              Total:            2654      0.0       174    94      0.1      40.9      15.2

                              SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
                              Gi0/1         207.54.114.125  Local         64.201.170.158  06 966F 00B3     2
                              Gi1/0.104     192.168.4.54    Local         10.104.0.3      06 D922 0016    62
                              Gi1/0.501     172.16.1.2      Null          224.0.0.2       11 07C1 07C1   116
                              Gi1/0.501     10.107.0.46     Gi1/0.502     172.16.2.4      11 E4BD 00A1    27
                              Gi1/0.502     10.107.0.46     Gi1/0.502     172.16.2.4      11 E4BD 00A1  1701
                              Gi1/0.104     10.104.0.211    Null          232.0.1.10      11 0000 0000   128
                              Gi1/0.104     10.104.0.211    Null          232.0.1.10      11 2328 2328    37
                              Gi1/0.502     172.16.2.2      Null          224.0.0.2       11 07C1 07C1   115
                              Gi1/0.501     172.16.1.4      Null          224.0.0.5       59 0000 0000    26
                              Gi1/0.501     172.16.1.2      Null          224.0.0.5       59 0000 0000    31
                              Gi1/0.502     172.16.2.2      Null          224.0.0.5       59 0000 0000    33