• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 24 subscribers
  • Views 369 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

No Netflow data received on Orion server

bunny

Hello

NetFlow has been configured on some of our remote managed routers with the destination export address as our Orion server. However, after adding the remote router to the NetFlow Analyzer we are not seeing any NetFlow data coming in.

The remote devices are a mixture of NetGates, Cisco 871 and Cisco 2811 routers. The configuration on the 2811s is as follows:

[

ip flow-export version 5
ip flow-export destination x.x.x.x 2055
ip flow-export source Loopback0

interface Serial0/0/0.100
ip flow ingress
interface Serial0/0/0
ip flow ingress

]

Some show commands display the following:

[

CNAIRPSH50001R#show ip flow export

Flow export v5 is enabled for main cache

  Exporting flows to x.x.x.x (2055)

  Exporting using source interface Loopback0

  Version 5 flow records

  40129 flows exported in 1960 udp datagrams

  0 flows failed due to lack of export packet

  0 export packets were sent up to process level

  0 export packets were dropped due to no fib

  0 export packets were dropped due to adjacency issues

  0 export packets were dropped due to fragmentation failures

  0 export packets were dropped due to encapsulation fixup failures

 

CNAIRPSH50001R#sh ip cache flow

IP packet size distribution (276910 total packets):

   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480

   .000 .430 .081 .314 .026 .013 .008 .006 .003 .001 .003 .014 .001 .000 .010

 

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608

   .006 .000 .007 .020 .048 .000 .000 .000 .000 .000 .000

 

IP Flow Switching Cache, 278544 bytes

  40 active, 4056 inactive, 20947 added

  730763 ager polls, 0 flow alloc failures

  Active flows timeout in 30 minutes

  Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 17416 bytes

  40 active, 984 inactive, 20089 added, 20089 added to flow

  0 alloc failures, 0 force free

  1 chunk, 0 chunks added

  last clearing of statistics 03:19:41

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

TCP-Telnet          21      0.0        19    41      0.0       3.3      13.5

TCP-WWW              4      0.0         1    40      0.0       0.0       1.6

TCP-other          545      0.0       395   140     17.9     216.0       5.0

UDP-DNS             15      0.0         1    76      0.0       0.0      15.4

UDP-NTP           1284      0.1         1    76      0.1       0.0      15.4

UDP-other        14191      1.1         3   281      4.2       5.6      15.5

ICMP              4086      0.3         2   160      0.7       2.3      15.4

IP-other             2      0.0         2    68      0.0       6.0      15.7

Total:           20148      1.6        13   167     23.1      10.3      15.2

]

This WAN is an AT&T-managed MPLS circuit and the Netgate sites are DSL-based. The Cisco 871 routers are at sites with IPSEC VPN over DSL.

Any suggestions as to why none of these are working?

Thanks

Amy

  • 0

    Last time I checked, IOS wouldn't export NetFlow over a raw IPSec VPN. You had to use IPSec/GRE instead. It's been probably two years since I looked at this (we are all IPSec/GRE), so you might want to check the latest IOS versions to see if this has changed.

  • 0 in reply to jswan

    Also, is the loopback address in Orion as a node?  Sence the source is loopback , you need that IP as a node.

  • 0 in reply to netlogix

    Hello

    Yes the loopback address is a monitored interface in Orion. It doesnt seem to be working for any of our WAN types. For example, we have AT&T managed Cisco 2911 routers on an MPLS network. Below are snippets of the NetFlow config on one of these routers (have removed IP addressing):

    interface GigabitEthernet0/0
     ip flow ingress
     ip flow egress

    ip flow-cache timeout inactive 10
    ip flow-cache timeout active 1
    ip flow-export source Loopback0
    ip flow-export version 5
    ip flow-export destination <Orion server address> 2055

    I have added G0/0 and Loopback 0 as monitored interfaces before adding them to the NetFlow tab. From the output below it looks like the routers are exporting the data correctly, I'm just not seeing it being collected on the Orion server:

    GBAIRPSUR0001R#sh ip flow export
    Flow export v5 is enabled for main cache
      Export source and destination details :
      VRF ID : Default
        Source(1)       <x.xx.x> (Loopback0)
        Destination(1)  <Orion server address> (2055)
      Version 5 flow records
      57503578 flows exported in 1916786 udp datagrams
      0 flows failed due to lack of export packet
      0 export packets were sent up to process level
      0 export packets were dropped due to no fib
      0 export packets were dropped due to adjacency issues
      0 export packets were dropped due to fragmentation failures
      0 export packets were dropped due to encapsulation fixup failure

    __

    Any ideas?

    Thank you

    Amy

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.