3 Replies Latest reply on Jun 16, 2014 2:31 PM by ecklerwr1

    NTA Stats

    stevenjwilliams83

      I am trying to figure out this whole NTA thing. I only want to monitor my core 6500. I have all the ports monitored by NPM, layer 3 interfaces and Vlans. Can you only export stats per vlan and not layer 3 interfaces? I can click on my layer 3 interfaces in the top netflow sources by utilization, but all top sections say no data to display.

      I also get this message on some interfaces:

      Details for interface 'Core' on 'GigabitEthernet9/8 · ISP' are not available because NetFlow and CBQoS data are not available.

      Refer to vendor's device documentation to enable these features.
      I am monitoring that interface so why is it yelling at me?
        • Re: NTA Stats
          stevenjwilliams83

          Also how can I see what is going on trunk links and port channels?

          • Re: NTA Stats
            dclick

            a bit late on the reply, but since this hasnt been answered yet, I am guessing you still need help with this?

             

            Lets talk about the Layer3 side first - 

            There are a few forum threads and a couple of how-to's on configuring netflow on Cisco gear for Orion, but in brief - I use something like this:

            main config:

            ip flow-export source vlan1

            ip flow export version 5

            ip flow export destination <ip to Orion NTA server> port (default is 2055 i think)

             

            interfaces:

                 ip flow ingress

                 ip flow egress

             

            On your 6509, what do you see when you enter "show ip flow export" ?

            it should show you something like this - if its configured properly, you should see your Sources in the list, and some amount of data passing.

            6513#show ip flow export
            Flow export v5 is enabled for main cache
              Export source and destination details :
              VRF ID : Default
                Source(1)       10.x.xxx.xxx (Vlan1)
                Source(2)       10.xxx.xxx.xxx (Vlan1)
                Destination(1)  10.xxx.xxx.xxx (2055)
                Destination(2)  10.xxx.xxx.xxx (9996)
              Version 5 flow records
              2062817179 flows exported in 68760575 udp datagrams
              0 flows failed due to lack of export packet
              0 export packets were sent up to process level
              0 export packets were dropped due to no fib
              0 export packets were dropped due to adjacency issues
              0 export packets were dropped due to fragmentation failures
              0 export packets were dropped due to encapsulation fixup failures
              0 export packets were dropped enqueuing for the RP
              0 export packets were dropped due to IPC rate limiting
              0 export packets were dropped due to Card not being able to export

             

            Next, check that you have flow enabled for both INGRESS and EGRESS on the interfaces you want to monitor -

            6513#show run int s1/0/1

                 ip flow ingress

                 ip flow egress

            <other commands removed>

             

            Now - for Layer2 - on your 6509, run "show mls nde".  If this comes back with "Layer2 flow creation is disabled" or "Layer2 flow export is disabled", you wont see anything on your l2 interfaces.  This article from Cisco might help -

             

            Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting - Cisco Systemshttp://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/system_management/configuration/guide/sm_15netflow.html#wp1094178

              • Re: NTA Stats
                ecklerwr1

                Thanks I'm currently putting more exports onto 6513's lately and some of the older articles on thwack are too dated back to like 2009... ios had updated a lot since.  A lot is still the same but some of the old tricks and work arounds aren't necessary any longer if you just put basic part of config in and then add the ip flow ingress / egress to each interface or vlan you're interested in.