4 Replies Latest reply on Dec 27, 2013 5:57 AM by Ismo

    Netflow doens't work after switch change

    Ismo

      I changed a core switch from Cisco Catalyst 6509 (Sup 2) to 6509E (T2 sup). A and new IOS doesn't support netflow anymore, it uses flexible netflow. I configured it like it should be (Flexible Netflow Configuration Guide, Cisco IOS Release 12.4T - Getting Started with Configuring Cisco IOS Flexible NetFlow  [Cisco IOS Software Releases 12.4 T] - Cisco Systems) but I cannot see any netflow data graphs on server. It seems like data is coming to server, but somehow server doens't understand it or doens't "want" to show it to me.

       

      For example I get notes like "NetFlow Receiver Service [SERVER999] is receiving a NetFlow data stream from an unmanaged device (10.10.99.1)..." so Orion seems to be getting some data. (I already changed the source setting of exporter to get rid of that error, so that was just an example. If Orion wouldn't see any netflow data, how could it give those errors?). But anyway, why Orion doens't show the data as graphs? I haven't changed anything within Orion server before or after switch change.

        • Re: Netflow doens't work after switch change
          Ismo

          I'm getting this event:

          You have not enabled NetFlow data export on 192.168.200.1 device. For more information, see "Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches" in the Support - Product Documentation area of www.solarwinds.com.

           

          This must be some kind of bug in NTA, because clearly server receives data, but just doesn't understand it. As told, at the beginning netflow was coming from wrong VLAN, but even then, Orion understood that something IS coming in! Then I changed netflow source interface from switch to VLAN 1 (switch management vlan, which is managed by Orion) and that error disappeared. As said, server seems to undestand that netflow is coming in, but it just cannot draw it to graphs?!?

           

          So, I'll open the ticket now or what?

          • Re: Netflow doens't work after switch change
            Ismo

            Solved. I had to create a record. Normally "netflow-original" should do the job, but in Supervisor 2T there is no such a command at all. It's replaced with "platform-original" and I think it doesn't work correctly with NTA. Platform-original configuration sends netflow to NTA but Orion doesn't understand it, I don't know why. But when I replaced this "emulated" netflow with manual record, it started to work ok.

              • Re: Netflow doens't work after switch change
                jpleblanc

                Hi,

                 

                We have the exact same issue but i don't think i understand the solution to this problem...

                 

                Can someone explain to me a bit more in details about what needs to be done to make it work?

                 

                Thank you!

                JP

                  • Re: Netflow doens't work after switch change
                    Ismo

                    This comes very late, but didn't see this before. So you need basics? In old netflow you write command after command as normal configuration. But in flex netflow (if you don't use "emulated netflow" which doesn't work in NTA) you have to create a so called "sub-programs" into router configuration and IOS jumps between these programs to know what to do and when. You need 3 netflow elements: Record (here i use word Settings), monitor and exporter.

                     

                    Looking from interface side of view:

                    1. Interface has netflow command that points to Monitor sub-program.

                    2. Monitor tells router what to capture (settings "sub-program") and where to send data (in this case to orion server).

                    3. Settings tells router what to capture.

                     

                    Sound complicated, but there can be several Monitor and Settings configurations, so the idea is to tell which interface is using which netflow setting. I don't know did that help anything, because of my bad english, but at least I tried.

                     

                    Here is the configuration I use:

                     

                    flow record SETTINGS

                    match datalink vlan input

                    match ipv4 version

                    match ipv4 tos

                    match ipv4 protocol

                    match ipv4 source address

                    match ipv4 destination address

                    match transport source-port

                    match transport destination-port

                    match interface input

                    match flow direction

                    collect counter bytes

                    collect counter packets

                     

                    flow exporter EXPORTER1

                    description Netflow exporter 1 to SERVER233

                    destination 10.10.100.100

                    source Vlan1

                    transport udp 9996

                    template data timeout 60

                     

                    flow monitor MONITOR1

                    record SETTINGS

                    exporter EXPORTER1

                    cache timeout active 1

                     

                    interface vlan NN

                    ip flow monitor MONITOR1 output