1 Reply Latest reply on Jul 26, 2012 7:20 AM by Jesquitin

    Questionable rate for a NetFlow chart

    patriot

      How can a NetFlow chart show a spike of nearly 16 Mbps when the configured bandwidth on the interface is only 6 Mbps? Is this a bug in the NTA rate chart? See the attached image for details. Thanks for any help.

        • Re: Questionable rate for a NetFlow chart
          Jesquitin

          This is usually caused by having both "ip flow ingress" and 'ip flow egress" configured on the interfaces.  This causes the same flow to be sent out twice ( duplicate flows).  To resolve this only apply the "ip flow ingress" command on the interfaces.  Egress traffic will still be captured.

           

           

          When a flow is received it contains the interface index numbers for both the Input and the Output interfaces.

          NTA parses this out and applies the Ingress traffic to the Input interface and the Egress to the Output interface.

          So depending on the configuration flows can look the same to NTA even though the flow is coming from two different interfaces.

          For example:

          A device with two interfaces with the following config:

          Serial0/0/0

          Ip flow ingress

          ip flow egress

          Gig0/0

          IP flow ingress

          ip flow egress

           

          When a flow in coming into the serial interface the Ingress command will tag the serial in the Ingress direction and the Gig as the Egress direction.

          When the same flow exits the Gig interface the Egress command is going to tag the Gig as the Egress and the Serial as the Ingress.