This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

New to NPA/NTA with questions on interfaces

jphelan over 10 years ago

I'm confused about interfaces, how they are identified and why we dont see traffic in\out statistics. We have configured Netflow on the three Cisco routers we are trialing this on and they are exporting data to the collector. The issue is looking at NetFlow Sources we don't see traffic In\Out - it simply says N/A. Also in the same picture we would like some guidance on how to actually map the actual physical interface on the router to the NTA virtual Interface # . In the picture below I've expanded one of the routers (all have the same issue) to illustrate what I mean. I due believe I have identified one of the virtual interfaces correctly as the GRE tunnel. Below the screenshot is the config I applied to the router for NetFlow. To explain our setup a bit the G0/0 is the LAN and G0/1 is 10 MB Ethernet connectivity via Sprints IP\MPLS network. If traffic is destined for one of our other offices in theUS then it just goes out through G0/1 as is. If its Internet bound traffic it goes through G0/1 through a GRE tunnel to corp and out from there.

In summary my questionss are:

- Why (4) interfaces. Is that because I choose to export ingress and egress traffic on each interface?

- How can I identify the virtual interfaces with physical one so I can name them appropriately. The GRE on was easy since the only protocol transversing it clearly said "GRE"

- Why does the traffic In and out show N/A

ip flow-cache timeout active 1
ip flow-cache timeout inactive 15

ip flow-export version 5
ip flow-export source GigabitEthernet0/0
ip flow-export destination 10.1.21.48 2055

int GigabitEthernet0/0
ip flow ingress
ip flow egress
ip route-cache flow

int GigabitEthernet0/1
ip flow ingress
ip flow egress
ip route-cache flow
bandwidth 10000

int Tunnel0
bandwidth 8000

Thanks

Top Replies

jacob_beucler over 10 years ago +1

The configuration looks correct. The only change would be to remove “ip flow egress” from the interfaces, by having both on all interfaces will cause traffic to show double. Not quite sure why you had…

0 jacob_beucler over 10 years ago

The configuration looks correct. The only change would be to remove “ip flow egress” from the interfaces, by having both on all interfaces will cause traffic to show double. Not quite sure why you had to add the interfaces manually. Usually this is only done when the device is added via ICMP only or it is a VMware vSwitch which does not support SNMP. In the config the only virtual interface is the Tunnel0 which should be supported without any mapping in both NPM and NTA, unless there are others not listed like sub-interfaces or IPSEC tunnels. It seems that you are not monitoring any interfaces in NPM or SNMP is no longer working. If the physical interfaces in the config are layer 3 then all you should need to do is add them in NPM. Depending on the IOS they can run the command “snmp mib ifmib ifindex” to determine which interfaces map to the ifIndex values showing up in the events. I assume it is 1,2,12. The traffic in/out show N/A because this is gathered via SNMP and these interfaces were added manually. You need to verify SNMP is working and add the interfaces via NPM and remove the manually added interfaces from NTA and re-add them.

let us know how it turns out.
Cancel
Vote Up +1 Vote Down

Cancel
0 jphelan over 10 years ago in reply to jacob_beucler

Jacob,
I initially had the interfaces setup for ICMP and then switched to SNMP which is working. I will do the following:
Remove the egress statement on each interface
Remove the interface
Re-add them.
Thanks for your help. I will let you know how it goes.
Cancel
Vote Up 0 Vote Down

Cancel