Hello we've got netflow v5 running on our Cisco gear. There are GRE tunnels also involved but no IPsec.
The interfaces have both been configured with ingress and egress although only ingress is supported.
interface GigabitEthernet0/0
ip flow ingress
ip flow egress
We're basically looking to monitor the endpoint IP addresses and want to compare them with what RADIUS has to report in terms of accounting octets but the problem is the figures never quite seem to match.
NetFlow Session Start: "10/26/2013","13:00:00" End: "10/27/2013","13:00:00"
RADIUS bytes : 1.45 Gb NetFlow bytes : 1.6 Gb
IP: 10.xx.xxx.xx
RADIUS Session Start: "10/26/2013","15:02:47" End: "10/27/2013","15:01:29"
NetFlow Session Start: "10/26/2013","15:00:00" End: "10/27/2013","15:00:00"
RADIUS bytes : 252.03 Mb NetFlow bytes: 298 Mb
IP: 10.xx.xxx.xx
RADIUS Session Start: "10/26/2013","14:31:46" End:"10/27/2013","14:30:29"
NetFlow Session Start: "10/26/2013","14:30:00" End: "10/27/2013","14:30:00"
RADIUS bytes : 1.52 Gb NetFlow bytes : 1.7 Gb
I know there are a lot of factors to consider here like the time because it might take a while for the collector to receive the data and there might be some offset, for this I've tried different time settings but the figures always never seem to match. Would removing egress from the config help? because if its a case of duplicate flows would the figures match this closely and yet still be off? If anyone could point me in the right direction with this I'd be grateful! 
