• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 24 subscribers
  • Views 663 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Migrating from Netflow v5 to v9. Concerned about doubled traffic.

igatrinit

Hellow everyone.

I want to move from v5 to v9, but I'm not sure about the ingress\egress configuration. I got Netflow running on a central router only and it only has one interface as an export source. My corrent configuration is "ip flow ingress" on both LAN and WAN interfaces. What I want to do after v9 is turned on is to enable "ip flow ingress" and "ip flow egress" both on LAN and WAN interfaces. I'm concerned that it will make the amout of traffic double. Can anyone shed some light on that?

  • 0

    If your device has only a WAN and LAN interface, its enough to enable ingress or egress on both the interfaces, or enable ingress and egress on any one of the interface - say the WAN. If you enable ingress and egress on both the interfaces, it can result in traffic double count.


    And can you tell us why are you looking to enable ingress and egress on both the interfaces?

  • 0 in reply to donthomas

    Thank you for the reply, I've already figured out that it might not be a good idea) So yea, I'm gonna stick with the both ingress and egress on one interface. Thanks for the confirmation anyway)

  • 0

    igatrinit‌,

    donthomas‌ is correct, you will double your traffic. Here's a sample configuration to get you started on v9:

    flow exporter NTAexp

    destination <NTA server IP>

    source <interface with the IP NPM is using to monitor the device>

    output-features

    transport udp 2055

    !        

    !        

    flow record NTArec

    description IPv4 monitor

    match ipv4 tos

    match ipv4 protocol

    match ipv4 source address

    match ipv4 destination address

    match transport source-port

    match transport destination-port

    match interface input

    collect routing source as

    collect routing destination as

    collect routing source as peer

    collect routing destination as peer

    collect routing next-hop address ipv4 bgp

    collect interface output

    collect flow direction

    collect counter bytes

    collect counter packets

    !        

    !        

    flow monitor NTAmon

    exporter NTAexp

    cache timeout inactive 60

    cache timeout active 60

    record netflow-original

    !

    interface <WAN or LAN interface>

    ip flow monitor NTAmon input

    ip flow monitor NTAmon output

    ip flow ingress

    ip flow egress

    Enjoy!

    D

  • 0

    I've noticed there is no data for the Top XX Autonomous System Number Conversations. Is there a portion of the configuration necessary to collect this information or is the Basic NTA configuration adequate?

  • 0 in reply to deverts

    In this configuration example you configure a custom flow record named "NTArec", but then don't use it.  The flow Monitor is using record "netflow-original" which is just a Cisco built-in netflow v5 like record.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.