Need to know if I'm configuring Netflow correctly...

You may be running a newer version of IOS on your VSS pair than I, but I've found the following:

• My SVI (VLAN routing) interfaces require "ip flow ingress" on each
• The 6509 VSS ports don't support egress commands for ip flow
• I also have "mls netflow interface" set on my 6509 pairs, and I didn't see that in your config.

The above is from Cisco IOS NetFlow Command Reference - mask (IPv4) through top [Support] - Cisco

You're correct in your observation that 3750's don't support NetFlow--I wish they did!

If your 6509's only support IP Flow Ingress traffic and not Egress, then you won't have the granularity you may wish.

If your 6509's support both ingress AND egress NetFlow traffic, then I think you might be good to go for the traffic to your 3750-V2's--unless they are doing L3 services.  If the 3750's are routing, it's possible there is information about those flows that you'll wish you had.

Your best confirmation of success is seeing the traffic reports you expect in the Netflow tab in the NTA Summary, Conversations, Endpoints, Receivers & Transmitter links.  If they aren't showing traffic you KNOW is flowing, you've a bit more work to do.

Swift Packets!

Rick S.

I should have included what version IOS my VSS is running, its Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.0(1)SY4, RELEASE SOFTWARE (fc3).  How can I find out if it supports engress flow? also the 3750 v2 are layer 3 links, so I doubt I'll get any netflow data from those

Perhaps the most complete way to determine what flavors of Netflow are fully supported on your particular hardware and its version of IOS is to open a TAC case with Cisco.  Once they have the "show inventory" and "show version" from your equipment they'll be able to point you toward the right documents for configuring Netflow.

They'll be able to give you a good idea of what Netflow configurations to use, based on your hardware.

Of course you can always Google the topic.  You'll find requirements or limitations for specific hardware.  For example, here's a Cisco NetFlow note specifically referencing Supe 2T:

Cisco Catalyst 6500 Supervisor Engine 2T - NetFlow Enhancements White Paper - Cisco

Note that last statement:  "All NetFlow operations are performed on the ingress forwarding engine (PFC4 and DFC4 are the forwarding engines), regardless of whether Ingress or Egress NetFlow collection is being done."

how can I get stats for youtube traffic?

Keep in mind that researching and discovering traffic for departments or specific users may likely spill into the realm of the Legal or Security Departments.  If you are not authorized to see or discover or know who is going where on the Internet, do not proceed any further at risk of prosecution or losing your job or both. Make certain you have Administrative permission to proceed, since that information is sensitive.  Folks can become very upset when their browsing or entertainment habits come under the microscope.  If you're not authorized to learn this information, keep out.

To see what Orion NetFlow can show you, you can go to your Netflow tab (1)  and click on the Apps link (2).  Depending on whether you've modified your View, you might see something like this right out of the box:

If you edit the view, you can manually set it to show as many as the top 100 Applications.  Doing so in my environment does not yield any YouTube access because that traffic is not recognized solely as "YouTube", but is likely hidden within "streaming http."

Tracking access to YouTube is best done done at your firewall or Anchor Controller or the Anchor Controller's firewall.  Typically an organization's Security department allows or blocks access to destinations per corporate policy, and the Proxy or tool used for this provides the granular data required for determining which internal devices are accessing, or attempting to access, every external web site and service.

Did you read the first paragraph of this note?  Keep out if you're not authorized.

You can also determine YouTube access (streaming video) through AVC if you use Cisco Anchor Controller technology.  Application Visibility Control (AVC) allows you to see at a high level the percentage of traffic using recognized applications--like Streaming Video.  AVC recognizes on the order of 2000 applications now, and will display them in a nice pie graph for inbound, outbound, and aggregate traffic flows.  The graphs show total service stats, not specific users' stats. Here's an example from the Net that shows a category called "video-over-http", which might include YouTube traffic.

If you Google intuitive subjects (like YouTube and Cisco and Netflow and statistics) you'll come up with some ideas of what you can and cannot see with NetFlow.

Swift Packets!

Although I don't see any Youtube stats on my NTA's reports, I did find a method that may help you.  Go to your NTA views and look for the Top 5 Endpoints graph.  SolarWinds shows it can be displayed there if its recognized by domain name: