Enable netflow statistics on a Cisco router: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
(Created page with " <span style="font-family:verdana,geneva,sans-serif;"><span style="font-size:large;">Introduction</span></span> <span style="font-family:verdana,geneva,sans-serif;">OptiView...")
 
No edit summary
Line 2: Line 2:
<span style="font-family:verdana,geneva,sans-serif;"><span style="font-size:large;">Introduction</span></span>
<span style="font-family:verdana,geneva,sans-serif;"><span style="font-size:large;">Introduction</span></span>


<span style="font-family:verdana,geneva,sans-serif;">OptiView XG is NOT a NetFlow collector, but it is possible to querry CISCO routers for network flow bases statistcal analysis (top-n counters). &nbsp;The data is&nbsp;similar&nbsp;to what was obtainable by RMON . &nbsp;The data will be&nbsp;available under the tab in Device Details or in Application Infrastrcture Tests. &nbsp;In order to do so, the router first must be configured correctly.</span>
<span style="font-family:verdana,geneva,sans-serif;">OptiView XG is NOT a NetFlow collector, but it is possible to querry a Cisco&nbsp;routers for network flow based&nbsp;statistics. &nbsp;The data (top-n)&nbsp;will be&nbsp;available under Device Details or in Application Infrastrcture Tests. &nbsp;In order to do so, the router first must be configured correctly.</span>


<span style="font-family:verdana,geneva,sans-serif;"><span style="font-size:large;">Solution</span><br/> This example has been tested with a CISCO router model 1911 running IOS version 15. &nbsp;For more information about the commands used in this script, contact you CISCO partner. &nbsp;<br/> At this time, we consider that SNMP read-only access to the router has already been established and the community has sufficient view rights.</span>
<span style="font-family:verdana,geneva,sans-serif;"><span style="font-size:large;">Solution</span><br/> This example has been tested with a CISCO router model 1911 running IOS version 15. &nbsp;For more information about the commands used in this script, contact you CISCO partner. &nbsp;<br/> At this time, we consider that SNMP read-only access to the router has already been established and the community has sufficient view rights.</span>
Line 10: Line 10:
<span style="font-family:verdana,geneva,sans-serif;">Add the following commands to the global configuration section of the router:&nbsp;</span>
<span style="font-family:verdana,geneva,sans-serif;">Add the following commands to the global configuration section of the router:&nbsp;</span>


<span style="font-family:verdana,geneva,sans-serif;"><WRAP center round info 98%><br/> In our case, the source and destination addresses of the flow exports are not important, but you need to enable flow exports in order to populate the flow top-talker list.&nbsp;<br/> </WRAP></span>
<span style="font-family:verdana,geneva,sans-serif;">''Note: the flow export destination address&nbsp;is&nbsp;not important, but you must enable flow exports in order to populate the flow top-talker list.''&nbsp;</span>


<span style="font-family:verdana,geneva,sans-serif;">&nbsp; * conf t<br/> &nbsp; * ip flow-cache timeout active 1<br/> &nbsp; * ip flow-cache timeout inactive 14<br/> &nbsp; * ip flow-export source GigabitEthernet0/1<br/> &nbsp; * ip flow-export version 9<br/> &nbsp; * ip flow-export destination 1.1.1.1 2055<br/> &nbsp; * ip flow-top-talkers<br/> &nbsp; * top 100<br/> &nbsp; * sort-by bytes<br/> &nbsp; * cache-timeout 300000<br/> &nbsp; * exit<br/> &nbsp; * wr mem</span>
*<span style="font-family:courier new,courier,monospace;">conf t</span>  
**<span style="font-family:courier new,courier,monospace;">ip flow-cache timeout active 1</span>  
**<span style="font-family:courier new,courier,monospace;">ip flow-cache timeout inactive 14</span>  
**<span style="font-family:courier new,courier,monospace;">ip flow-export source GigabitEthernet0/1</span>  
**<span style="font-family:courier new,courier,monospace;">ip flow-export version 9</span>  
**<span style="font-family:courier new,courier,monospace;">ip flow-export destination 127.0.0.1&nbsp;2055</span>  
**<span style="font-family:courier new,courier,monospace;">ip flow-top-talkers</span>  
**<span style="font-family:courier new,courier,monospace;">top 100</span>  
**<span style="font-family:courier new,courier,monospace;">sort-by bytes</span>  
**<span style="font-family:courier new,courier,monospace;">cache-timeout 300000</span>  
**<span style="font-family:courier new,courier,monospace;">exit</span>  


<span style="font-family:verdana,geneva,sans-serif;">\\<br/> ==== Interface configuration mode ====<br/> Add the following command to the interface configuration section of __all interfaces carrying traffic__. &nbsp;There are __at least two interfaces__ that carry traffic, one facing the network, one facing the site. &nbsp;These may be physical interfaces or virtual interfaces like a sub-interfaces, dialers or tunnel interfaces. &nbsp;</span>
*<span style="font-family:courier new,courier,monospace;">wr mem</span>  


<span style="font-family:verdana,geneva,sans-serif;">&nbsp; * conf t<br/> &nbsp; * interface <interface name><br/> &nbsp; * ip flow egress<br/> &nbsp; * exit<br/> &nbsp; * wr mem</span>
<span style="font-size:medium;"><span style="font-family:verdana,geneva,sans-serif;">Interface configuration mode</span></span>


<span style="font-family:verdana,geneva,sans-serif;"><WRAP center round info 98%><br/> This is a general applicable but not the only way for enabling NetFlow exports per interface. &nbsp;Please read your CISCO documentation for more information.<br/> </WRAP></span>
<span style="font-family:verdana,geneva,sans-serif;">Add the following command to the interface configuration section of all interfaces carrying traffic. &nbsp;There are at least two interfaces&nbsp;that carry traffic, one facing the network, one facing the site. &nbsp;These may be physical interfaces or virtual interfaces like sub-interfaces, dialers or tunnels. &nbsp;</span>


<span style="font-family:verdana,geneva,sans-serif;">\\<br/> ==== Debugging ====<br/> &nbsp; * Use the IOS command ''sh ip flow export'' and check if any flows are exported.<br/> &nbsp; * Use the IOS command ''sh ip flow top-talkers'' and check if the top-talker list is populated.</span>
*<span style="font-family:verdana,geneva,sans-serif;">conf t</span>
**<span style="font-family:verdana,geneva,sans-serif;">interface <interface name></span>
**<span style="font-family:verdana,geneva,sans-serif;">ip flow egress</span>
**<span style="font-family:verdana,geneva,sans-serif;">exit</span>
 
*<span style="font-family:verdana,geneva,sans-serif;">wr mem</span>
 
<span style="font-family:verdana,geneva,sans-serif;">This is a general applicable but not the only way for enabling NetFlow exports per interface. &nbsp;Please read your Cisco documentation for more information on how to configure NetFlow.</span><br/> &nbsp;
 
<br/> <span style="font-family:verdana,geneva,sans-serif;">==== Debugging ====<br/> &nbsp; * Use the IOS command ''sh ip flow export'' and check if any flows are exported.<br/> &nbsp; * Use the IOS command ''sh ip flow top-talkers'' and check if the top-talker list is populated.</span>


<span style="font-family:verdana,geneva,sans-serif;">----</span>
<span style="font-family:verdana,geneva,sans-serif;">----</span>

Revision as of 14:26, 15 October 2016

Introduction

OptiView XG is NOT a NetFlow collector, but it is possible to querry a Cisco routers for network flow based statistics.  The data (top-n) will be available under Device Details or in Application Infrastrcture Tests.  In order to do so, the router first must be configured correctly.

Solution
This example has been tested with a CISCO router model 1911 running IOS version 15.  For more information about the commands used in this script, contact you CISCO partner.  
At this time, we consider that SNMP read-only access to the router has already been established and the community has sufficient view rights.

Global Configuration Mode

Add the following commands to the global configuration section of the router: 

Note: the flow export destination address is not important, but you must enable flow exports in order to populate the flow top-talker list. 

  • conf t
    • ip flow-cache timeout active 1
    • ip flow-cache timeout inactive 14
    • ip flow-export source GigabitEthernet0/1
    • ip flow-export version 9
    • ip flow-export destination 127.0.0.1 2055
    • ip flow-top-talkers
    • top 100
    • sort-by bytes
    • cache-timeout 300000
    • exit
  • wr mem

Interface configuration mode

Add the following command to the interface configuration section of all interfaces carrying traffic.  There are at least two interfaces that carry traffic, one facing the network, one facing the site.  These may be physical interfaces or virtual interfaces like sub-interfaces, dialers or tunnels.  

  • conf t
    • interface <interface name>
    • ip flow egress
    • exit
  • wr mem

This is a general applicable but not the only way for enabling NetFlow exports per interface.  Please read your Cisco documentation for more information on how to configure NetFlow.
 


==== Debugging ====
  * Use the IOS command sh ip flow export and check if any flows are exported.
  * Use the IOS command sh ip flow top-talkers and check if the top-talker list is populated.

----

//Your feedback on this article is greatly appreciated - Please send feedback to <wiki@comcert.com>//