Enable netflow statistics on a Cisco router

From wiki.comcert.com
Revision as of 20:51, 15 October 2016 by Comcert (talk | contribs)
Jump to navigation Jump to search

Introduction

OptiView XG is NOT a NetFlow collector, but it is possible to have OptiView poll a Cisco router for IP flow based network statistics. The results (top-n) are available on the OptiView under Device Details or in Application Infrastrcture Tests.  In order to do this, routers in your network must be configured correctly.

Solution

This example has been tested with a CISCO router model 1911 running IOS version 15.0. For more information about the commands used in this script, read the router's IOS specific manual. Before we start we consider SNMP read-only access to the router is already configured and the community has sufficient viewing rights.

Global Configuration Mode

Add the following commands to the global configuration section of the router.

Note: you MUST enable flow exports in order to populate the flow top-talker lists. Substitute <SourceInterface> and <DestinationAddress> with the appropriate values.

  • conf t
  • ip flow-cache timeout active 1
  • ip flow-cache timeout inactive 14
  • ip flow-export source <SourceInterface>
  • ip flow-export version 9
  • ip flow-export destination <DestinationAddress> 2055
  • ip flow-top-talkers
  • ip flow-top-applications
  • top 100
  • sort-by bytes
  • cache-timeout 300000
  • exit
  • wr mem

Interface Configuration Mode

Note: This is a common yet not unique way to enable NetFlow exports On interfaces.  Please read your router's IOS specific manual for more information on how to configure NetFlow on a per interface basis.

Add the following command to the interface configuration section of all interfaces carrying traffic.  There are at least two interfaces that carry traffic, one facing the network, one facing the site.  They may be physical interfaces or virtual interfaces like sub-interfaces, dialers and tunnels.  

  • conf t
  • interface <InterfaceName>
  • ip flow egress
  • exit
  • wr mem

Debug

  • Use the IOS command sh ip flow export and check if any flows are exported
  • Use the IOS command sh ip flow top-talkers and check if the top-100 talkers is populated
  • Use the IOS command sh ip flow top-applications and check if the top-100 applications is populated