[Flow-tools] Setting up NetFlow on 6509

Travis Formoso tformoso at Syracuse.com
Mon Mar 8 12:42:30 EST 2010 

Greg,

One question before setting up the loopback0 interface. Does it matter
what IP address I use (obviously not one in use.)?
 
Thanks

________________________________

From: Volk,Gregory B [mailto:greg.volk at edwardjones.com] 
Sent: Monday, March 08, 2010 12:30 PM
To: Travis Formoso; flow-tools at list.splintered.net
Subject: RE: [Flow-tools] Setting up NetFlow on 6509


It's been a while since I exported netflow data from a 65xx box, but I
think this is the config I used in the past:
 
 
ip flow-export source Loopback0

ip flow-export version 5 origin-as

ip flow-export destination 192.168.137.7 2055

mls aging fast threshold 1

mls aging long 300

mls flow ip full

mls nde sender

 

 

Be advised tho that netflow requires resources from a router utilization
perspective. It does require some CPU to generate those UDP datagrams
and populate them with data. You may want to test these commands prior
to implementation, or at least implement during a low traffic time and
watch the CPU.

 

I stopped using netflow data from my 65xx's several years ago when we
went to IOS 12.2(18)SXD7 because that IOS had a bug where the netflow
data was bogus. We are in the process of upgrading to 6509-E's with
sup720's so I'm looking forward to getting the data back now. I don't
know how applicable the above commands are to more recent IOS versions.

 

 

 

________________________________

From: Travis Formoso [mailto:tformoso at Syracuse.com] 
Sent: Monday, March 08, 2010 10:57 AM
To: Volk,Gregory B; flow-tools at list.splintered.net
Subject: RE: [Flow-tools] Setting up NetFlow on 6509



	Greg,
	
	We are not running IOS-XR, however this is almost the same and I
can set this up. 
	
	With the loopback0 interface setup what are the commands I need
to run, so that I am monitoring this device correctly with netflow?
Would it be:
	 
	
	ip flow-export source loopback0
	ip flow-export version 5
	ip flow-export destination 172.20.200.50 
	 
	Now I configure netflow for switched traffic:
	mls nde sender version 5
	mls flow ip interface-full
	mls nde interface
	 
	On the interface (loopback0): (Not sure if this is needed for
the loopback interface?)
	ip route-cache flow

	Thanks for the help.

________________________________

	From: Volk,Gregory B [mailto:greg.volk at edwardjones.com] 
	Sent: Monday, March 08, 2010 11:50 AM
	To: Travis Formoso; flow-tools at list.splintered.net
	Subject: RE: [Flow-tools] Setting up NetFlow on 6509
	
	
	>
	>What should the loopback interface look like?
	>
	 
	Here's what one of mine looks like, but it requires some config
integration with OSPF, assuming you're running OSPF.
	 
	 
	router#sho run int lo0
	Building configuration...
	 
	Current configuration : 128 bytes
	!
	interface Loopback0
	 description *** MANAGEMENT & OSPF ID ***
	 ip address 10.130.25.1 255.255.255.255
	 ip pim sparse-mode
	end
	 
	router#
	 
	 
	This doc from cisco...
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.0/interfaces/configur
ation/guide/hc3loop.html ...may help, but it's for IOS-XR. 
	 
	 
	 
	
	

________________________________

		From: Travis Formoso [mailto:tformoso at Syracuse.com] 
		Sent: Monday, March 08, 2010 10:30 AM
		To: Volk,Gregory B; flow-tools at list.splintered.net
		Subject: RE: [Flow-tools] Setting up NetFlow on 6509
		
		
		Hey Greg,
		
		On the 6509 there is currently no loopback interface so
I will need to set this up. 
		 
		What should the loopback interface look like?
		
		Also once I set it to this loopback I will not need to
export to the VLAN's as this would monitor all the ports?
		
		Thanks

________________________________

		From: Volk,Gregory B [mailto:greg.volk at edwardjones.com] 
		Sent: Monday, March 08, 2010 11:19 AM
		To: Travis Formoso; flow-tools at list.splintered.net
		Subject: RE: [Flow-tools] Setting up NetFlow on 6509
		
		
		Have you tried setting the source to a non-vlan
(physical or loopback) interface like:
		 
		ip flow-export source Loopback0
		
		I don't know if that will fix your issue, but I always
source my netflow data from a loopback interface that is dedicated for
management traffic.
		 
		 


		 
		 If you are not the intended recipient of this message
(including attachments), or if you have received this message in error,
immediately notify us and delete it and any attachments.  If you no
longer wish to receive e-mail from Edward Jones, please send this
request to messages at edwardjones.com.  You must include the e-mail
address that you wish not to receive e-mail communications.  For
important additional information related to this e-mail, visit
www.edwardjones.com/US_email_disclosure
<http://www.edwardjones.com/US_email_disclosure> 
		 
		
		


		 
		
		

________________________________

			From: flow-tools-bounces at list.splintered.net
[mailto:flow-tools-bounces at list.splintered.net] On Behalf Of Travis
Formoso
			Sent: Monday, March 08, 2010 9:47 AM
			To: flow-tools at list.splintered.net
			Subject: [Flow-tools] Setting up NetFlow on 6509
			
			
			Hello all,
			
			I am trying to setup a NetFlow product on our
6509. We have a number of different VLAN's across our network and I
think I would want to monitor those VLAN's and that should capture the
traffic on the 6509 (correct me if I am wrong.) The way the product is
licensed is by source (a source is a router or switch.) When I try to
setup netflow each VLAN comes in as a different source and I would like
it if I can use the 6509 as just once source. Here are the commands I am
using to set this up.
			 
			in configuration mode:
			 
			ip flow-export source vlan10
			ip flow-export version 5
			ip flow-export destination 172.20.200.50 
			 
			Now I configure netflow for switched traffic:
			mls nde sender version 5
			mls flow ip interface-full
			mls nde interface
			 
			On the interface (vlan 10):
			ip route-cache flow
			 
			After doing that I see that incoming traffic is
being monitored by NetFlow, however as said that interface (VLAN) is
coming in as a source, so if I configure another VLAN I now have 2
sources, but I would like to set this up so the 6509 is just one source,
monitoring all the VLAN's. 
			
			I wanted to know if these commands are correct,
if I should be monitoring the VLAN's and if anyone knows how to set this
up as explained above with the 6509 as one source. 
			 
			Thank you,
			
			Travis
			 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20100308/6395c233/attachment.htm

More information about the Flow-tools mailing list