Hello, all.
I'm a begineer and I have setup netflow at 6509 Native IOS. (IOS (tm) c6sup2_rp Software (c6sup2_rp-PK2S-M), Version 12.1(19)E1) and I have two questions.
1 . my 6509 config related netflow is below.
mls flow ip full mls nde sender
interface GigabitEthernet3/1
ip route-cache flow
ip flow-export version 5
ip flow-export destination 10.10.10.3 2060
I have read this site(http://www.crannog-software.com/netflowinstall.html) written like this.
# mls aging long 300
if you leave the default of 900 seconds (15 minutes) you will get spikes in your utilization reports.
# mls aging normal 128
Note however that if you choose a value that is longer than 250 seconds NetFlow Monitor may report traffic levels that are too low.
I would go and set normal aging down to 32s to start with. If your still missing flows and you can determine this with 12.1(13)E8 and higher code by using
tromso#remote command switch show earl statis | inc Name|NF_FULL
Name = Current-count Accumulated count
NF_FULL = 0 0
Name = Current-count Accumulated countNF_FULL will give how many packets have not been recorded by netflow in hardware. The packet is forwarded normally but no statistics are kept. Normally use this as an indication on how to tune the fast aging timers.
question : all traffice is about 300M(with mrtg) but flow-tools say just about 200M, so I guess that this problem is related with that timeout, right?
If not, which config is required?
SNMP will records the L2 headers for packets sent. Netflow does not, this can account for the difference in traffic. You can get up to a 40% difference with small ethernet packets between MRTG and Netflow.
2. I have setup flow-tools at http://www.linuxgeek.org/netflow-howto.php and I guess works well.But I can't find any AS information at flow files. AS information is seen only at BGP enabled router?
Yes, you have to enable BGP on the router to get AS information. You also need to enable "mls nde interface" to get AS information on the Cat6500 running native along with "source|origin-as" on the ip flow-export line. Also change the flow mask to "interface-full" for best results.
3. I have one serial interface Gigabitethernet which is uplink and each server or other switch is connected with fastethernet interface. and VLAN is divided into VLAN10 and VALN20.
Then, which interface should do I execute "ip route-cache flow"?
only Gigabitethernet interface? or Vlan interface?
You only need ip route-cache flow for software switched packets. Most of the packets should get switched in hardware so ip route-cache flow should just get the exception packets.
Ian
So thanks for your help in advance.
_________________________________________________________________ �ΰ� �ΰ� MSN�������� http://www.waawaa.com/cobuy/cobuy_default.asp?siteid=10160 _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
