Just replaced 2 Cisco ASR routers, which was exporting netflow perfectly,
with some Cisco Nexus 7700 running NX-OS 8.1.x using the M3 module (sampled
NetFlow). Both Nexus is acting similarly.
I configured the netflow feature on the Nexus and having problems.
Wondering if anyone knows if there are any issues with nfdump and the NX-OS
version 8.
1) Issue is that when looking at the nfcapd file the date is incorrect.
this is an example of what I see:
Date first seen Event XEvent Proto Src IP Addr:Port
Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP Addr:Port In Byte
Out Byte
1969-12-31 17:00:00.000 INVALID Ignore UDP x.x.x.x:29080 ->
y.y.y.y:123 0.0.0.0:0 -> 0.0.0.0:0 72
0
1969-12-31 17:00:00.36864 INVALID Ignore TCP x.x.x.x:443 ->
y.y.y.y:61283 0.0.0.0:0 -> 0.0.0.0:0 36000
0
1969-12-31 17:00:00.36864 INVALID Ignore TCP x.x.x.x:80 ->
y.y.y.y:41299 0.0.0.0:0 -> 0.0.0.0:0 3348
0
1969-12-31 17:00:00.36864 INVALID Ignore TCP
I initially was running nfdump: Version: NSEL-NEL1.6.13, but upgraded to
nfdump: Version: NSEL-NEL1.6.15, same thing in the nfcapd file.
2) When looking at the data through nfsen the traffic and packet counts
are really low as well as number of flows. The Nexus is using sample
netflow but no matter how aggressive I change the sample rate graphs do not
change. nfcapd file looks similar between the ASR and Nexus. We use
Plixer Scrutinizer as well and the data is similar to nfsen, so I do not
think issue 2 is my collectors.
This is the configuration I have on the Nexus:
flow exporter netflow9
description "export netflow data to the nfdump server netflow9"
destination z.z.z.z
transport udp 9990
source loopback0
version 9
flow exporter netflow_Scrutinizer
description "export netflow data to Scrutinizer server"
destination z.z.z.z
transport udp 9995
source loopback0
version 9
flow record mine-ipv6
match ip protocol
match ip tos
match transport source-port
match transport destination-port
match ipv6 source address
match ipv6 destination address
match ipv6 flow-label
match ipv6 options
collect routing source as
collect routing destination as
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow record mine-ipv4
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
sampler netflow
description Netflow sampler
mode 1 out-of 100 (have changed sample rate from 1:1 -
1:1000 with no difference)
flow monitor monitor-ipv4
record mine-ipv4
exporter netflow_Scrutinizer
exporter netflow9
flow monitor monitor-ipv6
record mine-ipv6
exporter netflow_Scrutinizer
exporter netflow9
On Interfaces
ipv6 flow monitor monitor-ipv6 output sampler netflow
ipv6 flow monitor monitor-ipv6 input sampler netflow
ip flow monitor monitor-ipv4 input sampler netflow
ip flow monitor monitor-ipv4 output sampler netflow
--
** This communication is intended for the use of the recipient to whom it
is addressed, and may contain confidential, personal, and/or privileged
information. Please contact me immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take
action relying on it. Any communication received in error, or subsequent
reply, should be deleted or destroyed.**
_______________________________________________________________
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
