DX Unified Infrastructure Management

Expand all | Collapse all

how to configure net flow on cisco asr 1002 routers

  • 1.  how to configure net flow on cisco asr 1002 routers

    Posted Nov 27, 2015 12:04 PM

    Hi all,

     

      we have a challange in our Network Setup. We would like to configure Net flow on Cisco ASR routers as well as Cisco 6500/4500 switch. Please share the configuration.

     

     

    Advance Thanks



  • 2.  Re: how to configure net flow on cisco asr 1002 routers

    Posted Nov 27, 2015 02:42 PM

    Google it. Check the Cisco Support Community site for many examples to help you



  • 3.  Re: how to configure net flow on cisco asr 1002 routers

    Posted Nov 29, 2015 07:53 PM

    Hi vgshan,

     

    Does this help?

    ftp://ftp.ca.com/pub/netqos/supporttools/releasedtools/nqcommander.zip

     

    You can download nqcommander.zip and unzip the file.

    This tool help you to setup NetFlow. However, this tool has not been updated and little old. But, still you can have idea how to setup.

     

    Regards,

    Shunsuke



  • 4.  Re: how to configure net flow on cisco asr 1002 routers

    Broadcom Employee
    Posted Nov 30, 2015 10:21 AM

    RE NQCommander:

     

    Please note that the NQCommander file is old and not being currently updated. The Netflow doc here on CA Communities should take the place of the old nqcommander file:

    How To Enable NetFlow



  • 5.  Re: how to configure net flow on cisco asr 1002 routers
    Best Answer

    Posted Nov 30, 2015 02:46 AM

    Hi,

    here is my example for a device running with version 15.1:

     

    ip flow-cache timeout active 1

    Interface GigabitEthernet...

          ip flow ingress

          ip flow egress

    Interface GigabitEthernet...

          ip flow ingress

          ip flow egress

    ip flow-export source Loopback3

    ip flow-export destination <ip of server1> <port, e.g.9995>

    ip flow-export destination <ip of server2> <port, e.g.9995>

     

    You  have to  decide, whether you want export ingress or egress traffic  or both.

    We have configured the Export for every subinterface, we wanted to see, e.g.  GigabitEthernet0/0/0 and Gi0/0/0.1 and Gi0/0/0.2 and...

    Defining the source interface was necessary to ensure that we see always the correct device address on the NetFlow server.

     

    Hope, this helps!

    Regards, Frank



  • 6.  Re: how to configure net flow on cisco asr 1002 routers

    Posted Dec 11, 2015 08:47 AM

    Hi Frank,

     

    Thanks for you prompt assistance, we had already applied those commands but its not support those commands.

     

      Our code version is 15.3(1r)S.



  • 7.  Re: how to configure net flow on cisco asr 1002 routers

    Posted Dec 11, 2015 09:26 AM

    Hi VGSHAN,

    I  have no device with 15.3 configured for NetFlow export.

    But I think, you have to configure

         flow record ...

         flow exporter ...

         flow monitor ...

    and then on the interface

         ip flow monitor ....

    This is like the configuration for new IOS XE devices.

    We started tests with XE devices yesterday but there is no final result yet.

    Regards, Frank



  • 8.  Re: how to configure net flow on cisco asr 1002 routers

    Posted Dec 15, 2015 01:09 PM

    Hi Frank,

     

    Thanks for the update, have tried with XE devices. if you have full configuration please share it.

     

    Thanks

    Vijay



  • 9.  Re: how to configure net flow on cisco asr 1002 routers

    Posted Dec 16, 2015 02:15 AM

    Hi Vijay,

    no  problem, but maybe you have to wait a few weeks.

    Regards, Frank



  • 10.  Re: how to configure net flow on cisco asr 1002 routers

    Posted Jan 04, 2016 03:35 PM

    Hi Frank,

     

      we have successfully implemented net flow on ASR routers, i could see some traffic on some routers not others. so my doubt is how to check it in routers or switches net flow configured or not. is there any cli commands?



  • 11.  Re: how to configure net flow on cisco asr 1002 routers

    Posted Jan 07, 2016 04:53 AM

    Hi Vijay,

    NetFlow configuration is often only "Try and Error".

    I guess, you have the same netflow configuration at the "good" and the "bad" routers.

    Could you  trace e.g. with WireShark directly on your server the communication with the (bad) routers for a longer time?

    If yes, do you see any netflow trafic?

         If not: - Perhaps you have to  configure a source Interface (e.g. "Loopback3") for the flow exporter or a "VRF".

                   - Is there no "evil" Firewall in the communication patch?

                   - Try it with other interfaces.

                   - ?

         If yes, but NFA says "No" or sees only a few uninteresting packets, then check your flow record definitions and try something.

     

    (If you are not very familiar with WireShark: To make your netflow trace readable, you to decode it as "CLFOW".)

     

    As promised: Here is our configuration example from a IOS XE device:

    flow record COMM_Input

    match datalink dot1q vlan input

    match ipv4 tos

    match ipv4 protocol

    match ipv4 source address

    match ipv4 destination address

    match transport source-port

    match transport destination-port

    match interface input

    collect transport tcp flags

    collect counter bytes long

    collect counter packets long

    collect timestamp absolute first

    collect timestamp absolute last

    !

    !

    flow record COMM_Output

    match datalink dot1q vlan output

    match ipv4 tos

    match ipv4 protocol

    match ipv4 source address

    match ipv4 destination address

    match transport source-port

    match transport destination-port

    match interface output

    collect transport tcp flags

    collect counter bytes long

    collect counter packets long

    collect timestamp absolute first

    collect timestamp absolute last

    !

    !

    flow exporter SERVER1

    destination 1.2.3.4 vrf abcd

    source Loopback3

    transport udp 9995

    !

    !

    flow monitor COMM_Input

    exporter Server1

    cache timeout active 60

    record COMM_Input

    !

    !

    flow monitor COMM_Output

    exporter Server1

    cache timeout active 60

    record COMM_Output

    !

     

    Regards, Frank