Cisco Nexus sampled netflow not working

Scrutinizer is an enterprise/business class NetFlow and sFlow analysis tool. Scrutinizer provides historical trends of the company's critical network interfaces as well as the details on:

Who: The end system causing the traffic
What: The application/protocol that is being used
When: The time frame it has been occurring for
Where: The network connection that is affected

Moderators: scottr, Moderator Team

Post Reply
Peter
Posts: 5
Joined: Thu Aug 11, 2011 9:47 pm

Cisco Nexus sampled netflow not working

Post by Peter » Tue Dec 10, 2013 11:41 pm

Hi

We have Nexus 7010 3x VDC's
- Management VDC
- VDC with M sericse modules
- VDC with F2 service modules

We can see neflow data in Scrutinizer for the VDC with the M series modules.
We are not seeing flows in Scrutinizer for the VDC with the F2 modules. The Nexus is showing flow record exported incrementing and Scrutinizer has the the
device green.
The difference is F2 modules only support sampled netflow so the when the vlan configuration or SVI has the flow monitor configured, it also specifies a sampler i.e.
ip flow monitor FLOW-MONITOR input sampler FLOW-SAMPLER

Should Scrutinizer display sampled netflow?

Peter

dalet0
Posts: 77
Joined: Mon May 17, 2010 11:52 am
Location: Biddeford, ME
Contact:

Re: Cisco Nexus sampled netflow not working

Post by dalet0 » Thu Dec 12, 2013 8:13 am

Hello Peter,

Scrutinizer would show sampled flows if it is seeing them. It's possible the device isn't send them

Could you please post your configurations? I would like to check and see if there is anything you might have missed.

Peter
Posts: 5
Joined: Thu Aug 11, 2011 9:47 pm

Re: Cisco Nexus sampled netflow not working

Post by Peter » Mon Dec 16, 2013 1:51 am

Below is what configuration was:
!
feature netflow
flow timeout 0
flow timeout active 60
flow timeout session
flow exporter FLOW-EXPORTER
description NETFLOW SERVERS
destination <scrutinizer-ip-address>
transport udp 2055
source loopback0
dscp 16
version 9
template data timeout 60
option exporter-stats timeout 60
option interface-table timeout 60
sampler FLOW-SAMPLER
description NETFLOW SAMPLER
mode 1 out-of 4956
flow monitor FLOW-MONITOR
description FLOW MONITOR
record netflow-original
exporter FLOW-EXPORTER

vlan configuration 2
ip flow monitor FLOW-MONITOR input sampler FLOW-SAMPLER

Check documentation again and realise 'flow timeout 0' was not in range 5-60 given by Cisco. Not sure where 0 can from and suspect is was a default.
Changed to 60 and a process on the Nexus crashed and modules rebooted so had to revert. Will have to find root cause before trying again.

The same configuration without the sampler work on the same Nexus VDC with M1 modules.

Thanks
Peter

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests