This topic is to discuss the following lesson:
1 Like
Rene,
Hello, This looks great! Does NetFlow run on ASA?
Thanks,
Chris
Rene,
Hello, I found it, looks like this could be a nice setup.
Chris
Hi Chris,
Good to hear you found it, the ASA supports NetFlow.
Rene
Rene,
Great lesson however, I have question F0/0 is for updates which means all the stats will be sent to the server through F0/0 for all the interfaces where we configure netflow.
Can we use loopback for updates or it has to be a physical interface?
F0/1 is an example where we configure netflow it means all the stats on this interface will be sent to the server through F0/0.
Please clarify.
Thanks
Hamood
Hi Hamood,
You can use a loopback and yes, that would be a good idea because of this reason.
Rene
Thank you Rene.
I just wanted to ask what’s the cpu impact of using netflow on lets say routers 7200 series, 3800 and 3900 series? Is it safe to run it on production network?
1 Like
Hi Marcin,
There is definitely an increase in CPU but it will depend on the number of flows in your network. Cisco has a pretty good document with some examples:
Rene
1 Like
Hi
If you add more than one router to do netflow do you need to change the udp port number ie router 1 will have udp port 2055 and router 2 will have the port nr 2056?
Hi Conrad,
It depends a bit on the netflow receiver that you use and what you are trying to receive. For example, I’m using a copy of ntopng here and while it shows me all flows, it doesn’t really tell me which router exported them. In this case, it might be better to run a separate copy with different UDP ports.
If you only care about flows then you can export everything to one UDP port.
Rene
Hi,
Any recommendations for Netflow servers? May you provide at least 2 or 3 that are worth considering ? I understand it’s just a matter of opinion.
I am currently considering Solarwinds Netflow traffic analyzer.
Thank you.
1 Like
Hi Ruddy,
I only worked with solarwinds and ntop before:
Rene
1 Like
Hi Rene,
what would be the best way to enable NetFlow on cisco switch 3750?
Thank you
Hi John,
The commands are the same as on the IOS routers so you can use this example to get started.
Rene
Hi,
How to enable net flow on internet edge router .
What need to be open if there is firewall behind internet router ?
Thanks
Hi Sims,
You can configure the port that you want to use. In my example I used this:
ip flow-export destination 192.168.1.1 2055
So you’ll need to permit UDP traffic to 192.168.1.1 port 2055. You can use other port numbers if you want.
Rene
1 Like
Hi,
Can you explain about netflow vs sflow and how to implement sflow on cisco isr routers ?
Thanks
Hi Sims,
Here’s the short version:
NetFlow is used to export IP flows on routers. Since version 9 you can also export L2 traffic. Once you enable NetFlow then you’ll see your CPU load increase a bit.
sFlow is a bit similar to NetFlow but it’s embedded in the ASIC and able to send statistics about L2 up to the application layer.
sFlow is only available on some NX-OS devices at the moment.
Rene
1 Like
any chance you can do a tutorial on which ntop package to get and how to configure it on a server (VM)… please!
Rene, if we dont use a ntop server, how much flow data can the cisco router store in the cache?
Am looking at running a netflow for 10 days, will all the data for 10 days be available to view on the router itself by doing “show ip cache flow”?