NetFlow v9 and ip flow egress – Is it time to make the transition?

Posted in NetFlow on September 25th, 2009 by Josh

If you checked your routers NetFlow configs, you’ll most likely find that you’re exporting NetFlow v5 templates. If you’re not sure, do a show run | i ip flow and look for:

ip flow-export version 5

With NetFlow v5, all your traffic is measured based on the ingress of an interface. What goes in, must come out, right?

This is not always the case…

With the introduction of compression and optimization technologies, such as WAAS, the traffic is changing beyond the ingress interface.

For example:

Imagine you are monitoring flows using ip flow ingress and you see a conversation that passed 2.4mb. Now even though that traffic was 2.4mb on the inbound, once compressed, that same conversation could be 1.2mb by the time it leaves that router’s outbound interface. This is where the importance of monitoring the egress with NetFlow v9 comes in.

Using ip flow egress may give you a more accurate representation of your data as opposed to using ip flow ingress.

(I can already hear you opening your telnet session to your router…)

To make the change, just change your NetFlow export type :

  • ip flow-export version 9

After modifying the global config, be sure to enable egress monitoring on each interface by adding:

  • ip flow egress

 

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , ,

3 Responses to “NetFlow v9 and ip flow egress – Is it time to make the transition?”

  1. fran Says:

    I dont think you have to use netflow version 9 in order to use ip flow egress

  2. tomp@plixer.com Says:

    In my experience I’ve had to use NetFlow v9, do you have any information you could point me to so we can make it available to others?

  3. Tony Says:

    Hi Nate,

    So do you add the “ip flow egress” command in additional to the “ip flow ingress” command or it’s one or the other?

    My manager configured both commands on the serial interfaces and we’re running Ver 5.

    Thanks.

Leave a Reply

You must be logged in to post a comment.