If you’ve ever configured a router for NetFlow, you may have had to work with either, or both, of these commands.

When configuring NetFlow on your router, you have two sets of configurations to setup. First, being your global commands that define which version of NetFlow is being used, where the flows will be exported, and on what port.

After configuring the global commands, however, you also need to configure the interfaces that will be using NetFlow. To enable flows on an interface, you have two commands that are very similar in nature, but used in different circumstances.

For more information regarding NetFlow configurations, check out this Activating NetFlow Guide.

So, back to the original question: “Do I use ip route-cache flow or ip flow ingress?”

Deciding which interfaces you want to monitor will answer this question.

If you are interested in monitoring flows on a physical interface, you would use ip route-cache flow. By enabling ip route-cache flow on the physical interface, it will in turn enable flows on all subsequent sub-interfaces.

But let’s say that you are not interested in seeing flows on sub-interfaces x,y and z; but you do want to see flows on subs a, b and c, from that same interface. This is where the command comes into use.

So, when to use ip route-cache flow and when to use ip flow ingress:

ip route-cache flow will enable flows on the physical interface and all sub-interfaces associated with it.

ip flow ingress will enable flows on individual sub-interfaces, as opposed to all of them on the same interface.

Cisco’s article on Netflow and subinterface support offers a wealth of information on this subject.

NOTE With NetFlow v5, we only had the option to monitor inbound statistics using the ip flow ingress command. However, with the release of NetFlow v9, we now have the option to monitor traffic leaving each interface via ip flow egress. Check out this blog which tackles the question: Which one is better to use? Ingress or Egress?

 

Ryan Slosser

Ryan Slosser

My name is Ryan. I work in development here at Plixer International. I mostly deal with hardware deployment. I enjoy kayaking and fishing during the summer and Skiing in the winter. People can count on me and I always give 100% unless I'm donating blood.

Related

Plixer logo
General

Plixer—a fresh perspective

2019 marks Plixer’s 20th year providing network analytics solutions to IT teams all over the world. Today we’re launching a new identity.

6 comments on “ip route-cache flow or ip flow ingress… Which do I use?

  1. Which is appropriate for VLAN interfaces? Or does it make any sense to even configure NetFlow on a VLAN as opposed to a physical?

    Same question(s) for PortChannel Interfaces?

    Thanks.

  2. According to CISCO, you should be able to put IP ROUTE-CACHE FLOW on the physical interface where the VLANS are carved out from, and that should enable netflow on the subsequent interfaces. But to be sure the job gets done, I enable ip flow ingress on the VLANS instead.

Comments are closed.