If you’ve ever configured a router for NetFlow, you may have had to work with either, or both, of these commands.
When configuring NetFlow on your router, you have two sets of configurations to setup. First, being your global commands that define which version of NetFlow is being used, where the flows will be exported, and on what port.
After configuring the global commands, however, you also need to configure the interfaces that will be using NetFlow. To enable flows on an interface, you have two commands that are very similar in nature, but used in different circumstances.
For more information regarding NetFlow configurations, check out this Activating NetFlow Guide.
So, back to the original question: “Do I use ip route-cache flow or ip flow ingress?”
Deciding which interfaces you want to monitor will answer this question.
If you are interested in monitoring flows on a physical interface, you would use ip route-cache flow. By enabling ip route-cache flow on the physical interface, it will in turn enable flows on all subsequent sub-interfaces.
But let’s say that you are not interested in seeing flows on sub-interfaces x,y and z; but you do want to see flows on subs a, b and c, from that same interface. This is where the command comes into use.
So, when to use ip route-cache flow and when to use ip flow ingress:
ip route-cache flow will enable flows on the physical interface and all sub-interfaces associated with it.
ip flow ingress will enable flows on individual sub-interfaces, as opposed to all of them on the same interface.
Cisco’s article on Netflow and subinterface support offers a wealth of information on this subject.
NOTE With NetFlow v5, we only had the option to monitor inbound statistics using the ip flow ingress command. However, with the release of NetFlow v9, we now have the option to monitor traffic leaving each interface via ip flow egress. Check out this blog which tackles the question: Which one is better to use? Ingress or Egress?