A customer called the other day regarding NetFlow collection and interface descriptions not matching the correct interface instance numbers.  I’d seen this issue before and knew it was not related to the NetFlow configuration, but rather that the device in question was exporting the wrong interface information in the NetFlow packets.

Michael Patterson addressed this issue in his blog, “Messed Up Interface names in Scrutinizer” in February.

To summarize Michael’s blog, the device in question was including interface instance numbers from enterprise mibs in the NetFlow packets, and most NetFlow Traffic Analyzers get the interface descriptions from the standard MIB-2 ifIndex tables.

Vendors/products that have exhibited this interface instance mismatch are:

Cisco has since corrected this issue with the Cisco ASA with the release of version 8.2(2).

Enterasys resolved the issue with NetFlow v9 exports.

For the Alcatel-Lucent SR 7750 and the Huawei devices,  we have developed scripts to address this issue.  For more information on obtaining these patches, please contact Plixer Sales department at 207-324-8805 x3.

We are working to identify other vendors that have also used enterprise MIBs for the interface instances.  We are addressing this issue both with the vendors directly, and by providing patches that will permit Scrutinizer to report the correct interface information in the NetFlow reports.

If you’re currently using Scrutinizer NetFlow Analyzer and are seeing this issue with a device not listed above, please let us know.  If you’re not using Scrutinizer, Plixer’s NetFlow collector,  the free download comes with a 30 day evaluation key and free technical support on initial setup and configuration.

Joanne Ghidoni author pic

Joanne Ghidoni

Joanne is a Software Quality Assurance Engineer at Plixer. She has also held positions as Technical Support Engineer and Sales Engineer since joining Plixer in 2005. Prior to joining Plixer, Joanne has had numerous positions in the IT field, including data entry, computer operator, PC coordinator and support, mainframe programmer, and also Technical Support and web programmer at Cabletron Systems. In her spare time, Joanne enjoys traveling, always seeking out new and interesting places to visit.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply