DX Infrastructure Management

Expand all | Collapse all

Data flow missing in NFA

  • 1.  Data flow missing in NFA

    Posted 04-01-2019 09:55 AM

    Hi All,

     

    I've been using Netflow v5 for years and everything worked correctly. (NFA 9.3.3 - build 50)

     

    Last week I tried to configure V9 in one of my routers and since then I am just able to see one way traffic and with a significant less bandwidth.

     

     

    Already followed this tutorial

     https://comm.support.ca.com/kb/how-can-i-determine-if-a-netflow-enabled-device-is-sending-the-correct-fields-and-data-using-wireshark/kb000011095

     

    The harvester is receiving flows from the device and the required fields are seen within the flows. 

     

     

    Any ideas?

     



  • 2.  Re: Data flow missing in NFA

    Posted 04-01-2019 10:06 AM

    Can you share the Netflow v9 configuration and the interface configuration?

    Please exclude any IP addresses as this is a public forum.

     

    If you are seeing one sided traffic, it may be that you have only ingress or only egress set on your interfaces.

    With Netflow v9 you can enable both "ip flow ingress" and "ip flow egress" on each interface you wish to monitor, where as Netflow v5 you could only enable one of those.

     

    If you are using Flexible Netflow the commands would be different. 



  • 3.  Re: Data flow missing in NFA

    Posted 04-02-2019 03:43 AM

    Here goes my config

     

    @rt1> show configuration services

    flow-monitoring {

        version9 {

            template v4 {

                flow-active-timeout 120;

                flow-inactive-timeout 60;

                template-refresh-rate {

                    packets 100;

                    seconds 600;

                }

                option-refresh-rate {

                    packets 100;

                    seconds 600;

                }

                ipv4-template;

            }

         }

     }

     

     

    @rt1> show configuration forwarding-options sampling

    instance {

        NetFlow {

            input {

                rate 200;

            }

            family inet {

                output {

                    flow-server x.x.x.x {

                        port 9996;

                        autonomous-system-type peer;

                        no-local-dump;

                        source-address y.y.y.y;

                        version9 {

                            template {

                                v4;

                            }

                        }

                    }

                    inline-jflow {

                        source-address y.y.y.y;

                        flow-export-rate 100;

                    }

                }

            }                             

        }

    }

     

    @rt1> show configuration chassis

    dump-on-panic;

    redundancy {

        routing-engine 0 backup;

        routing-engine 1 master;

        failover {

            on-loss-of-keepalives;

            on-disk-failure;

        }

        graceful-switchover;

    }

    fpc 1 {

        sampling-instance NetFlow;

    }

     

     

    @rt1> show configuration interfaces xe-0/0/1

    unit 0 {

        family inet {

            filter {

                input Filter-IN;

            }

            address x.x.x.x/z;

        }

        family mpls;

    }

     

     

    @rt1> show configuration firewall filter Filter-IN

    term Resto {

        then {

            sample;

            accept;

        }

    }