Answers: Basic NetFlow 2

Chris
By Chris December 2, 2015 09:05

Loopback interfaces on routers come in handy for many reasons, including cases like this when used by NetFlow for data export to the NetFlow collector. Today’s post shows the answers to a lab that lets you exercise your NetFlow configuration skills, including loopback interfaces. As always, these work best if you do the lab yourself first, as much as possible. Enjoy!

 

Answers

Figure 1: Router with IP Address

Example 2: R1 Config

 

Commentary

NetFlow configuration has two parts: configuring NetFlow capture, to make the device gather statistics, and configuring NetFlow reporting, which tells the device to send statistical information to an external server (the NetFlow collector).

In this lab, NetFlow capture needs a single command: ip flow ingress, as added to interface G0/1. As a result, router R1 will look at incoming packets (only) on that interface, and keep local statistics.

The rest of the configuration exists for NetFlow reporting. The top of the configuration shows the standard configuration to create loopback interface 0 (interface loopback0), and then to assign it an IP address. As a loopback interface, the router can (and does in this case) use a /32 mask, meaning that the route associated with that loopback interface is a host route with prefix /32. Regardless, the loopback interface should be able to send and receive packets with the collector, which sits on another local subnet (172.20.0.0/25).

The last three lines of the configuration shows the rest of NetFlow reporting configuration:

  • The NetFlow record version number (ip flow-export version 9)
  • The NetFlow export source interface (ip flow-export source)
  • The NetFlow collector IP address and UDP port number 2049 (ip flow-export destination 172.20.123.150 2049).

 

One More Thing…

I do try and keep these labs about the configuration, but I couldn’t resist the opportunity.

Think about this lab now that you are finished. Did you need to use that loopback interface? That is, think about when it is useful to use a NetFlow source of a loopback interface, rather than some other interface. Did the design repeat any benefits of using loopback0?

Basic NetFlow 2
Basic Port Security 3
Chris
By Chris December 2, 2015 09:05
Write a comment

1 Comment

  1. Mike December 2, 20:22

    Awesome. Thanks Wendell. 😉

    Netflow, especially top-talkers is a handy tool in the “networking toolbox”!

    Since by convention loopbacks are always up/up even if a physical interface goes down, so the Netflow source is consistent. Which is wonderful in our world of firewall rules. Same goes for syslog source … use a loopback!

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories