If you’ve ever configured a router for NetFlow, you may have had to work with either, or both, of these commands.
When configuring NetFlow on your router, you have two sets of configurations to setup. First, being your global commands that define which version of NetFlow is being used, where the flows will be exported, and on what port.
After configuring the global commands, however, you also need to configure the interfaces that will be using NetFlow. To enable flows on an interface, you have two commands that are very similar in nature, but used in different circumstances.
For more information regarding NetFlow configurations, check out thisActivating NetFlow Guide.
So, back to the original question: “Do I use ip route-cache flow or ip flow ingress?”
Deciding which interfaces you want to monitor will answer this question.
If you are interested in monitoring flows on a physical interface, you would use ip route-cache flow. By enabling ip route-cache flow on the physical interface, it will in turn enable flows on all subsequent sub-interfaces.
But let’s say that you are not interested in seeing flows on sub-interfaces x,y and z; but you do want to see flows on subs a, b and c, from that same interface. This is where the command comes into use.
So as a quick summary:
ip route-cache flow will enable flows on the physical interface and all sub-interfaces associated with it.
ip flow ingress will enable flows on individual sub-interfaces, as opposed to all of them on the same interface.
Cisco’s article on Netflow and subinterface support offers a wealth of information on this subject.
**NOTE** With NetFlow v5, we only had the option to monitor inbound statistics using the ip flow ingress command. However, with the release of NetFlow v9, we now have the option to monitor traffic leaving each
The "ip route-cache flow" can be used only under the main interface, while the "ip flow ingress" was an enhancement to be used under subinterfaces.
The NetFlow Subinterface Support feature provides the ability to enable NetFlow on a per-subinterface basis. In a scenario in which your network contains thousands of subinterfaces and you want to collect export records from only a few subinterfaces, you can fine-tune your collection of data to only specified subinterfaces. The result is lower bandwidth requirements for NetFlow Data Export (NDE ) and reduced platform requirements for NetFlow data-collection devices.
Using the NetFlow Subinterface Support feature, you can enable NetFlow on selected subinterfaces using the ip flow ingress command. If you configure the ip flow ingress command on a few selected subinterfaces and then configure the ip route-cache flow command on the main interface, enabling the main interface will overwrite the ip flow ingress command and data collection will start from the main interface as well as all the subinterfaces. In a scenario in which you configure the ip flow ingress command and then configure the ip route-cache flow command on the main interface, you can restore subinterface data collection by using the no ip route-cache flow command. This configuration will disable data collection from the main interface and restore data collection to the subinterfaces you originally configured with the ip flow ingress command.
1187
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
