Netflow on Switched Virtual Interface
Page 1 of 1

Author:  95f8c [ Thu Sep 12, 2013 12:45 pm ]
Post subject:  Netflow on Switched Virtual Interface


I am playing around with some some router configurations to gather some NetFlow data from a GNS network. I have currently successfully configured the router to record NetFlow data of all communication through a routed interface. As a result, all network flows between the subnets involved are exported to my NetFlow collector.

This is perfectly fine for inter-subnet traffic, however I really want NetFlow data for internal traffic within a subnet. After extensive Googling I have come to the conclusion that I should have each switchport of a switching module access the same VLAN, then have a virtual interface associated with this VLAN which has NetFlow recording enabled which should then record and export the traffic which occurs within the VLAN.

After creating this setup I added two virtual machines to the switchports and had them connect to eachother via Netcat. Here is where the probelm occurrs, the NetFlow collector only recieves a single flow: from the source box to the destination box, which only has the SYN flag set. This would suggest the SVI is seeing the first packet of the TCP stream which is then logged as flow, but all other packets in the stream aren't seen by the SVI, presumably because they are being switched before they can be logged.

Is this behaviour normal and can it be avoided? If this behaviour is normal, how else can you enable NetFlow recording for traffic which is switched via a switching module?

Thanks very much,


Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group