I don't have a lot of Netflow experience. I'm setting up Flexible Netflow 9 on our new core switches (cat 9500s IOS-XE 16.9). What I've read says that you normally monitor the flows in the input direction of all L3 interfaces.
I've set it up on the L3 interfaces going to the rest of the network in the input direction. This tells me what's coming in from the DC, WAN, etc but it doesn't tell me what is going out from clients, etc off of that switch. Mostly access switches connected to clients.
The switch won't let me configure Netflow on the L3 SVIs and the rest of the interfaces are L2. So it seems my choices are to:
- Configure Netflow in both directions on the L3 (routed) interfaces going to the rest of the network or
- Configure it in the input direction on all the L2 interfaces as well
The problem with option 1 is that there are some L2 interfaces to the rest of the network that won't get captured.
What are the issues/downsides of Netflow on L2 interfaces? I know Netflow really is an L3 protocol so is it still able to look into the L3 packets traveling over an L2 interface?
Does it require extra processing that might eat up a lot of the CPU?
I've seen posts on how to configure L2 netflow on older switches, is this any better or different on new versions of IOS-XE?
Thanks! Any advice appreciated.
No comments:
Post a Comment