For example, a Cisco Router uses the command “ip flow-cache timeout active”. flow-export active refresh-interval: NetFlow exporters support a command to control how often flows are exported to the NetFlow collector.However, the Cisco ASA NetFlow exports do not indicate which how much of the total went in each direction. Without Cisco ASA 8.4(5) NetFlow, the Cisco ASA exports a single flow record with a total of how much traffic was transferred between both hosts. Bidirectional flows from the Cisco ASA NetFlow export are not RFC 5103 compliant and have generally led to confusion. The SonicWALL IPFIX configuration is the only vendor we have seen implement this according to RFC 5103. Obviously the size of the flow increases by almost double however, it can result in nearly half the volume of flows back to the high volume NetFlow collector. Hence two flows. Bidirectional flows should be implemented according to RFC 5103 where a single flow represents A to B and B to A. Flows are generally only metered inbound or ingress on interfaces and the responding flow is captured on a different interface. This sounds sort of inefficient, but here’s why it works the way it does. Bidirectional NetFlow: Most NetFlow or IPFIX implementations are unidirectional meaning TCP connections between two hosts results in two flows (i.e.If you are new to these features, why would you care? Here’s why: This feature is not available in 8.5(1), 8.6(1), 8.7(1), 9.0(1), or 9.1(1).Īpparently the bidirectional flows and the flow-export active refresh-interval command (1 minute timeouts) were somehow left out of the above later versions. We modified the following command: flow-export event-type.
You can filter to which collectors flow-update records will be sent.We introduced the following command: flow-export active refresh-interval. You can change the time interval at which flow-update events are sent to the NetFlow collector. What happened?įlow-update events have been introduced to provide periodic byte counters for flow traffic.
ACTIVE TIMER WHEN USING NETFLOW 5 MINUTES UPGRADE
Did you recently upgrade your Cisco ASA and run into flow-export active refresh-interval problems? If you were starting to appreciate the numerous NetFlow Security Event Logging (NSEL) enhancements available in the Cisco ASA 8.4(5) NetFlow export you may be left disappointed after upgrading the ASA to version 8.5(1), 8.6(1), 8.7(1), 9.0(1), or 9.1(1).
0 kommentar(er)
