Problems with flexible Netflow, IPv6 and QoS

Problems with flexible Netflow, IPv6 and QoS

Hi,

running netflow analyzer distributed edition version 9.9 (9900) on linux.

We have been using netflow analyzer with traditional netflow for some time and it has worked great and been very helpful in identifying what traffic goes in what QoS class, performance etc. 
However; after we started upgrading our sites to using both IPv4 and IPv6 we had to convert the netflow configuration to flexible netflow due to problems with how netflow analyzer was parsing the data (we had a support case filed on this and the resolution was to switch to flexible netflow).

We are however seeing some problems with this; mainly with the QoS part. Before we would see all the QoS classes(AF31, AF41 etc) but now under the QoS tab everything is classified in a class called -1. 

the flexible netflow configuration currently being used by our provider is as follows:

flow record IPV6-FLOW-RECORD

match ipv6 protocol

match ipv6 source address

match ipv6 destination address

collect ipv6 dscp

collect transport source-port

collect transport destination-port

collect interface input

collect interface output

collect counter bytes

collect counter packets

!

flow record IPV4-FLOW-RECORD

match ipv4 dscp

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

collect transport source-port

collect transport destination-port

collect interface input

collect interface output

collect counter bytes

collect counter packets

!

flow exporter FLOW-EXPORTER-SVV

destination X.X.X.X

source GigabitEthernet0/2

transport udp 9996

!

flow monitor IPV6-FLOW-MONITOR

record IPV6-FLOW-RECORD

exporter FLOW-EXPORTER-SVV

cache timeout active 60

flow monitor IPV4-FLOW-MONITOR

record IPV4-FLOW-RECORD

exporter FLOW-EXPORTER-SVV

cache timeout active 60

!

interface GigabitEthernet0/2

description LAN

ip flow monitor IPV4-FLOW-MONITOR input

ip flow monitor IPV4-FLOW-MONITOR output

ipv6 flow monitor IPV6-FLOW-MONITOR input

ipv6 flow monitor IPV6-FLOW-MONITOR output


Any ideas what is wrong; do we need to make changes to the flexible netflow setup to make this work? If we switch it back to traditional netflow the QoS classes show up just fine again.


Another issue we've had since upgrading from version 9.5 to 9.9 is that while in version 9.5 we could see the IPv6 addresses in source/destination/conversation it now only shows 0.0.0.0. Could this also be related to the flexible netflow configuration or a bug in netflow analyzer?


kind regards

Michel
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products