Search This Blog

Sunday 4 March 2012

Monitoring Bandwidth using Net Flows on Cisco Routers Part 1

Bandwidth is precious.  This is a given today, our networks are demanding access to online services more than ever so I thought it is time to find out what exactly our Internet bandwidth is being used by.

Once approach to this is to use the built in services on our Cisco 1841 router, the ip flow and ip route-cache command sets.

Enabling the flows is actually quite simple to do, it is the recording of the data and the reporting, but more on that later.

So the first thing to do is to enable ip route-cache flow on all your interfaces, these are the root interfaces and not the sun interfaces, so fastethernet0/0 ATM0/0/0 Dialer0 etc.

Once this is done you can then configure the export of the flow data to be recorded.  I have been using an application called Net FlowAnalyzer which you can trial for 30 days from here

So once you have an application to record the data you need to configure the Cisco to export the data.

ip flow-export destination 10.0.0.1 9996
ip flow-export source fastethernet0/0
ip flow-export version 9
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
snmp-server ifindex persist

This exports the data to a server on 10.0.0.1 on port 9996 UDP.   Don't forget to allow the UDP port 9996 inbound on any Windows Firewall on your server!

Now that this is all in place you can check the flows with these commands

show ip flow export
show ip cache-flow


No comments:

Post a Comment