Monitor WAN Interface with ingress and egress on same-interface
Hi:
Below is the scenerio:
WAN1 WAN2
I I
I I
R1 <--> R2
I I
I I
LAN1 LAN2
We have 2 internet routers, each router has a WAN, LAN, and cross-over between the routers. I am currently using Netflow v5 and "ip flow ingress" on only the the WAN and LAN interface to monitor traffic. I am specifically not using "ip flow ingress" on the cross-over between routers, so traffic isn't counted twice when generating reports using IP Groups to capture total traffic across both routers. Traffic routes over the cross-over based on best path.
However, the BGP AS stats are not correct for router 2 since all outbound traffic comes in on R1's LAN1 interface which is monitored. So, looking at BGP stats for R2, they don't looks correct for outbound. I'm wondering if there is also other traffic I'm missing in this scenario.
In this scenario, is this the optimal configuration? Can I simply just use both ingress and egress on the WAN interfaces and nothing on the other interfaces? From what I understand, Netflow v9 supports this (of course with the added impact of generating templates regularly). After reading other comments on this forum, it doesn't seem like it is recommend and only to use "ip flow ingress".
Any clarification would be great,
Thanks,
Patrick
Below is the scenerio:
WAN1 WAN2
I I
I I
R1 <--> R2
I I
I I
LAN1 LAN2
We have 2 internet routers, each router has a WAN, LAN, and cross-over between the routers. I am currently using Netflow v5 and "ip flow ingress" on only the the WAN and LAN interface to monitor traffic. I am specifically not using "ip flow ingress" on the cross-over between routers, so traffic isn't counted twice when generating reports using IP Groups to capture total traffic across both routers. Traffic routes over the cross-over based on best path.
However, the BGP AS stats are not correct for router 2 since all outbound traffic comes in on R1's LAN1 interface which is monitored. So, looking at BGP stats for R2, they don't looks correct for outbound. I'm wondering if there is also other traffic I'm missing in this scenario.
In this scenario, is this the optimal configuration? Can I simply just use both ingress and egress on the WAN interfaces and nothing on the other interfaces? From what I understand, Netflow v9 supports this (of course with the added impact of generating templates regularly). After reading other comments on this forum, it doesn't seem like it is recommend and only to use "ip flow ingress".
Any clarification would be great,
Thanks,
Patrick