Publication Date: 2019-07-05 | Views: 917 | Downloads: 0 | Author: SU1001835942 | Document ID: EKB1000301012
As shown in the below figure, Department 1 and Department 2 connects to the Internet through a NE40 router. The administrator wants to monitor communication between departments and the Internet by netstream version 9. The router is configured to collect statistics on the g1/0/0 interface of the router and to export them to the netstream server but the netstream server receives the netstream information in version 8.
Error received on the server:
Ident: NE40-X3, Error reading netflow header: Unexpected netflow version 8.
Configuration (NE40E&80E V600R008C10SPC300):
ip netstream export template timeout-rate 10
ip netstream export source 10.1.2.1
ip netstream export host 10.1.2.2 9000
ip netstream export version 9 origin-as
ip address 10.1.1.1 255.255.255.0
ip netstream inbound
ip netstream outbound
ip netstream sampler fix-packets 100 inbound
ip netstream sampler fix-packets 100 outbound
ip netstream aggregation as
According to the configuration, the router is set to collect statistics about ipv4 original flows by using netstream version 9 but at the same time it is enabled to collect statistics for aggregated flows with the ip netstream aggregation as command . If the NetStream flow aggregation function is enabled on a device, the device classifies and aggregates original flows based on specified rules and sends the aggregated flows to the NetStream Data Analyzer (NDA) for analysis instead to sending original flows.
The problem appears because flows aggregated in as mode are outputted in V8 format by default and in our situation the server is expecting netflow format 9. To correct the problem we need to configure the analyzer and the device to use the same netflow format.