NetFLow config for Cisco Nexus NXOS devices?

The only NX-OS flow data we have functioning is via sflow not netflow, but both ought to work.  Unfortunately, the documentation is a bit limited -- improved since the old days, but there is only one example -- the very popular and modern Cisco 3745 router with original Netflow.  LM should have a maintained library of examples.

Regardless, the required field list is there (assuming the documentation is accurate).  If you can't define a suitable record, get a capture and open a support case with LM to find out what changes to the record are needed to make it work.

7 minutes ago, mnagel said:

The only NX-OS flow data we have functioning is via sflow not netflow, but both ought to work.  Unfortunately, the documentation is a bit limited -- improved since the old days, but there is only one example -- the very popular and modern Cisco 3745 router with original Netflow.  LM should have a maintained library of examples.

Regardless, the required field list is there (assuming the documentation is accurate).  If you can't define a suitable record, get a capture and open a support case with LM to find out what changes to the record are needed to make it work.

One more item to check -- you said you saw the flows arriving via capture, but that will show with or without a local firewall.  Please be sure you have opened access to the listener port if you have a local firewall active.

6 minutes ago, mnagel said:

One more item to check -- you said you saw the flows arriving via capture, but that will show with or without a local firewall.  Please be sure you have opened access to the listener port if you have a local firewall active.

I do have two 4451's sending flows successfully... so no firewalls. ?

16 minutes ago, mnagel said:

The only NX-OS flow data we have functioning is via sflow not netflow, but both ought to work.  Unfortunately, the documentation is a bit limited -- improved since the old days, but there is only one example -- the very popular and modern Cisco 3745 router with original Netflow.  LM should have a maintained library of examples.

Regardless, the required field list is there (assuming the documentation is accurate).  If you can't define a suitable record, get a capture and open a support case with LM to find out what changes to the record are needed to make it work.

Yeah, that one surprised me too. The TAC seemed to have no ready examples available. I do have a ticket open for this now.

It was showing in the debug console as data coming in, but no templates showing up.

$ !netflow func=listdevices
ID        Name                 Interface Indx  IP Addresses  
========  ===================  ==============  ========================  
11653     10.35.253.6                          10.0.0.6, 10.35.0.174, 10.0.0.18, 10.35.252.2, 10.35.253.6, 10.36.0.13, 10.35.0.97, 10.35.0.105, 10.35.0.110, 10.35.0.74, 10.35.0.81, 10.35.0.89 
11984     10.35.254.33                         10.35.254.33, 38.32.89.58, 204.48.44.3, 204.48.45.3  <- non working 4451 that has to use a VRF for management.. prolly my bad.
11655     10.35.253.5                          10.0.0.2, 10.35.0.170, 10.35.252.1, 10.35.253.5, 10.36.0.9, 10.35.0.109, 10.35.0.73, 10.35.0.77, 10.35.0.85, 10.35.0.93 <- nexus 7004
11987     10.35.253.2          9,4,1,2,0       10.35.0.169, 10.35.0.173, 10.35.252.3, 10.35.253.2, 10.78.7.173 <- Working 4451
11985     10.35.253.1          3,1,0,2         204.48.44.50, 204.48.44.55, 10.35.253.1, 10.35.252.5, 192.168.7.5, 204.48.44.14, 10.35.0.86, 10.35.0.90 <- working 4451 
11991     10.35.253.9                          10.35.253.9, 10.35.0.98, 10.1.15.253, 10.35.0.94 
11981     10.35.254.32                         10.35.254.32, 50.218.62.74, 204.48.44.1, 204.48.45.1, 204.48.44.2, 204.48.45.2 <- non working 4451 that has to use a VRF for management.. prolly my bad.

12 minutes ago, Nick Ellson said:

Yeah, that one surprised me too. The TAC seemed to have no ready examples available. I do have a ticket open for this now.

It was showing in the debug console as data coming in, but no templates showing up.

11981     10.35.254.32                         10.35.254.32, 50.218.62.74, 204.48.44.1, 204.48.45.1, 204.48.44.2, 204.48.45.2 <- non working 4451 that has to use a VRF for management.. prolly my bad.

IME, IOS-XE does not permit Netflow to be sourced from Mgmt-Intf, but perhaps this has been relaxed in later releases. 

For the Nexus7K, if the netflow-original record lacks even one expected field (which seems hard to believe), it just silently fails. You might find some evidence in wrapper.log as to why but I have not generally had luck with that.  You might take a look at alternate vendors that do maintain examples for other ideas -- one is https://support.solarwinds.com/SuccessCenter/s/article/Example-Nexus-7000-Config-flexible-v9-specific?language=en_US

Hrmmm.. I had not thought about VRF restrictions.. 

On 8/23/2022 at 10:14 AM, mnagel said:

IME, IOS-XE does not permit Netflow to be sourced from Mgmt-Intf, but perhaps this has been relaxed in later releases. 

For the Nexus7K, if the netflow-original record lacks even one expected field (which seems hard to believe), it just silently fails. You might find some evidence in wrapper.log as to why but I have not generally had luck with that.  You might take a look at alternate vendors that do maintain examples for other ideas -- one is https://support.solarwinds.com/SuccessCenter/s/article/Example-Nexus-7000-Config-flexible-v9-specific?language=en_US

Yup, that solved the two Internet Routers, had to move my OOB VRF to an inband port, netflow working fine.

As for the Nexus 7004's, I have an F2 Line card that forces flow samples... decided to just bail on trying to get that to work with LM.