Mailing List Archive

IOS-XR and Netflow filtering?
Using just IOS-XR, is one able to filter out Netflow records (example)
based solely on IP address, so flows are not recorded if any record
starts with 192.168.*.* ?  If not, is there an external box one can buy
that can do that?


Thanks,

Hank

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: IOS-XR and Netflow filtering? [ In reply to ]
I guess you should be able to use the pmacct on an external box:
$ pmacct -c dst_host -N 10.0.1.200

Best Regards
Ted

> On 28 Dec 2021, at 10:37, Hank Nussbacher <hank@interall.co.il> wrote:
>
> ?Using just IOS-XR, is one able to filter out Netflow records (example) based solely on IP address, so flows are not recorded if any record starts with 192.168.*.* ? If not, is there an external box one can buy that can do that?
>
>
> Thanks,
>
> Hank
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: IOS-XR and Netflow filtering? [ In reply to ]
On 28/12/2021 10:02, Ted Pelas Johansson wrote:
> I guess you should be able to use the pmacct on an external box:
> $ pmacct -c dst_host -N 10.0.1.200

Seconded - pmacct is far simpler than mucking about with XR. :)

--
Tom
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: IOS-XR and Netflow filtering? [ In reply to ]
Fastnetmon can do something similar where you can exclude certain ranges from being processed. Pretty nice too!

Catalin

From: cisco-nsp <cisco-nsp-bounces@puck.nether.net> on behalf of Tom Hill <tom@ninjabadger.net>
Date: Tuesday, 28 December 2021 at 14:26
To: cisco-nsp@puck.nether.net <cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] IOS-XR and Netflow filtering?
On 28/12/2021 10:02, Ted Pelas Johansson wrote:
> I guess you should be able to use the pmacct on an external box:
> $ pmacct -c dst_host -N 10.0.1.200

Seconded - pmacct is far simpler than mucking about with XR. :)

--
Tom
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: IOS-XR and Netflow filtering? [ In reply to ]
On Tue, 28 Dec 2021 at 11:36, Hank Nussbacher <hank@interall.co.il> wrote:

> Using just IOS-XR, is one able to filter out Netflow records (example)
> based solely on IP address, so flows are not recorded if any record
> starts with 192.168.*.* ? If not, is there an external box one can buy
> that can do that?

I don't think it is possible in IOS-XR. This is a very typical
difference in IOS and JunOS, where IOS makes very laser focused
features that do exactly one thing, JunOS does expressive features
that can be used to implement the specific one thing, which leaves
sometimes customers doing something emergent that even Juniper didn't
think of, but the expressive architecture allows for.
In this specific case, in Juniper you can do netflow via filter terms,
so you could first permit all SIP with 192.168/16, then 2nd term
permit+sample rest.

--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/