Is the network down? Nope. Steve from accounting is downloading the latest episode of The Walking Dead. Now, while we honestly can’t blame Steve for this since it’s a damn good show, we also can’t have our bandwidth demolished as we still have critical services that need it. QoS will allow you to dial down thresholds for various data types (eg. VOIP, Video, etc), but netflow is going to be the tool which allows you to spot Steve. Steve and his damn torrents.
Configuration of Netflow exporting is simple, here are the basic components:
Global Config: ip flow-export destination X.X.X.X 2055 <- x.x.x.x being the collector’s IP address
On any interface you wish to capture:
ip flow ingress
ip flow egress
SNMP Credentials for your collector: This can vary depending on if you use V1/2c/3, and ensure that if using 3 your collector supports the same Authentication and Privacy protocols (eg, SHA/Triple Des, etc).
You can also use “show ip cache flow” to view netflow metrics from the CLI.
Here’s a video with way too much talking covering the same thing. Audio was recorded through a potato, and the collector used is Solarwinds free netflow collector which is limited in features as it has a big commercial brother that wants to beat you up and take all of your money to unlock longer capture times and more interfaces. Such is network software.