[flow-tools] src/dst AS list

[Olav Langeland]

Just getting back to flow-tools after being with some other projects,
last time I looked into it a large chunk of src/dst AS list was 0.
Reading the flow-capture manpage revealed that it was the router
exporting the local AS as 0, so fixed now.

Just need to get some info about if I got this right. We have 2 Cisco
7206 border routers, 1 to each upstream ISP, here is a cut from config:
!
interface Serial2/0
 ip route-cache flow
..
!
..
ip flow-export source Loopback0
ip flow-export version 5 origin-as
ip flow-export destination a.b.c.d 9995
..

But, my question is about exactly what is being exported. Does the AS
list contain both incoming and outgoing AS numbers, both
internet->inside and inside->internet? When I run a flow-stat -f19 for
SRC AS is that a mix of flows from both directions?=20


What is the difference between "ip route-cache flow" and "ip route-cache
flow sampled"?=20
I saw a post the other day where the config included:=20
> !
> ip flow-aggregation cache as
>  export destination a.b.c.d 9691
>  cache timeout inactive 10
>  cache timeout active 1
>  enabled
> !
As I can understand from Cisco.com it is "The NetFlow ToS-Based Router
Aggregation feature provides the ability to enable limited router-based
type of service (ToS) aggregation of NetFlow Export data, which results
in summarized NetFlow Export data to be exported to a collection device.
The result is lower bandwidth requirements for NetFlow Export data and
reduced platform requirements for NetFlow data collection devices."=20
So this is basically just a way for decreasing the traffic that is
created with exporting netflow data, or is it any other reasons for
using it?

Any input appreciated

-olav