Who is hogging your precious WAN bandwidth? That’s probably one of the things that you’re asking on your mind when you receive an alert about a certain WAN link has reached its full capacity. Well, you’re in luck. In newer Cisco IOS, it will allow you to enable NetFlow and Top Talkers which gives you the ability to view who are the current top talkers in your network. I really believe that the commands that I am about to show you should be part of your standard configuration on routers.
To enable Top Talkers, issue these commands:
ip flow-top-talkers top 10 sort-by bytes
Enabling Top Talkers is not enough, you also need to enable NetFlow on an interface. According to Cisco, if the router is running Cisco IOS prior to release 12.2(14)S, 12.0(22)S, or 12.2(15)T, the command used to enable NetFlow on an interface is ip route-cache flow. If the router is running Cisco IOS release 12.2.(14)S, 12.0(22)S, 12.2(15)T, or later the command used to enable NetFlow on an interface is ip flow ingress. However, I’ve used ip route-cache flow on a router running Cisco IOS 15.0 and it worked just fine. Try the first one first before using the latter. I have not tried it yet, but you may need to use ip flow egress as well if ip route-cache flow does not work.
In this scenario, I enabled NetFlow on Serial0/2/0.
configure terminal interface Serial0/2/0 ip route-cache flow
Once you are done configuring NetFlow on the interface, then you can now issue:
Router#sh ip flow top-talkers SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Bytes Se0/2/0 10.1.1.33 Fa0/0 10.2.2.9 06 050E 1BC7 2156K Se0/2/0 10.1.1.140 Fa0/0 10.2.2.78 06 0A26 10C0 1629K Se0/2/0 10.1.1.144 Fa0/0 10.2.2.55 06 0A26 0CA6 1352K Se0/2/0 10.1.1.120 Fa0/0 10.2.2.77 06 0A26 05E8 535K Se0/2/0 10.1.1.106 Fa0/0 10.2.2.86 06 0A26 086A 361K Se0/2/0 10.1.1.131 Fa0/0 10.2.2.90 06 0A26 0A7A 135K Se0/2/0 10.1.1.112 Fa0/0 10.2.2.80 06 0A26 0C28 109K Se0/2/0 10.1.1.137 Fa0/0 10.2.2.80 06 0A26 0D95 75K Se0/2/0 10.1.1.142 Fa0/0 10.2.2.82 06 0A26 120B 71K Se0/2/0 10.1.1.116 Fa0/0 10.2.2.83 06 0A26 0922 47K 10 of 10 top talkers shown. 30 flows processed.
I really think this is a great tool to have in your routers. It will basically help you identify who is congesting your WAN link. I’ve seen scenarios where Security (Loss Prevention) guys, like to see what’s going on in the remote branch and they use their little PC to remotely view the security cameras inside the remote branch. In some environment, that’s a no-no especially if the mission critical applications are being affected. If the QoS (Quality of Service) was designed and implemented correctly, then you shouldn’t have to worry about Security guys viewing and streaming recoded videos because the mission critical applications should have guaranteed bandwidth when there’s a congestion.
I hope this has been helpful and thank you for reading!
NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.