A network engineer is troubleshooting intermittent packet loss on a WAN link connecting two data centers. The engineer suspects that certain traffic types are being dropped but needs to confirm this without impacting production. The engineer has access to Cisco IOS-XE routers at both ends. Which approach should the engineer use to identify the specific flows being dropped?
Correct because Flexible NetFlow with the 'drop' keyword allows per-flow drop monitoring, directly identifying which flows are being dropped.
Why this answer
NetFlow can be used to monitor traffic flows and identify drops, but traditional NetFlow does not capture drops. The correct answer uses Flexible NetFlow with a flow monitor that includes the 'drop' keyword to capture dropped packets, which is the most direct method. Option B is incorrect because SNMP polling of interface counters shows aggregate drops but not per-flow.
Option C is incorrect because EEM alone cannot capture per-flow drop details. Option D is incorrect because IP SLA measures performance but not drop causation per flow.