Configuring NetFlow-lite



Similar documents
Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Configuring Flexible NetFlow

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Configuring NetFlow. Information About NetFlow. Send document comments to CHAPTER

NetFlow-Lite offers network administrators and engineers the following capabilities:

Configuring DHCP Snooping

Configuring NetFlow on Cisco ASR 9000 Series Aggregation Services Router

Introduction to Cisco IOS Flexible NetFlow

Easy Performance Monitor

Easy Performance Monitor

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

NetFlow/IPFIX Various Thoughts

How-To Configure NetFlow v5 & v9 on Cisco Routers

SolarWinds Technical Reference

Easy Performance Monitor

Configuring NetFlow on Cisco IOS XR Software

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Cisco IOS Flexible NetFlow Command Reference

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

AutoQoS. Prerequisites for AutoQoS CHAPTER

NetFlow Subinterface Support

Configuring QoS and Per Port Per VLAN QoS

SolarWinds Technical Reference

How To Mirror On An Ipfix On An Rspan Vlan On A Pc Or Mac Or Ipfix (Networking) On A Network On A Pnet (Netnet) On An Uniden (Netlan

Configuring DHCP Snooping and IP Source Guard

Cisco IOS Flexible NetFlow Technology

NetFlow v9 Export Format

Cisco Performance Monitor Commands

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Traffic Mirroring Commands on the Cisco IOS XR Software

Configuring EtherChannels

Configuring Auto-QoS

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Configuring NetFlow Secure Event Logging (NSEL)

Tue Apr 19 11:03:19 PDT 2005 by Andrew Gristina thanks to Luca Deri and the ntop team

SolarWinds Technical Reference

Lab Characterizing Network Applications

Configuring IP SLA Service Performance Testing

Configuring LLDP, LLDP-MED, and Location Service

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

NetFlow Configuration Guide, Cisco IOS Release 12.2SR

Flow Monitor for WhatsUp Gold v16.1 User Guide

Traffic Mirroring Commands on the Cisco ASR 9000 Series Router

Configuring a Load-Balancing Scheme

Configuring the Firewall Management Interface

Flow Monitor for WhatsUp Gold v16.2 User Guide

Monitoring Traffic Interception

Configuring a Load-Balancing Scheme

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export

Configuring QoS. Understanding QoS CHAPTER

NetFlow Configuration Guide, Cisco IOS Release 15M&T

Cisco IOS NetFlow Version 9 Flow-Record Format

Cisco IOS NetFlow Version 9 Flow-Record Format

Configuring Quality of Service

Configuring NetFlow Data Export (NDE)

WhatsUpGold. v15.0. Flow Monitor User Guide

NetFlow Configuration Guide, Cisco IOS Release 12.4


Configuring Port Security

Configuring Network Security with ACLs

Configuring NetFlow Secure Event Logging (NSEL)

Network Monitoring and Management NetFlow Overview

Firewall Load Balancing

Configuring NetFlow Switching

Integrated Traffic Monitoring

Network Configuration Example

Cisco - Catalyst 2950 Series Switches Quality of Service (QoS) FAQ

Configuring Local SPAN and ERSPAN

Configuring a Load-Balancing Scheme

Configuring Static and Dynamic NAT Translation

Configuring MAC ACLs

Quality of Service (QoS): Managing Bandwidth More Effectively on the Series 2600/2600-PWR and Series 2800 Switches

Flow-Based per Port-Channel Load Balancing

Configuring Quality of Service

Configuring Denial of Service Protection

Cisco NetFlow Generation Appliance (NGA) 3140

Flow Analysis Versus Packet Analysis. What Should You Choose?

NetFlow The De Facto Standard for Traffic Analytics

Chapter 7 Configuring Trunk Groups and Dynamic Link Aggregation

Introduction to Netflow

Monitoring Network Traffic Using SPAN

Cisco Catalyst 4948E NetFlow- lite

Configuring the Switch with the CLI-Based Setup Program

Network Management & Monitoring

Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software

Network Agent Quick Start

Appendix A Remote Network Monitoring

Troubleshooting Bundles and Load Balancing

Firewall Stateful Inspection of ICMP

VOICE VLAN SUPPORT IN THE DELL POWERCONNECT 6200

Configuring Auto Policy-Based Routing

Configuring Network Address Translation

LiveAction Application Note

Chapter 4 Rate Limiting

Enabling Remote Access to the ACE

Overview of Network Traffic Analysis

QoS: Color-Aware Policer

IBM. Tivoli. Netcool Performance Manager. Cisco Class-Based QoS Technology Pack. User Guide. Document Revision R2E1

Transcription:

CHAPTER 55 Note NetFlow-lite is only supported on Catalyst 4948E Ethernet Switch. This chapter describes how to configure NetFlow-lite on the Catalyst 4948E switch. NetFlow-lite provides traffic monitoring capabilities similar to those provided through NetFlow. Note For complete syntax and usage information for the switch commands used in this chapter, first look at the Cisco Catalyst 4500 Series Switch Reference and related publications at this location: http://www.cisco.com/en/us/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Reference and related publications at this location: http://www.cisco.com/en/us/products/ps6350/index.html Note VLAN monitors are not supported in Cisco IOS Release 15.0(2)SG. Note Refer to the NetFlow Solutions Guide for more detailed information on Netflow usage and management. The following topics are included: About NetFlow Packet Sampling, page 55-2 Feature Interaction, page 55-2 Configuring NetFlow Packet Sampling, page 55-2 Display s, page 55-8 Clear s, page 55-9 55-1

About NetFlow Packet Sampling Chapter 55 About NetFlow Packet Sampling The Netflow-lite feature is based on ingress packet sampling at a monitoring point that can be an interface on the switch. By exporting NetFlow sampled packets, it provides visibility into traffic that is switched through the device. The rate at which input packets are sampled is configurable and a wide range of sampling rates are supported. The sampled packets can be exported with Netflow V9 or IPFIX format. Feature Interaction Feature interactions exists on three levels: System-wide Restrictions WCCP output redirect is not supported when NetFlow-lite is configured on any interface. monitor on any interface causes Layer 3 Deny ACLs to not generate ICMP unreachable packets. Enabling Netflow-lite monitoring reduces the available TCAM usage and packet forwarding bandwidth. Interface-level Restrictions NetFlow-lite monitoring and ingress QoS policy cannot coexist on the same interface. QoS policy takes precedence over NetFlow-lite monitoring. NetFlow-lite monitoring and the WCCP Exclude feature cannot coexist on the same interface. NetFlow-lite and SPAN cannot coexist on the same interface. NetFlow-lite takes precedence over SPAN. Monitor-level Restrictions Port channel with an aggregate bandwidth exceeding 20 Gigabit support the highest sampling rate of 1 in 64; those with an aggregate bandwidth exceeding 40 Gigabit support 1 in 128. When running PIM bidirectional mode, NetFlow-lite monitoring for multicast packets does not work when the RP or DF and any of the receivers are on the same VLAN. Configuring NetFlow Packet Sampling To configure the NetFlow-lite feature, complete the tasks in these sections: Configuring Information about the External Collector, page 55-3 Configuring Sampling Parameters, page 55-4 Activating Sampling on an Interface or VLAN, page 55-5 55-2

Chapter 55 Configuring NetFlow Packet Sampling Configuring Information about the External Collector To configure the external collector, perform this task: Step 1 Switch# config terminal Enters configuration mode Step 2 Switch(config)# netflow-lite exporter exporter Defines an exporter and to enter NetFlow-lite exporter submode Step 3 Switch(config-netflow-lite-exporter)# destination Specifies a destination address source-address Step 4 Switch(config-netflow-lite-exporter)# source Specifies a source Layer 3 interface source-address Step 5 Switch(config-netflow-lite-exporter)# vrf Specifies a VRF label source-address Step 6 Switch(config-netflow-lite-exporter)# transport udp Specifies a UDP transport destination port destination-port Step 7 Switch(config-netflow-lite-exporter)# ttl ttl-value Specifies a ttl value Step 8 Switch(config-netflow-lite-exporter)# cos cos-value Specifies a cos value Step 9 Switch(config-netflow-lite-exporter)# dscp dscp-value Specifies a dscp value Step 10 Step 11 Step 12 Switch(config-netflow-lite-exporter)# template data timeout timeout Switch(config-netflow-lite-exporter)# options {sampler-table interface-table} timeout timeout Switch(config-netflow-lite-exporter)# export-protocol {netflow-v9 ipfix} Specifies a template data timeout Specifies an options timeout Specifies the export protocol Step 13 Switch(config-netflow-lite-exporter)# exit Returns to global configuration mode Step 14 Switch(config)# exit Returns to EXEC mode Step 15 Switch# show netflow-lite exporter exporter Displays the exporter configuration Example This example shows how configure the external collector and to verify the exporter configuration: Switch# config terminal Switch(config)# netflow-lite exporter exporter1 Switch(config-netflow-lite-exporter)# destination 5.5.5.6 Switch(config-netflow-lite-exporter)# source 5.5.5.5 Switch(config-netflow-lite-exporter)# transport udp 8188 Switch(config-netflow-lite-exporter)# ttl 128 Switch(config-netflow-lite-exporter)# cos 7 Switch(config-netflow-lite-exporter)# dscp 32 Switch(config-netflow-lite-exporter)# template data timeout 1 Switch(config-netflow-lite-exporter)# options sampler-table timeout 1 Switch(config-netflow-lite-exporter)# options interface-table timeout 1 Switch(config-netflow-lite-exporter)# export-protocol netflow-v9 Switch(config-netflow-lite-exporter)# exit Switch(config)# exit Switch# show netflow-lite exporter exporter1 Netflow-lite Exporter exporter1: Network Protocol Configuration: Destination IP address: 5.5.5.6 Source IP Address: 5.5.5.5 55-3

Configuring NetFlow Packet Sampling Chapter 55 VRF label: none DSCP: 0x20 TTL: 128 COS: 7 Transport Protocol Configuration: Transport Protocol: UDP Source Port: 50441 Destination Port: 8188 Destination Ports to Load-share: 1 Export Protocol Configuration: Export Protocol: netflow-v9 Template data timeout: 1800 Options sampler-table timeout: 1800 Options interface-table timeout: 1800 Exporter Statistics: Packets Exported: 56 Usage Guidelines The collector's IP address and UDP port can be specified. Optionally a vrf label can be provided in which the collector is reachable. The exporter agent's address is specified as the source interface. We support either IPFIX or Netflow V9 export. The exporter's name can be specified when activating sampling at a monitor. This can be done in interface or VLAN mode. If no exporter is specified for a sampling instance, then no samples are exported. The exporter submode also allows you to specify the refresh frequency for the NetFlow templates. Metadata about the NetFlow packet sampling process like sampler configuration parameters and SNMP interface table mapping can also be exported periodically to the collector. Mandatory parameters for a minimal exporter configuration are the destination address of the collector, the source Layer 3 interface, and the UDP destination port of the collector. The VRF label is ignored if the collector's address is IPv6. The default global routing table is used to route the IPv6 export packets to the collector. The CoS CLI option is used to set the CoS value of VLAN tags for packet samples exported by fpga alone. Configuring Sampling Parameters This task configures packet and counter sampling parameters as reusable named entities. To configure the NetFlow cache and enable switched IP flow collection, perform this task: Step 1 Switch# config terminal Enters configuration mode. Step 2 Switch(config)# netflow-lite sampler sampler Configure packet sampling parameters as a reusable named entity and to enter NetFlow-lite sampler submode. Step 3 Switch(config-netflow-lite-sampler)# packet-rate rate Specifies the specify a packet sampling rate in NetFlow-lite sampler submode. Step 4 Switch(config-netflow-lite-sampler)# packet-section size size Specifies a sampled header size in NetFlow-lite submode. 55-4

Chapter 55 Configuring NetFlow Packet Sampling Step 5 Switch(config-netflow-lite-sampler)# packet-offset offset Specifies a starting packet offset in NetFlow-lite submode. Step 6 Switch(config-netflow-lite-sampler)# exit Exits NetFlow-lite sampler submode. Step 7 Switch(config)# exit Exits global configuration mode. Step 8 Switch# show netflow-lite sampler sampler Displays information about a sampler. Example This example shows how to configure sampling parameters and to display the sampler configuration: Switch# config terminal Switch(config)# netflow-lite sampler sampler1 Switch(config-netflow-lite-sampler)# packet-rate 32 Switch(config-netflow-lite-sampler)# packet-section size 128 Switch(config-netflow-lite-sampler)# packet-offset 16 Switch(config-netflow-lite-sampler)# exit Switch(config)# exit Switch# Switch# show netflow-lite sampler sampler1 Netflow-lite Sampler sampler1: Id : 1 Packet Sampling rate: 1 out of 32 Packet Section Size: 64 bytes Packet offset: 16 bytes You can verify your settings with the show netflow-lite sampler privileged EXEC command Usage Guidelines The packet sampling rate can range from 32 to 2^15 in powers of 2. To troubleshoot two 1 Gigabit ports, a rate of 1 is allowed. This is equivalent to rx span only. It cannot be configured on 10 Gigabit ports because the bandwidth demand for export will be too high. Mandatory parameters are packet rate. A maximum of 2 x 1Gigabit ports can be configured with 1-in-1 sampling. The best packet sampling rate that can be configured on any 1 Gigabit or 10 Gigabit port is 1-in-32. Packet sampling rates can be configured in powers of 2 (like 1-in-64 and 1-in-128). You can update a sampler at a target interface, but you cannot remove or unconfigure mandatory parameters. All mandatory parameters must be present to validate a sampler. Any unspecified non-mandatory parameters take on default values. Activating Sampling on an Interface or VLAN This task defines a monitor instance on an interface or VLAN, identifying the sampler and exporter to use. 55-5

Configuring NetFlow Packet Sampling Chapter 55 To activate sampling on an interface, perform this task: Step 1 Switch# config terminal Enters configuration mode. Step 2 Switch(config)# interface interface-id Enters interface configuration mode. Step 3 Switch(config-if)# netflow-lite monitor monitor Defines a monitor instance on an interface and enters NetFlow-lite monitor submode. Step 4 Switch(config-netflow-lite-monitor)# sampler sampler Activates sampling on an interface in NetFlow-lite monitor submode. Step 5 Step 6 Switch(config-netflow-lite-monitor)# exporter exporter Switch(config-netflow-lite-monitor)# average-packet-size size Assigns an exporter in NetFlow-lite monitor submode Specifies the average packet size at the observation point in NetFlow-lite monitor submode. Step 7 Switch(config-netflow-lite-monitor)# exit Exits NetFlow-lite monitor submode. Step 8 Switch(config)# exit Exits global configuration mode. Step 9 Switch# show netflow-lite monitor monitor interface interface-name Displays information about a particular packet or per data source stats. To activate sampling on an interface, perform this task: Step 1 Switch# config terminal Enters configuration mode. Step 2 Switch(config)# vlan config 2 Enters interface configuration mode. Step 3 Step 4 Step 5 Examples Switch(config-vlan-config)# netflow-lite monitor monitor Switch(config-netflow-lite-monitor)# average-packet-size size Switch(config-netflow-lite-monitor)# exporter exporter The following example shows how to configure a monitor on a port interface Gigabit 1/3: Switch# config terminal Switch(config)# int GigabitEthernet1/3 Switch(config-if)# netflow-lite monitor 1 Switch(config-netflow-lite-monitor)# sampler sampler1 Switch(config-netflow-lite-monitor)# average-packet-size 128 Defines a monitor instance on an interface and enters NetFlow-lite monitor submode. Specifies the average packet size at the observation point in NetFlow-lite monitor submode. Assigns an exporter in NetFlow-lite monitor submode. Step 6 Switch(config-netflow-lite-monitor)# sampler sampler Activates sampling on an interface in NetFlow-lite monitor submode. Step 7 Switch(config-netflow-lite-monitor)# exit Exits NetFlow-lite monitor submode Step 8 Switch(config)# exit Exits global configuration mode. Step 9 Switch# show netflow-lite monitor monitor vlan vlan Displays information about a particular packet or per data source stats. 55-6

Chapter 55 Configuring NetFlow Packet Sampling Switch(config-netflow-lite-monitor)# exporter exporter1 Switch(config-netflow-lite-monitor)# exit Switch(config-if)# exit Switch(config)# exit Switch(config)# Switch# show netflow-lite monitor 1 interface gi1/3 Interface GigabitEthernet1/3: Netflow-lite Monitor-1: Active: TRUE Sampler: sampler1 Exporter: exporter1 Average Packet Size: 0 Statistics: Packets exported: 0 Packets observed: 0 Packets dropped: 0 Average Packet Size observed: 64 Average Packet Size used: 64 Similarly, you can configure a monitor on a VLAN in VLAN config mode: Switch# config terminal Switch(config)# vlan config 2 Switch(config-vlan-config)# netflow-lite monitor 1 Switch(config-netflow-lite-monitor)# average-packet-size 128 Switch(config-netflow-lite-monitor)# exporter exporter1 Switch(config-netflow-lite-monitor)# sampler sampler1 Switch(config-netflow-lite-monitor)# exit Switch(config-vlan-config)# exit Switch(config)# Switch# show netflow-lite monitor 1 vlan 2 VlanID-2: Netflow-lite Monitor-1: Active: TRUE Sampler: sampler1 Exporter: exporter1 Average Packet Size: 0 Statistics: Packets exported: 0 Packets observed: 0 Packets dropped: 0 Average Packet Size observed: 64 Average Packet Size used: 64 You can verify your settings with the show policy-map privileged EXEC command. Usage Guidelines Only a single packet sampling instance is supported on a monitor. These commands are entered under the physical port interface mode, port channel interface, or config vlan mode. Monitor is not supported on other interfaces. If the physical port is a member of a port channel, applying the monitor to the port has no effect. Instead, the monitor must be applied to the port channel. When configuring a monitor, the mandatory parameters are sampler and exporter. If no exporter is associated with a monitor, no samples are exported. If no sampler is specified, no input packet sampling occurs for that target interface. The packet sampling mechanism tries to achieve random 1-in-N sampling. The accuracy of the algorithm is dependent on the size of the packets arriving at a given interface. To tune the relative accuracy of the algorithm, use the average-packet-size parameter. The whole system supports a maximum of 200 monitors. 55-7

Display s Chapter 55 The system automatically determines the average packet size at an interface based on observation of input traffic and uses that value in rate DBL sampling. Valid range of packet sizes that can be used by the algorithm is 64-9216 bytes. A value of 0 is taken to mean that automatic determination of average packet size is desired. The sampler and exporter must be valid for packet sampling. If any mandatory parameters are missing, a warning message indicating that sampler or exporter is invalid is displayed. Display s To view the configured value of the minimum mask, use the following commands for each aggregation scheme, as needed: Switch# show netflow-lite sampler sampler_name Switch# show netflow-lite monitor monitor interface interface_name Switch# show netflow-lite monitor monitor vlan vlan_id Switch# show netflow-lite exporter exporter_nsme Displays information about a sampler. The following commands display information about a particular packet and per monitor stats. The interface can be either a physical port or a VLAN. They display the following packet sampling statistics: Total # of packet (samples) exported Total # of packet (samples) dropped due to lack of local resources Total# of packets seen at the monitor Displays information about the collector and global stats. The following example shows how to displays information about a sampler: Switch# show netflow-lite sampler low-rate Netflow-lite Sampler low-rate: Description: Sampler Sampling rate: 1 out of 256 Packet Section Size: 64 bytes Packet offset: 0 bytes The following example shows how to display information about a particular packet and per monitor stats on a physical port: Switch# show netflow-lite monitor 1 interface gi1/3 Interface GigabitEthernet1/3: Netflow-lite Monitor-1: Active: TRUE Sampler: sampler1 Exporter: exporter1 Average Packet Size: 0 Statistics: Packets exported: 0 Packets observed: 0 Packets dropped: 0 55-8

Chapter 55 Clear s Average Packet Size observed: 64 Average Packet Size used: 64 The following example shows how to display information about a particular packet and per monitor stats on a VLAN: Switch# show netflow-lite monitor 1 vlan 2 VlanID-2: Netflow-lite Monitor-1: Active: TRUE Sampler: sampler1 Exporter: exporter1 Average Packet Size: 0 Statistics: Packets exported: 0 Packets observed: 0 Packets dropped: 0 Average Packet Size observed: 64 Average Packet Size used: 64 The following example shows how to display the total number of export packets sent: Switch# show netflow-lite e1 Netflow-lite Exporter e1: Description: Exporter Network Protocol Configuration: Destination IP address: 192.168.1.1 VRF label: cisc Source IP Address: 10.1.1.5 DSCP: 0x1 TTL: 30 COS: 1 Transport Protocol Configuration: Transport Protocol: UDP Destination Port: 1234 Source Port: 65535 Export Protocol Configuration: Export Protocol: netflow-v9 Exporter Statistics: Export packets sent: 36 Clear s To clear statistics of a packet sampler at a monitor, use the following commands, as needed: Switch# clear netflow-lite monitor monitor_id statistics interface interface name Switch# clear netflow-lite monitor monitor_id statistics vlan vlan_id Switch# clear netflow-lite exporter exporter_ name statistics Clear the statistics of a packet sampler at a datasource Clear the collector statistics 55-9

Clear s Chapter 55 55-10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information