Tech Note #015. General requirements



Similar documents
Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

SolarWinds Technical Reference

NetFlow Auditor Manual Getting Started

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Configuring NetFlow Switching

SolarWinds Technical Reference

Overview of Network Traffic Analysis

SolarWinds Technical Reference

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Fluke Networks NetFlow Tracker

Configuring NetFlow Data Export (NDE)

Network Traffic Analyzer

Tue Apr 19 11:03:19 PDT 2005 by Andrew Gristina thanks to Luca Deri and the ntop team

How-To Configure NetFlow v5 & v9 on Cisco Routers

Cisco IOS Flexible NetFlow Command Reference

LAB II: Securing The Data Path and Routing Infrastructure

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Configuring Flexible NetFlow

Configuring NetFlow Secure Event Logging (NSEL)

Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software

NetFlow v9 Export Format

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Configuring NetFlow. Information About NetFlow. Send document comments to CHAPTER

Overview. Why use netflow? What is a flow? Deploying Netflow Performance Impact

Appendix A Remote Network Monitoring

Configuring Port Security

A message from Plixer International:

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Lab Characterizing Network Applications


1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Cisco IOS NetFlow Command Reference

Database Replication Error in Cisco Unified Communication Manager

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export

Scrutinizer. Getting Started Guide. A message from Plixer International:

Configuring Redundancy

Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept

GLBP - Gateway Load Balancing Protocol

Cisco Performance Agent Data Source Configuration in the Branch-Office Router

Configuring EtherChannels

Flow Monitor for WhatsUp Gold v16.2 User Guide

Configuring NetFlow Secure Event Logging (NSEL)

Firewall Load Balancing

I cannot find the answer to my problem in the manuals, what do I need to do?

NetFlow Subinterface Support

Configuring NetFlow on Cisco IOS XR Software

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

IP Accounting C H A P T E R

Flow Monitor for WhatsUp Gold v16.1 User Guide

Lab Diagramming Intranet Traffic Flows

Configuring Link Aggregation

Configuring NetFlow-lite

Lab Configuring Syslog and NTP (Instructor Version)

Sampled NetFlow. Feature Overview. Benefits

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

Supported Platforms. Supported Standards, MIBs, and RFCs. Prerequisites. Related Features and Technologies. Related Documents. Improved Server Access

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

LogLogic Cisco NetFlow Log Configuration Guide

Network Management & Monitoring

Configuring NetFlow on Cisco ASR 9000 Series Aggregation Services Router

AutoQoS. Prerequisites for AutoQoS CHAPTER

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Netflow Overview. PacNOG 6 Nadi, Fiji

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Enabling and Monitoring NetFlow on Subinterfaces

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Chapter 7 Configuring Trunk Groups and Dynamic Link Aggregation

WhatsUpGold. v15.0. Flow Monitor User Guide

Using LiveAction with Cisco Secure ACS (TACACS+ Server)

Introduction to Cisco IOS Flexible NetFlow

LAB THREE STATIC ROUTING

Example: Configuring VoIP on an EX Series Switch Without Including 802.1X Authentication

Network Agent Quick Start

Configuring the Content Routing Software

nexvortex Setup Guide

Cisco Integrators Cisco Partners installing and implementing the Cisco Catalyst 6500 Series Switches

Cisco NetFlow Security Event Logging Guide: Cisco ASA 5580 Adaptive Security Appliance and Cisco NetFlow Collector

Securing Networks with PIX and ASA

Network Monitoring and Management NetFlow Overview

Contents. Lancope The Leader in NetFlow Collection & Analysis. Cisco NetFlow Configuration. Cisco IOS NetFlow Configuration Guide

Cisco IOS Flexible NetFlow Technology

Monitoring Netflow with NFsen

This techno knowledge paper can help you if: You need to setup a WAN connection between a Patton Router and a NetGuardian.

IOS NAT Load Balancing for Two ISP Connections

- Basic Router Security -

Configuring Static and Dynamic NAT Translation

Table of Contents. Configuring IP Access Lists

Configuring TCP Intercept (Preventing Denial-of-Service Attacks)

Configuring DHCP Snooping

Lab Diagramming External Traffic Flows

LogLogic Cisco NetFlow Log Configuration Guide

IOS Server Load Balancing

Per-Packet Load Balancing

Configuring NTP. Information about NTP. NTP Overview. Send document comments to CHAPTER

Traffic monitoring with sflow and ProCurve Manager Plus

Domain Name System Server Round-Robin Functionality for the Cisco AS5800

Transcription:

Mazu Networks, Inc. 125 CambridgePark Dr. Cambridge, MA 02140 Phone (617) 354-9292 Fax (617) 354-9272 www.mazunetworks.com Configuring NetFlow for Profiler Tech Note #015 Product: Profiler Version: 5.5 Date: 8/18/05 This note presents examples for configuring Cisco 6500 and 7500 series routers to provide NetFlow data to Profiler. This information is intended only as a guideline, and future changes to Cisco software may obsolete these examples. Please contact Cisco Systems or your Cisco reseller for specific information or assistance. General requirements The general requirements for setting up routers to send NetFlow data to Profiler are as follows: Routers should be configured for NetFlow V1, V5 or V7 with no aggregation. Routers should export NetFlow to the Profiler or Regional Gateway Management interface and use the destination port that is configured on the Mazu equipment. The default is udp/2003. Routers using Cisco IOS should be synched to an NTP server. The timestamps on the network equipment and Mazu equipment should be relatively close. Router(config)#ntp server 172.31.0.12 Router#show ntp associations address ref clock st when poll reach delay offset Disp ~127.127.7.1 127.127.7.1 4 28 64 377 0.0 0.00 0.0 *~172.31.0.12 18.145.0.30 2 48 64 377 2.7-0.77 0.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured Router#show clock 14:29:21.682 EDT Fri Aug 12 2005 The active timeout setting for flows should be set to 60 seconds. The inactive timeout setting can be left at the default setting of 15 seconds. It must be less than 60 seconds. When NetFlow is to be used on a Cisco 6500 switch equipped with both MSFC and SUP1 modules, it must be enabled on both the router level and the switch level. The route once, switch many concept applies to this hardware configuration. A new flow is first routed by the MSFC module before being placed in the MLS cache and being switched. Therefore, it is important for Profiler to receive NetFlow data from both modules to avoid missing any data. A similar concept applies to a chassis with SUP2 or 720 modules. 1

Configuring 7500 series router The following example uses the IOS command line interface to configure a 7500 series router. The commands are similar for most of the software routing platforms. 1. Configure NDE (Netflow Data Export): ip flow-export <ip_address> < udp_port> <version> where ip_address and udp_port are the Profiler IP address and UDP port, respectively, and version is the NetFlow version. Router(config)# ip flow-export 10.0.0.100 2003 5 2. Enable NetFlow at the interface level on each interface where you want to collect statistics: interface <type> <slot>/<port-adapter> 3. Set the Netflow timers. Router(config)# ip flow-cache timeout active 1 # This breaks up long-lived flows into one-minute segments. Router(config)# ip flow-cache timeout inactive 15 # This ensures that flows that have finished are exported in a timely manner # (15 seconds). Configuring 6500 series switches running native IOS The following example uses the native IOS command line interface to configure the SUP and MSFC modules of a 6500 series switch. This example is based on the Cisco documentation for Cat6500 w/ SUP2/720 running IOS 12.2. For further information, refer to http://www.cisco.com/en/us/products/hw/switches/ps708/products_configuration _guide_chapter09186a0080160a2b.html. At the switch level (SUP2) mls netflow mls nde sender version 5 mls flow ip interface-full mls nde interface mls aging normal 32 mls aging long 64 # Enables Netflow on the PFC # Turns on Netflow, sets version # (verify options; this may have to be version 7) # Sets an appropriate flow mask # Populates egress interface fields - not needed # Netflow inactive timeout in seconds # Netflow active timeout in seconds 2

At the routing module (MSFC) ip flow-export source loopback 0 # Define Netflow source address (not needed). # Otherwise, Netflow egress interface is used. ip flow-export version 5 # Define Netflow version ip flow-export destination 10.0.0.100 2003 # Profiler IP address and UDP port ip flow-cache timeout inactive 15 # Inactive timeout in seconds # May be version specific ip flow-cache timeout active 1 # Active timeout in minutes # May be version specific Then for each interface or interface grouping where NetFlow accounting is required (three types of interfaces), perform the following setup, as applicable: interface <type> <slot>/<port> OR interface vlan <vlan_id> Router(config)# interface vlan 3 OR interface port-channel <channel_id> Router(config)# interface port-channel 3 Configuring 6500 series switches in Hybrid mode The following example configures the SUP and MSFC modules of a 6500 series switch running in the Hybrid mode. At the switch level (SUP) 1. Enable NDE (Netflow Data Export): set mls nde enable 2. Set the NDE destination: set mls nde enable <collector_ip> <udp_port_number> where collector_ip is the IP address of the Profiler. 3

set mls nde enable 10.0.0.100 2003 3. Set Netflow timers: set mls agingtime 16 # Inactive timeout set mls agingtime fast 32 0 # Inactive timeout for aggressive aging set mls agingtime long-duration 64 # Active timeout 4. Set the flow mask to full to avoid losing resolution by mapping multiple flows to the cache entry: set mls flow full At the routing module (MSFC) 1. Configure NDE (Netflow Data Export): ip flow-export <ip_address> < udp_port> <version> where ip_address and udp_port are the Profiler IP address and UDP port, respectively, and version is the NetFlow version. Router(config)# ip flow-export 10.0.0.100 2003 5 2. Enable NetFlow at the interface level on each interface where you want to collect statistics: interface <type> <slot>/<port-adapter> 3. Set the Netflow timers. Router(config)# ip flow-cache timeout active 1 # This breaks up long-lived flows into one-minute segments. Router(config)# ip flow-cache timeout inactive 15 # This ensures that flows that have finished are exported in a timely manner (15 seconds). Determining the source of NetFlow data To identify the source of a NetFlow data stream from within Profiler: 1. Log in on the Profiler CLI and stop mazuctl /etc/init.d/mazuctl stop 2. Run tcpdump tcpdump t n T cnfp udp port 2003 (this assumes the Mazu default Netflow port of udp/2003) 3. In the tcpdump output, examine the source addresses of the NDE messages or the format of the Netflow data exported. 4. Restart mazuctl /etc/init.d/mazuctl start 4

Determining the flow rate from all NetFlow sources To determine the flow-rate from all Netflow sources, examine the following files (in v5.0 or v5.5): /click/flow_collector_1/collector/flowcount # Number of flows seen so far during this updateperiod, changing counter that is reset every updateperiod. /click/flow_collector_1/collector/counts # Total number of flow seen during the previous timeperiod For Additional Information For questions on specific Netflow configuration options or commands, please contact Cisco Systems or your Cisco reseller. For questions on Mazu Profiler, contact Mazu Technical Support at: 617 354 9292 (menu option #2) or support@mazunetworks.com 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information