GigaSMART NetFlow Generation
NetFlow Generation is a simple and effective way to increase visibility into traffic flows and usage patterns across systems. The flow-generated data can be used to build relationships and usage patterns between nodes on the network. Routers and switches that support NetFlow can collect IP traffic statistics to be exported as NetFlow records.
However, the processor and memory load of enabling NetFlow can cause service degradation and affect their ability to pass traffic without introducing latency and packet drops. Due to this processing overhead, sampled NetFlow is implemented in most of the high-end routers. Sampling in every “N” packets for NetFlow processing can severely limit the visibility needed to monitor flows.
Configure NetFlow Generation Examples
The following sections provide examples of NetFlow Generation. Refer to the following:
| Example 1: NetFlow Generation Configuration |
| Example 2: NetFlow Generation Configuration |
| Example 3: NetFlow Generation Configuration |
| Example 4: NetFlow Generation Configuration |
For details on the CLI commands in the following sections, refer to the following commands in the reference section:
| apps netflow |
| gsgroup |
| gsop |
| gsparams |
| map |
| port |
| ip interface |
Example 1: NetFlow Generation Configuration
In Example 1, the steps set up a typical NetFlow Generation configuration.
Ex 1, Step 1: Configure the Exporter
Configure one or more NetFlow Generation Exporter(s). There can be up to 6 NetFlow Generation Exporters for each NetFlow Generation Monitor.
The following command options show the configuration of collector parameters for the NetFlow records that are exported.
The following command descriptions apply:
| format netflow version - The version is ipfix, netflow-v5, or netflow-v9. |
Note: The NetFlow version must be configured with the same version of the Exporter and the Record. If no version is specified, version 9 is the default.
| destination ip4addr - The IP address of the NetFlow/IPFIX collector. |
| transport - The UDP port of the collector. |
| ttl - The Time to Live of the packet. |
| dscp - The DSCP priority of the packet. |
| template-refresh-interval - After each template-refresh-interval, the record template is sent to the collector. Also, the option template is sent. |
| snmp enable - Enables SNMP packet support for the NetFlow exporter. |
|
Step |
Description |
Command |
|||
|
Configure the exporter. The exporter (exp4) will be used in Ex 1, Step 7: Configure Exporter Associated to IP Interface Tool Port. |
(config) # apps netflow exporter alias exp4 (config apps netflow exporter alias exp4) # format netflow version ipfix (config apps netflow exporter alias exp4) # destination ip4addr 20.20.20.20 (config apps netflow exporter alias exp4) # transport udp 2055 (config apps netflow exporter alias exp4) # ttl 64 (config apps netflow exporter alias exp4) # dscp 10 (config apps netflow exporter alias exp4) # template-refresh-interval 60 (config apps netflow exporter alias exp4) # snmp enable (config apps netflow exporter alias exp4) # exit (config) # |
|||
|
Display the exporter configuration. |
(config) # show apps netflow exporter |
Ex 1, Step 2: Configure the Record
Configure one or more NetFlow Generation Records, which have the following:
| match parameters that identify unique flows |
| collect parameters that identify fields you want to collect for the unique flows |
Note: NetFlow v9 and IPFIX let you configure Match/Key and Collect/Non-Key elements. For details refer to NetFlow Generation Match/Key and Collect/Non-Key Elements on page 698.
The following table describes the commands for NetFlow Generation Records:
|
Parameter |
Description |
|
netflow-version |
The version is either netflow-v9 or ipfix. Note: The NetFlow version must be configured with the same version as the Exporter and the Record. If no version is specified, version 9 is the default. |
|
export-blank-pen |
The parameter that exports a record containing both private and non-private enterprise elements when during runtime, the private enterprise element is empty. |
|
exporter |
The parameter that assigns an exporter to a NetFlow record. |
|
match fields |
The parameters that identify unique flows. The available Match/Key fields are based on the configured NetFlow version. |
|
collect fields |
The parameters that identify what you want to collect for the unique flows. The number of Collect/Non-Key elements in a record can be up to 32. |
|
sampling |
The parameter that configures the sampling rate and enables sampling. |
In this example, the IP source and destination address on the incoming traffic is used to identify network traffic between the unique pair of source and destination addresses. Once unique flows are identified, the following parameters are collected and exported for each flow:
| IP source and destination address |
| Total number of packets and bytes received that match the unique flows |
| IPv4 protocol |
| Transport source and destination ports |
| Input and output interface, plus interface name |
| Packet URL |
| DNS response name |
| Timestamp for the beginning and end of flow |
In this example, the collect fields are in two records. Both records must be added to the monitor.
Note: Configure the NetFlow version prior to configuring the match and collect parameters because the subsequent parameters depend on the netflow-version configured. If no version is specified, the version 9 is the default (netflow-v9).
|
Step |
Description |
Command |
|||
|
Configure a record. The NetFlow version must be the same as the NetFlow version specified in Ex 1, Step 1: Configure the Exporter. The record (rec2) will be used in Ex 1, Step 3: Configure the Monitor. |
(config) # apps netflow record alias rec2 (config apps netflow record alias rec2) # netflow-version ipfix (config apps netflow record alias rec2) # match add ipv4 source address (config apps netflow record alias rec2) # match add ipv4 destination address (config apps netflow record alias rec2) # collect add ipv4 source address (config apps netflow record alias rec2) # collect add ipv4 destination address (config apps netflow record alias rec2) # collect add counter packets (config apps netflow record alias rec2) # collect add counter bytes (config apps netflow record alias rec2) # collect add ipv4 protocol (config apps netflow record alias rec2) # collect add transport source-port (config apps netflow record alias rec2) # collect add interface input physical (config apps netflow record alias rec2) # collect add interface input name (config apps netflow record alias rec2) # collect add transport destination-port (config apps netflow record alias rec2) # collect add interface output physical (config apps netflow record alias rec2) # exporter add exp4 (config apps netflow record alias rec2) # sampling set 1 in 10 (config apps netflow record alias rec2) # exit (config) # |
|||
|
Configure a second record. The NetFlow version must be the same as the NetFlow version specified in Ex 1, Step 1: Configure the Exporter. The match fields must be the same as in Step 1. Each record must have the same match fields but differing collect fields. The record (rec3) will be used in Ex 1, Step 3: Configure the Monitor. |
(config) # apps netflow record alias rec3 (config apps netflow record alias rec3) # netflow-version ipfix (config apps netflow record alias rec3) # match add ipv4 source address (config apps netflow record alias rec3) # match add ipv4 destination address (config apps netflow record alias rec3) # collect add private pen gigamon http url (config apps netflow record alias rec3) # collect add private pen gigamon dns query-name (config apps netflow record alias rec3) # collect add private pen gigamon dns response-name number-of-collects 2 (config apps netflow record alias rec3) # collect add timestamp sys-uptime first (config apps netflow record alias rec3) # collect add timestamp sys-uptime last (config apps netflow record alias rec2) # exporter add exp4 (config apps netflow record alias rec2) # sampling set 1 in 20 (config apps netflow record alias rec3) # exit (config) # |
|||
|
Display the record configuration. |
(config) # show apps netflow record |
Ex 1, Step 3: Configure the Monitor
Configure a NetFlow Generation Monitor and associate the NetFlow Generation Record to the specified NetFlow Generation Monitor.
The following commands show the binding of the records. The commands also define the cache (holding statistics for unique flows).
The following command descriptions apply:
| record add - Records generated for the flow are defined in the record and are stored in the internal cache. |
| cache timeout event transaction-end - Applies to the TCP flow. The flow is “flushed out” to the Exporter after detecting a FIN or RST. |
| cache timeout inactive - Inactive flows are “flushed out” to the Exporter after this timeout, which is set in seconds. |
| cache timeout active - Despite the flow being active, it is “flushed out” to the Exporter after this timeout, which is set in seconds. |
| sampling - Enables or disables single-rate sampling and defines the sampling rate by specifying a number for 1 in N, where N is the packet count from 10 to 16000. |
|
Step |
Description |
Command |
|||
|
Configure the monitor. The monitor (mon2) will be used in Ex 1, Step 8: Configure GigaSMART Params to Add a Monitor. The records (rec2 and rec3) were created in Ex 1, Step 2: Configure the Record. In this example, NetFlow sampling is enabled. The sampling rate is 1 in 1024. |
(config) # apps netflow monitor alias mon2 (config apps netflow monitor alias mon2) # record add rec2( config apps netflow monitor alias mon2) # record add rec3 (config apps netflow monitor alias mon2) # cache timeout event transaction-end (config apps netflow monitor alias mon2) # cache timeout inactive 15 (config apps netflow monitor alias mon2) # cache timeout active 60 (config apps netflow monitor alias mon2) # sampling set single-rate (config apps netflow monitor alias mon2) # sampling single-rate 1 in 1024 (config apps netflow monitor alias mon2) # exit (config) # |
|||
|
Display the monitor configuration. |
(config) # show apps netflow monitor |
Ex 1, Step 4: Configure the gsgroup
Note: The GigaSMART group can contain multiple GigaSMART engine ports.
Configure a GigaSMART group and associate it with a GigaSMART engine port, as follows:
(config) # gsgroup alias grp2 port-list 1/8/e2
To display the gsgroup configuration, use the following CLI command:
(config) # show gsgroup
The e port references the GigaSMART line card or module.
Ex 1, Step 5: Configure the gsop
Define a gsop to enable NetFlow Generation, as follows:
(config) # gsop alias gsop2 flow-ops netflow port-list grp2
To display the gsop configuration, use the following CLI command:
(config) # show gsop
Ex 1, Step 6: Configure the IP Interface with a Tool Port
Identify the collector port and associate the port with the IP interface alias. Configure the port as a tool port, where the NetFlow collector will be connected, as follows:
(config) # port 1/1/g3 type tool
(config) # port 1/1/g3 params admin enable
To display the port configuration, use the following CLI command:
(config) # show port
Ex 1, Step 7: Configure Exporter Associated to IP Interface Tool Port
Configure an IP interface with a tool port and associate the NetFlow Generation Exporter to the IP interface tool port, as follows:
|
Step |
Description |
Command |
|||
|
Configure the IP interface. The IP address is for the NetFlow interface. The port list was defined in Ex 1, Step 5: Configure the gsop. Associate the exporter to the IP interface. You can associate multiple exporters to the IP interface. This was defined in Ex 1, Step 1: Configure the Exporter. |
(config) # ip interface alias test (config ip interface alias test) # attach 1/1/g3 (config ip interface alias test) # ip address 1.1.1.1 /29 (config ip interface alias test) # gw 1.1.1.2 (config ip interface alias test) # mtu 9400 (config ip interface alias test) # gsgroup add grp2 (config ip interface alias test) # netflow-exporter add exp4 (config ip interface alias test) # exit |
|||
|
Display the IP interface configuration. |
(config) # show ip interface |
Ex 1, Step 8: Configure GigaSMART Params to Add a Monitor
Update the GigaSMART parameters to include the NetFlow Monitor, as follows:
(config) # gsparams gsgroup grp2 netflow-monitor add mon2
The monitor (mon2) was defined in Ex 1, Step 3: Configure the Monitor. The GigaSMART group was defined in Ex 1, Step 4: Configure the gsgroup.
Note: Only one NetFlow Generation Monitor can be configured per gsgroup.
To display the GigaSMART parameters configuration, use the following CLI command:
(config) # show gsparams
Ex 1, Step 9: Configure Mapping Rules to Filter Packets
To add flow mapping rules to filter packets that are needed to run NetFlow, configure a map and associate the map to the IP interface with tool port, as follows:
|
Step |
Description |
Command |
|||
|
Configure the map. (This is a first level map.) |
(config) # map alias map3 (config map alias map3) # type regular byRule (config map alias map3) # use gsop gsop2 (config map alias map3) # rule add pass ipver 4 (config map alias map3) # from 1/1/x11 (config map alias map3) # to 1/1/g3 (config map alias map3) # exit (config) # |
|||
|
Display the map configuration. |
(config) # show map |
Example 2: NetFlow Generation Configuration
Starting in software version 4.2, NetFlow exporters can filter NetFlow records. The filtered NetFlow records are sent to the collectors.
In Example 2, there are three exporters, with filtering configured on two of them. Since the second exporter does not have any filtering configured, all the records are sent to the collector. In this example, there are also two tunnels and two maps. Both maps are first level maps.
Ex 2, Step 1: Configure the Exporter
Configure one or more NetFlow Generation Exporter(s), as follows:
|
Step |
Description |
Command |
|||
|
Configure the first exporter. |
(config) # apps netflow exporter alias exp1 (config apps netflow exporter alias exp1) # format netflow version ipfix (config apps netflow exporter alias exp1) # destination ip4addr 1.1.1.1 (config apps netflow exporter alias exp1) # filter add pass ipv4 dst any value 1.1.1.1 255.255.255.248 (config apps netflow exporter alias exp1) # filter add pass vlan id any value 1 (config apps netflow exporter alias exp1) # filter add pass l4port dst any value 1 (config apps netflow exporter alias exp1) # exit (config) # |
|||
|
Configure the second exporter. |
(config) # apps netflow exporter alias exp2 (config apps netflow exporter alias exp2) # format netflow version ipfix (config apps netflow exporter alias exp2) # destination ip4addr 2.2.2.2 (config apps netflow exporter alias exp2) # transport udp 2055 (config apps netflow exporter alias exp2) # dscp 10 (config apps netflow exporter alias exp2) # exit (config) # |
|||
|
Configure the third exporter. |
(config) # apps netflow exporter alias exp3 (config apps netflow exporter alias exp3) # format netflow version ipfix (config apps netflow exporter alias exp3) # destination ip4addr 3.3.3.3 (config apps netflow exporter alias exp3) # filter add pass ipv4 dst any value 3.3.3.3 255.255.255.248 (config apps netflow exporter alias exp3) # filter add pass vlan id any value 3 (config apps netflow exporter alias exp3) # filter add pass l4port dst any value 3 (config apps netflow exporter alias exp3) # exit (config) # |
|||
|
Display the exporter configuration. |
(config) # show apps netflow exporter |
Ex 2, Step 2: Configure the Record
Configure a NetFlow Generation Record, as follows:
|
Step |
Description |
Command |
|||
|
Configure the record. |
(config) # apps netflow record alias rec1 (config apps netflow record alias rec1) # netflow-version ipfix (config apps netflow record alias rec1) # match add ipv4 ttl (config apps netflow record alias rec1) # match add ipv6 traffic-class (config apps netflow record alias rec1) # collect add transport udp source-port( config apps netflow record alias rec1) # collect add transport tcp source-port (config apps netflow record alias rec1) # exporter add exp1 (config apps netflow record alias rec1) # exporter add exp2 (config apps netflow record alias rec1) # exporter add exp3 (config apps netflow record alias rec1) # sampling set 1 in 30 (config apps netflow record alias rec1) # exit (config) # |
|||
|
Display the record configuration. |
(config) # show apps netflow record |
To display the record configuration, use the following CLI command:
(config) # show apps netflow record alias rec1
Ex 2, Step 3: Configure the Monitor
Configure a NetFlow Generation Monitor and associate the NetFlow Generation Record to the specified NetFlow Generation Monitor, as follows:
|
Step |
Description |
Command |
|||
|
Configure the monitor. Note: In this example, NetFlow sampling is set to multi-rate. |
(config) # apps netflow monitor alias mon1 (config apps netflow monitor alias mon1) # record add rec1 (config apps netflow monitor alias mon1) # sampling set multi-rate (config apps netflow monitor alias mon1) # exit (config) # |
|||
|
Display the monitor configuration. |
(config) # show apps netflow monitor |
Ex 2, Step 4: Configure the gsgroup
Configure a GigaSMART group and associate it with a GigaSMART engine port, as follows:
(config) # gsgroup alias grp port-list 1/8/e1
To display the gsgroup configuration, use the following CLI command:
(config) # show gsgroup
Ex 2, Step 5: Configure the gsop
Define a gsop to enable NetFlow Generation, as follows:
(config) # gsop alias gsop1 flow-ops netflow port-list grp
To display the gsop configuration, use the following CLI command:
(config) # show gsop
Ex 2, Step 6: Configure the IP Interface with a Tool Port
Identify the collector port and associate the port with the IP interface alias. Configure the port as a tool port, where the NetFlow collector will be connected, as follows:
(config) # port 1/1/g1 type tool
(config) # port 1/1/g1 params admin enable
(config) # port 1/1/g2 type tool
(config) # port 1/1/g2 params admin enable
To display the port configuration, use the following CLI command:
(config) # show port
Ex 2, Step 7: Configure Exporter Associated to IP Interface with Tool Port
Configure an IP interface with a tool port and associate the NetFlow Generation Exporter to the IP interface tool port, as follows:
|
Step |
Description |
Command |
|||
|
Configure the first IP interface and associate two NetFlow exporters to the IP interface. |
(config) # ip interface alias test1 (config ip interface alias test1) # attach 1/1/g1 (config ip interface alias test1) # ip address 1.1.1.1 /29 (config ip interface alias test1) # gw 1.1.1.2 (config ip interface alias test1) # mtu 9400 (config ip interface alias test1) # gsgroup add grp (config ip interface alias test1) # netflow-exporter add exp1,exp2 (config ip interface alias test1) # exit |
|||
|
Configure the second IP interface and associate third NetFlow exporter to the IP interface. |
(config) # ip interface alias test2 (config ip interface alias test2) # attach 1/1/g2 (config ip interface alias test2) # ip address 4.4.4.3 /29 (config ip interface alias test2) # gw 1.1.1.2 (config ip interface alias test2) # mtu 9400 (config ip interface alias test2) # gsgroup add grp (config ip interface alias test2) # netflow-exporter add exp3 (config ip interface alias test2) # exit |
|||
|
Display the IP interface configuration. |
(config) # show ip interface |
To display the IP interface configuration, use the following CLI command:
(config) # show ip interface
Ex 2, Step 8: Configure GigaSMART Parameters to Add a Monitor
Update the GigaSMART parameters to include the NetFlow Monitor, as follows:
(config) # gsparams gsgroup grp netflow-monitor add mon1
Note: Only one NetFlow Generation Monitor can be configured per gsgroup.
To display the GigaSMART parameters configuration, use the following CLI command:
(config) # show gsparams
...
Ex 2, Step 9: Configure Mapping Rules to Filter Packets
To add flow mapping rules to filter packets that are needed to run NetFlow, configure maps and associate the maps to the IP interface with tool ports, as follows:
|
Step |
Description |
Command |
|||
|
Configure the first map. (This is a first level map.) |
(config) # map alias map1 (config map alias map1) # type regular byRule (config map alias map1) # use gsop gsop1 (config map alias map1) # rule add pass ipver 4 (config map alias map1) # from 1/1/x1..x2 (config map alias map1) # to 1/1/g1 (config map alias map1) # exit (config) # |
|||
|
Configure the second map. (This is also a first level map.) |
(config) # map alias map2 (config map alias map2) # type regular byRule (config map alias map2) # use gsop gsop1 (config map alias map2) # rule add pass ipver 4 (config map alias map2) # from 1/1/x3..x4 (config map alias map2) # to 1/1/g2 (config map alias map2) # exit (config) # |
|||
|
Display the map configuration. |
(config) # show map |
Example 3: NetFlow Generation Configuration
Starting in software version 4.3.01, NetFlow supports both first level and second level maps. In Example 3, there are two maps. However, unlike Example 2, which has two first level maps, in this example, one map is a first level map and the other is a second level map. A virtual port is configured that directs traffic to the second level map.
The configuration of the GigaSMART operation in Example 3 differs from Example 1 and Example 2. The gsop sends traffic to APF first, and then to NetFlow.
In the first level map, the traffic matching the rule is sent to the virtual port. The same traffic is also sent to two tool ports (2/1/g2 and 2/1/g3).
In the second level map, the traffic from the virtual port matching the gsrule is sent to NetFlow and then to the IP interface with tool port, 2/1/g7.
Ex 3, Step 1: Configure the Exporter
Configure one or more NetFlow Generation Exporter(s), as follows:
|
Step |
Description |
Command |
|||
|
Configure the exporter. |
(config) # apps netflow exporter alias exp1 (config apps netflow exporter alias exp1) # format cef version 23 (config apps netflow exporter alias exp1) # destination ip4addr 10.50.22.25 (config apps netflow exporter alias exp1) # exit (config) # |
Ex 3, Step 2: Configure the Record
Configure a NetFlow Generation Record, as follows:
|
Step |
Description |
Command |
|||
|
Configure the record. |
(config) # apps netflow record alias rec1 (config apps netflow record alias rec1) # netflow-version ipfix (config apps netflow record alias rec1) # match add ipv4 source address (config apps netflow record alias rec1) # match add ipv4 tos (config apps netflow record alias rec1) # collect add ipv4 protocol (config apps netflow record alias rec1) # collect add ipv4 source address (config apps netflow record alias rec1) # collect add interface input physical (config apps netflow record alias rec1) # exit (config) # |
Ex 3, Step 3: Configure the Monitor
Configure a NetFlow Generation Monitor and associate the NetFlow Generation Record to the specified NetFlow Generation Monitor, as follows:
|
Step |
Description |
Command |
|||
|
Configure the monitor. |
(config) # apps netflow monitor alias mon1 (config apps netflow monitor alias mon1) # record add rec1 (config apps netflow monitor alias mon1) # exit (config) # |
Ex 3, Step 4: Configure the gsgroup
Configure a GigaSMART group and associate it with a GigaSMART engine port, as follows:
(config) # gsgroup alias grp port-list 2/1/e1
Ex 3, Step 5: Configure the Virtual Port
Configure a virtual port and associate it with the GigaSMART group, as follows:
(config) # vport alias vp1 gsgroup grp
Ex 3, Step 6: Configure the gsop
Define a gsop to enable NetFlow Generation, as follows:
(config) # gsop alias gsop_apf_netflow apf set flow-ops netflow port-list grp
Ex 3, Step 7: Configure the Tool Port
Identify the collector port and associate the port with the IP interface. Configure the port as a tool port, where the NetFlow collector will be connected, as follows:
(config) # port 2/1/g2..g3 type tool
(config) # port 2/1/g2..g3 params admin enable
(config) # port 2/1/g7 type tool
(config) # port 2/1/g7 params admin enable
Ex 3, Step 8: Configure Exporter Associated to IP Interface Tool Port
Configure an IP interface with a tool port and associate the NetFlow Generation Exporter to the IP interface tool port, as follows:
(config) # ip interface alias test
(config ip interface alias test) # attach 2/1/g7
(config ip interface alias test) # ip address 10.115.9.5 /21
(config ip interface alias test) # gw 10.115.8.1
(config ip interface alias test) # mtu 9400
(config ip interface alias test) # gsgroup add grp
(config ip interface alias test) # netflow-exporter add exp1
(config ip interface alias test) # exit
Ex 3, Step 9: Configure GigaSMART Parameters to Add a Monitor
Update the GigaSMART parameters to include the NetFlow Monitor, as follows:
(config) # gsparams gsgroup grp netflow-monitor add mon1
Ex 3, Step 10: Configure Mapping Rules to Filter Packets
To add flow mapping rules to filter packets that are needed to run NetFlow, configure maps and associate the maps to the IP interface with tool port, as follows:
|
Step |
Description |
Command |
|||
|
Configure the first map. (This is a first level map.) |
(config) # map alias map1 (config map alias map1) # type firstLevel byRule (config map alias map1) # rule add pass macdst 00:00:00:00:00:00 00:00:00:00:00:00 (config map alias map1) # from 2/1/g1 (config map alias map1) # to vp1,2/1/g2,2/1/g3 (config map alias map1) # exit (config) # |
|||
|
Configure the second map. (This is a second level map.) |
(config) # map alias map2 (config map alias map2) # type secondLevel byRule (config map alias map2) # use gsop gsop_apf_netflow (config map alias map2) # gsrule add pass mac dst pos 1 value 00:00:00:00:00:00 00:00:00:00:00:00 (config map alias map2) # from vp1 (config map alias map2) # to 2/1/g7 (config map alias map2) # exit (config) # |
Example 4: NetFlow Generation Configuration
Starting in software version 4.3.01, NetFlow supports both first level and second level maps. In Example 4, there are three maps. One map is a first level map and the other two are second level maps. Two virtual ports are configured that direct traffic to the second level maps.
Two GigaSMART operations are configured. One gsop sends traffic to masking. The other gsop sends traffic to APF and then to NetFlow.
In the first level map, the traffic matching the rule is sent to two virtual ports. The same traffic is also sent to a tool port (11/1/g3).
In the first second level map, the traffic from the first virtual port, vp1, that matches the gsrule, is sent to masking and then to the tool port 11/1/g2.
In the next second level map, the traffic from the second virtual port, vp2, that matches the gsrule, is sent to NetFlow and then to the IP interface with tool port, 11/1/g4.
Ex 4, Step 1: Configure the Exporter
Configure one or more NetFlow Generation Exporter(s), as follows:
|
Step |
Description |
Command |
|||
|
Configure the first exporter. |
(config) # apps netflow exporter alias exp1 (config apps netflow exporter alias exp1) # format netflow version ipfix (config apps netflow exporter alias exp1) # destination ip4addr 10.50.22.25 (config apps netflow exporter alias exp1) # exit (config) # |
|||
|
Configure the second exporter. |
(config) # apps netflow exporter alias exp2 (config apps netflow exporter alias exp2) # format netflow version ipfix (config apps netflow exporter alias exp2) # destination ip4addr 10.40.21.12 (config apps netflow exporter alias exp2) # exit (config) # |
Ex 4, Step 2: Configure the Record
Configure a NetFlow Generation Record, as follows:
(config) # apps netflow record alias rec1
(config apps netflow record alias rec1) # netflow-version ipfix
(config apps netflow record alias rec1) # match add ipv4 source address
(config apps netflow record alias rec1) # match add ipv4 tos
(config apps netflow record alias rec1) # collect add ipv4 protocol
(config apps netflow record alias rec1) # collect add ipv4 source address
(config apps netflow record alias rec1) # collect add interface input physical
(config apps netflow record alias rec1) # exit
(config) #
Ex 4, Step 3: Configure the Monitor
Configure a NetFlow Generation Monitor and associate the NetFlow Generation Record to the specified NetFlow Generation Monitor, as follows:
(config) # apps netflow monitor alias mon1
(config apps netflow monitor alias mon1) # record add rec1
(config apps netflow monitor alias mon1) # cache timeout active 2
(config apps netflow monitor alias mon1) # cache timeout inactive 2
(config apps netflow monitor alias mon1) # exit
(config) #
Ex 4, Step 4: Configure the gsgroup
Configure GigaSMART groups and associate them with a GigaSMART engine port, as follows:
(config) # gsgroup alias grp1 port-list 11/3/e1
(config) # gsgroup alias grp2 port-list 11/3/e2
Ex 4, Step 5: Configure the Virtual Port
Configure virtual ports and associate them with the GigaSMART group, as follows:
(config) # vport alias vp1 gsgroup grp1
(config) # vport alias vp2 gsgroup grp2
Ex 4, Step 6: Configure the gsop
Define the GigaSMART operation to enable masking, as follows:
(config) # gsop alias gsop_mask_aa apf set masking protocol none offset 50 pattern aa length 100 port-list grp1
Define the GigaSMART operation to enable NetFlow, as follows:
(config) # gsop alias gsop_apf_netflow apf set flow-ops netflow port-list grp2
Ex 4, Step 7: Configure a Tool Port
Identify the collector port and associate the port with the IP interface alias. Configure the port as a tool port, where the NetFlow collector will be connected, as follows:
(config) # port 11/1/g2..g4 type tool
(config) # port 11/1/g2..g4 params admin enable
Ex 4, Step 8: Configure Exporter Associated to IP Interface Tool Port
Configure an IP interface with a tool port and associate the NetFlow Generation Exporter to the IP interface tool port, as follows:
(config) # ip interface alias test
(config ip interface alias test) # attach 11/1/g4
(config ip interface alias test) # ip address 10.115.9.6 /21
(config ip interface alias test) # gw 10.115.8.1
(config ip interface alias test) # mtu 9400
(config ip interface alias test) # gsgroup add grp2
(config ip interface alias test) # netflow-exporter add exp2
(config ip interface alias test) # exit
Ex 4, Step 9: Configure GigaSMART Parameters to Add a Monitor
Update the GigaSMART parameters to include the NetFlow Monitor, as follows:
(config) # gsparams gsgroup grp2 netflow-monitor add mon1
Ex 4, Step 10: Configure Mapping Rules to Filter Packets
To add flow mapping rules to filter packets that are needed to run NetFlow, configure maps and associate the maps to the IP interface tool ports, as follows:
|
Step |
Description |
Command |
||||||||||||
|
Configure the first map. (This is a first level map.) |
(config) # map alias map1 (config map alias map1) # type firstLevel byRule (config map alias map1) # rule add pass macdst 00:00:00:00:00:00 00:00:00:00:00:00 (config map alias map1) # from 11/1/g1 (config map alias map1) # to vp1,vp2,11/1/g3 (config map alias map1) # exit (config) # |
||||||||||||
|
Configure the second map. (This is a second level map.) |
(config) # map alias map2 (config map alias map2) # type secondLevel byRule (config map alias map2) # use gsop gsop_mask_aa (config map alias map2) # gsrule add pass mac dst pos 1 value 00:00:00:00:00:00 00:00:00:00:00:00 (config map alias map2) # from vp1 (config map alias map2) # to 11/1/g2 (config map alias map2) # exit (config) # |
||||||||||||
|
Configure the third map. (This is also a second level map.) |
(config) # map alias map3 (config map alias map3) # type secondLevel byRule (config map alias map3) # use gsop gsop_apf_netflow (config map alias map3) # gsrule add pass mac dst pos 1 value 00:00:00:00:00:00 00:00:00:00:00:00 (config map alias map3) # from vp2 (config map alias map3) # to 11/1/g4 (config map alias map3) # exit (config) # |
||||||||||||
|
Display the following statistics:
|
(config) # show apps netflow exporter stats (config) # show apps netflow monitor stats (config) # show ip interface stats |
NetFlow Generation Configuration Modification and Removal
There may be instances where a NetFlow Generation configuration may require alteration by modifying a NetFlow Generation Monitor Configuration or a NetFlow Generation Record Configuration. It may further require that the configuration be removed entirely. In such instances, refer to the following.
Modify a NetFlow Generation Monitor Configuration
This example shows the modification of a NetFlow Generation Monitor configuration.
| 1. | Unlink the monitor from gsparams. |
gsparams gsgroup <gsgroup> netflow-monitor delete
| 2. | Modify the monitor parameters. |
apps netflow monitor alias <monitor> record delete <record> <change monitor parameters>
| 3. | Re-add the record to the monitor. |
apps netflow monitor alias <monitor> record add <record>
| 4. | Re-add the monitor to gsparams for changes to take affect. |
gsparams gsgroup <gsgroup> netflow-monitor add <monitor>
Modify a NetFlow Generation Record Configuration
This example shows the modification of a NetFlow Generation Record configuration.
| 1. | Unlink the monitor from gsparams. |
gsparams gsgroup <gsgroup> netflow-monitor delete
| 2. | Modify the record bound to the monitor. |
apps netflow record alias <record> <change record parameters>
| 3. | Re-add the monitor to gsparams for changes in record to take affect. |
gsparams gsgroup <gsgroup> netflow-monitor add <monitor>
Remove a NetFlow Generation Configuration
Use the following commands to remove a NetFlow Generation Configuration:
gsparams gsgroup <gsgroup> netflow-monitor delete no map alias <map> no tunneled-port port <port> no apps netflow monitor alias <monitor> no apps netflow record alias <record> no apps netflow exporter alias <exporter>
V5 Fixed Record Template
NetFlow v5 records have a template of fixed fields that cannot be edited. The template contains Match/Key and Collect/Non-Key elements. It has an alias of predefined_netflow_v5_record.
To display the template, use the following CLI command:
(config) # show apps netflow record alias predefined_netflow_v5_record
MORE INFORMATION 
