Border Gateway Protocol (BGP) is not merely a protocol—it’s the backbone of the...
5.1 Cisco NetFlow
Cisco XE #
The NetFlow infrastructure is based on the configuration and use of the following maps:
- Exporter Map
- Sampler Map
- Flow Monitor Map
1. Exporter Map. To configure the Exporter map, you need to define the destination (flow collector), the source interface, the port used for exporting, the version of NetFlow, and the timeout rates.
router(config)# flow exporter-map EM router(config-fem)# destination 10.1.1.5 router(config-fem)# source gi0/0 router(config-fem)# transport udp 2055 router(config-fem)# version v9 router(config-fem)# template data timeout 60 router(config-fem)# options interface-table timeout 60 router(config-fem)# exit
2. Sampler Map (defines the sample rate):
router(config)# sampler-map SM router(config-sm)# random 1 out-of 1000 router(config)# exit
3. Flow Monitor Map. The Flow Monitor map defines the cache timeout values and associates the
exporter map with this map.
router(config)# flow monitor-map FMM router(config-fmm)# record ipv4 router(config-fmm)# exporter EM router(config-fmm)# cache timeout active 60 router(config-fmm)# cache timeout inactive 60 router(config-fmm)# exit
4. Apply the maps to the interfaces.Now that you have your maps defined, you need to apply the
Flow Monitor and Sampler maps to each of the provider interfaces:
router(config)# interface Gi0/0 router(config-if)# flow ipv4 monitor FMM sampler SM egress router(config-if)# exit
Cisco XE #
flow exporter EXPORTER-1 destination 172.16.10.2 export-protocol netflow-v9 transport udp 2055 exit ! flow record v4_r1 match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port collect counter bytes long collect counter packets long ! flow monitor FLOW-MONITOR-1 record v4_r1 exporter EXPORTER-1 ! interface GigabitEthernet 0/0/0 ip address 172.16.6.2 255.255.255.0 ip flow monitor FLOW-MONITOR-1 input
Cisco IOS #
ip flow-export version 9 ip flow-export destination $NFA_IP 2055 interface $Interface_to_ISP1 ip flow ingress ip flow egress
jFlow-ipfix #
chassis {
fpc 0 {
sampling-instance nfa-instance;
}
}
interfaces {
xe-0/0/0 {
unit 0 {
family inet {
sampling {
input;
output;
}
}
}
}
}
forwarding-options {
sampling {
instance {
inst1 {
input {
rate 1024;
}
family inet {
output {
flow-server X.X.X.X {
port 2055;
version-ipfix {
template {
ipfix-templatev4;
}
}
}
inline-jflow {
source-address Y.Y.Y.Y;
}
}
}
}
}
}
}
services {
flow-monitoring {
version-ipfix {
template ipfix-templatev4 {
flow-active-timeout 60;
flow-inactive-timeout 60;
template-refresh-rate {
seconds 60;
}
ipv4-template;
}
}
}
}
X.X.X.X – IP address of NFA server
Y.Y.Y.Y – source IP address of flow packets (router IP address)
jFlow-v9 #
chassis {
fpc 0 {
sampling-instance nfa-instance;
}
}
interfaces {
xe-0/0/0 {
unit 0 {
family inet {
sampling {
input;
output;
}
}
}
}
}
forwarding-options {
sampling {
instance {
nfa-instance {
input {
rate 1024;
}
family inet {
output {
flow-server X.X.X.X {
port 2055;
version9 {
template {
v9-templatev4;
}
}
}
inline-jflow {
source-address Y.Y.Y.Y;
}
}
}
}
}
}
}
services {
flow-monitoring {
version9 {
template v9-templatev4 {
flow-active-timeout 60;
flow-inactive-timeout 60;
template-refresh-rate {
seconds 60;
}
ipv4-template;
}
}
}
}
X.X.X.X – IP address of NFA server
Y.Y.Y.Y – source IP address of flow packets (router IP address)
sFLOW-Arista #
! sflow run sflow source $SOURCE sflow destination $DESTINATION $PORT sflow polling-interval 10 sflow sample $SAMPLING-RATE !
By default the global enabled sflow will export the flow from all interfaces. To disable the flow export on specific interface the #no sflow enable# is used in interface config mode #(config-if)
Mikrotik #
ip traffic-flow set interfaces=$ISP cache-entries=1M enabled=yes active-flowtimeout=5 inactive-flow-timeout=60 ip traffic-flow target set dst-address=$NFA_IP port=2055 src-address=$ROUTER_IP version=9 v9-template-refresh=100 v9-template-timeout=300