This document provides instructions for configuring Flexible NetFlow export on Cisco routers to monitor network traffic. It explains the three key components needed: records (templates for the data), exporters (instructions for sending data), and monitors (assigning the tasks). Records define the data fields, exporters define where to send the data, and monitors combine records and exporters to assign the monitoring and exporting tasks. The document provides detailed configuration examples and commands for setting up each component to enable Flexible NetFlow export and network monitoring.
Service Function Chaining in Openstack NeutronMichelle Holley
Service Function Chaining (SFC) uses software-defined networking (SDN) capabilities to create a service chain of connected network services (such as L4-7 like firewalls,
network address translation [NAT], intrusion protection) and connect them in a virtual chain. This capability can be used by network operators to set up suites or catalogs
of connected services that enable the use of a single network connection for many services, with different characteristics.
networking-sfc is a service plugin of Openstack neutron. The talk will go over the architecture, implementation, use-cases and latest enhancements to networking-sfc (the APIs and implementation to support service function chaining in neutron).
About the speaker: Farhad Sunavala is currently a principal architect/engineer working on Network Virtualization, Cloud service, and SDN technologies at Huawei Technology USA. He has led several wireless projects in Huawei including virtual EPC, service function chaining, etc. Prior to Huawei, he worked 17 years at Cisco. Farhad received his MS in Electrical and Computer Engineering from University of New Hampshire. His expertise includes L2/L3/L4 networking, Network Virtualization, SDN, Cloud Computing, and
mobile wireless networks. He holds several patents in platforms, virtualization, wireless, service-chaining and cloud computing. Farhad was a core member of networking-sfc.
MPLS для чайников: основы технологии провайдеров и операторов связиSkillFactory
Вячеслав Васин – CCIE, инструктор Cisco, имеющий практический опыт реализации крупных MPLS-сетей – об особенностях технологии MPLS и о том, как эта технология используется в провайдерских сетях и операторах связи.
TechWiseTV Workshop: Segment Routing for the DatacenterRobb Boyd
(This was a Live Webinar on July 21, 2016 at 10:00 am Pacific Time / 1:00 pm Eastern Time)
Watch the Replay at: bit.ly/29Mw58Q
Catch the original TV episode or any other topics at www.techwisetv.com
Description:
Networks are moving toward simplification, increased operational efficiency, and programmability using technologies such as software-defined networking. Cisco continues to demonstrate innovation by introducing the concept of segment routing in the data center, making the network more intelligent and adaptive to the applications running on top of it. Segment routing delivers application-optimized network transport. Encoding the path information directly at the source (that is, either at the virtual switch or at the top of rack) and using per-app policies, segment routing puts control in the hands of the network operators by empowering them to create secure, adaptive, and optimal paths based on the requirements of the application itself.
Please join us in the session to learn how Cisco is helping organizations increase network efficiency by allocating resources on demand and optimizing the network to better support business-critical applications, all while preserving security.
Agenda
Topics to discuss include:
- Introducing segment routing
- Why the need for application-optimized transport
- Features and benefits of segment routing
- Differences between segment routing and MPLS transport
- Relevance of segment routing in the data center
- Use cases and applicability of segment routing
- Summary and conclusion
Hyperspace is a recently open-sourced (https://github.com/microsoft/hyperspace) indexing sub-system from Microsoft. The key idea behind Hyperspace is simple: Users specify the indexes they want to build. Hyperspace builds these indexes using Apache Spark, and maintains metadata in its write-ahead log that is stored in the data lake. At runtime, Hyperspace automatically selects the best index to use for a given query without requiring users to rewrite their queries. Since Hyperspace was introduced, one of the most popular asks from the Spark community was indexing support for Delta Lake. In this talk, we present our experiences in designing and implementing Hyperspace support for Delta Lake and how it can be used for accelerating queries over Delta tables. We will cover the necessary foundations behind Delta Lake’s transaction log design and how Hyperspace enables indexing support that seamlessly works with the former’s time travel queries.
Service Function Chaining in Openstack NeutronMichelle Holley
Service Function Chaining (SFC) uses software-defined networking (SDN) capabilities to create a service chain of connected network services (such as L4-7 like firewalls,
network address translation [NAT], intrusion protection) and connect them in a virtual chain. This capability can be used by network operators to set up suites or catalogs
of connected services that enable the use of a single network connection for many services, with different characteristics.
networking-sfc is a service plugin of Openstack neutron. The talk will go over the architecture, implementation, use-cases and latest enhancements to networking-sfc (the APIs and implementation to support service function chaining in neutron).
About the speaker: Farhad Sunavala is currently a principal architect/engineer working on Network Virtualization, Cloud service, and SDN technologies at Huawei Technology USA. He has led several wireless projects in Huawei including virtual EPC, service function chaining, etc. Prior to Huawei, he worked 17 years at Cisco. Farhad received his MS in Electrical and Computer Engineering from University of New Hampshire. His expertise includes L2/L3/L4 networking, Network Virtualization, SDN, Cloud Computing, and
mobile wireless networks. He holds several patents in platforms, virtualization, wireless, service-chaining and cloud computing. Farhad was a core member of networking-sfc.
MPLS для чайников: основы технологии провайдеров и операторов связиSkillFactory
Вячеслав Васин – CCIE, инструктор Cisco, имеющий практический опыт реализации крупных MPLS-сетей – об особенностях технологии MPLS и о том, как эта технология используется в провайдерских сетях и операторах связи.
TechWiseTV Workshop: Segment Routing for the DatacenterRobb Boyd
(This was a Live Webinar on July 21, 2016 at 10:00 am Pacific Time / 1:00 pm Eastern Time)
Watch the Replay at: bit.ly/29Mw58Q
Catch the original TV episode or any other topics at www.techwisetv.com
Description:
Networks are moving toward simplification, increased operational efficiency, and programmability using technologies such as software-defined networking. Cisco continues to demonstrate innovation by introducing the concept of segment routing in the data center, making the network more intelligent and adaptive to the applications running on top of it. Segment routing delivers application-optimized network transport. Encoding the path information directly at the source (that is, either at the virtual switch or at the top of rack) and using per-app policies, segment routing puts control in the hands of the network operators by empowering them to create secure, adaptive, and optimal paths based on the requirements of the application itself.
Please join us in the session to learn how Cisco is helping organizations increase network efficiency by allocating resources on demand and optimizing the network to better support business-critical applications, all while preserving security.
Agenda
Topics to discuss include:
- Introducing segment routing
- Why the need for application-optimized transport
- Features and benefits of segment routing
- Differences between segment routing and MPLS transport
- Relevance of segment routing in the data center
- Use cases and applicability of segment routing
- Summary and conclusion
Hyperspace is a recently open-sourced (https://github.com/microsoft/hyperspace) indexing sub-system from Microsoft. The key idea behind Hyperspace is simple: Users specify the indexes they want to build. Hyperspace builds these indexes using Apache Spark, and maintains metadata in its write-ahead log that is stored in the data lake. At runtime, Hyperspace automatically selects the best index to use for a given query without requiring users to rewrite their queries. Since Hyperspace was introduced, one of the most popular asks from the Spark community was indexing support for Delta Lake. In this talk, we present our experiences in designing and implementing Hyperspace support for Delta Lake and how it can be used for accelerating queries over Delta tables. We will cover the necessary foundations behind Delta Lake’s transaction log design and how Hyperspace enables indexing support that seamlessly works with the former’s time travel queries.
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)Igalia
By Javier Muñoz.
Se presentará Ceph como plataforma de almacenamiento escalable, los problemas que resuelve y los desafíos que se encuentran las empresas que la utilizan para ofrecer productos y servicios de almacenamiento en cloud similares a Amazon S3.
(c) LibreCon 2017
https://librecon.io/
Segment routing is a network technology focused on addressing the pain points of existing IP and Multiprotocol Label Switching (MPLS) networks in terms of simplicity, scale, and ease of operation. It’s a foundation for application engineered routing because it prepares the networks for new business models where applications can direct network behavior.
Segment routing seeks the right balance between distributed intelligence and centralized optimization and programming. It was built for the software-defined networking (SDN) era.
Segment routing enables enhanced packet forwarding behavior. It enables a network to transport unicast packets through a specific forwarding path, other than the normal shortest path that a packet usually takes. This capability benefits many use cases, and you can build those specific paths based on application requirements.
Segment routing uses the source routing paradigm. A node, usually a router but it can also be a switch, a trusted server, or a virtual forwarder running on a hypervisor, steers a packet through an ordered list of instructions, called segments. A segment can represent any instruction, topological or service-based. A segment can have a local semantic to a segment-routing node or global within a segment-routing network. Segment routing allows you to enforce a flow through any topological path and service chain while maintaining per-flow state only at the ingress node to the segment-routing network. To be aligned with modern IP networks, segment routing supports equal-cost multipath (ECMP) by design, and the forwarding within a segment-routing network uses all possible paths, when desired.
A 30-minute Introduction to NETCONF and YANGTail-f Systems
This is a live document that I use to present the state of NETCONF and YANG in various contexts. I use it to inform and get conversation going, not to provide complete and final documentation of NETCONF and YANG. I update this document almost monthly, mostly with regards to industry support and working group timelines, check back!
This slide contains basic concept about MPLS and LDP protocol, according to the latest version of Cisco books(SP and R&S) and i taught it at IRAN TIC company.
i will prepare MPLS_VPN and MPLS_QoS and MPLS_TE later.
Introduction to the cutting-edge end-user (software) development, RIA and semantic technologies to offer a next-generation end-user centred web application mashup platform through FIWARE WireCloud.
Iceberg: A modern table format for big data (Strata NY 2018)Ryan Blue
Hive tables are an integral part of the big data ecosystem, but the simple directory-based design that made them ubiquitous is increasingly problematic. Netflix uses tables backed by S3 that, like other object stores, don’t fit this directory-based model: listings are much slower, renames are not atomic, and results are eventually consistent. Even tables in HDFS are problematic at scale, and reliable query behavior requires readers to acquire locks and wait.
Owen O’Malley and Ryan Blue offer an overview of Iceberg, a new open source project that defines a new table layout addresses the challenges of current Hive tables, with properties specifically designed for cloud object stores, such as S3. Iceberg is an Apache-licensed open source project. It specifies the portable table format and standardizes many important features, including:
* All reads use snapshot isolation without locking.
* No directory listings are required for query planning.
* Files can be added, removed, or replaced atomically.
* Full schema evolution supports changes in the table over time.
* Partitioning evolution enables changes to the physical layout without breaking existing queries.
* Data files are stored as Avro, ORC, or Parquet.
* Support for Spark, Pig, and Presto.
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)Igalia
By Javier Muñoz.
Se presentará Ceph como plataforma de almacenamiento escalable, los problemas que resuelve y los desafíos que se encuentran las empresas que la utilizan para ofrecer productos y servicios de almacenamiento en cloud similares a Amazon S3.
(c) LibreCon 2017
https://librecon.io/
Segment routing is a network technology focused on addressing the pain points of existing IP and Multiprotocol Label Switching (MPLS) networks in terms of simplicity, scale, and ease of operation. It’s a foundation for application engineered routing because it prepares the networks for new business models where applications can direct network behavior.
Segment routing seeks the right balance between distributed intelligence and centralized optimization and programming. It was built for the software-defined networking (SDN) era.
Segment routing enables enhanced packet forwarding behavior. It enables a network to transport unicast packets through a specific forwarding path, other than the normal shortest path that a packet usually takes. This capability benefits many use cases, and you can build those specific paths based on application requirements.
Segment routing uses the source routing paradigm. A node, usually a router but it can also be a switch, a trusted server, or a virtual forwarder running on a hypervisor, steers a packet through an ordered list of instructions, called segments. A segment can represent any instruction, topological or service-based. A segment can have a local semantic to a segment-routing node or global within a segment-routing network. Segment routing allows you to enforce a flow through any topological path and service chain while maintaining per-flow state only at the ingress node to the segment-routing network. To be aligned with modern IP networks, segment routing supports equal-cost multipath (ECMP) by design, and the forwarding within a segment-routing network uses all possible paths, when desired.
A 30-minute Introduction to NETCONF and YANGTail-f Systems
This is a live document that I use to present the state of NETCONF and YANG in various contexts. I use it to inform and get conversation going, not to provide complete and final documentation of NETCONF and YANG. I update this document almost monthly, mostly with regards to industry support and working group timelines, check back!
This slide contains basic concept about MPLS and LDP protocol, according to the latest version of Cisco books(SP and R&S) and i taught it at IRAN TIC company.
i will prepare MPLS_VPN and MPLS_QoS and MPLS_TE later.
Introduction to the cutting-edge end-user (software) development, RIA and semantic technologies to offer a next-generation end-user centred web application mashup platform through FIWARE WireCloud.
Iceberg: A modern table format for big data (Strata NY 2018)Ryan Blue
Hive tables are an integral part of the big data ecosystem, but the simple directory-based design that made them ubiquitous is increasingly problematic. Netflix uses tables backed by S3 that, like other object stores, don’t fit this directory-based model: listings are much slower, renames are not atomic, and results are eventually consistent. Even tables in HDFS are problematic at scale, and reliable query behavior requires readers to acquire locks and wait.
Owen O’Malley and Ryan Blue offer an overview of Iceberg, a new open source project that defines a new table layout addresses the challenges of current Hive tables, with properties specifically designed for cloud object stores, such as S3. Iceberg is an Apache-licensed open source project. It specifies the portable table format and standardizes many important features, including:
* All reads use snapshot isolation without locking.
* No directory listings are required for query planning.
* Files can be added, removed, or replaced atomically.
* Full schema evolution supports changes in the table over time.
* Partitioning evolution enables changes to the physical layout without breaking existing queries.
* Data files are stored as Avro, ORC, or Parquet.
* Support for Spark, Pig, and Presto.
Nagios is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes.
TOPS Technologies provides PHP training in Ahmedabad, for MCA Students PHP live project training as per GTU project guidelines. Get more info @ http://www.tops-int.com/, 903 Samedh Complex, Next to Associated Petrol Pump, CG Road, Ahmedabad 380009.
Make servers of web service, ftp service, VoIP video call service
Monitor & manage them centrally from a host in private connection or from remote connection.
The remote connection can be established through Secure Shell (SSH) connection which will connect to the servers through Router (or Routers).
Network Security and Visibility through NetFlowLancope, Inc.
With the rise of disruptive forces such as cloud computing and mobile technology, the enterprise network has become larger and more complex than ever before. Meanwhile, sophisticated cyber-attackers are taking advantage of the expanded attack surface to gain access to internal networks and steal sensitive data.
Perimeter security is no longer enough to keep threat actors out, and organizations need to be able to detect and mitigate threats operating inside the network. NetFlow, a context-rich and common source of network traffic metadata, can be utilized for heightened visibility to identify attackers and accelerate incident response.
Join Richard Laval to discuss the security applications of NetFlow using StealthWatch. This session will cover:
- An overview of NetFlow, what it is, how it works, and how it benefits security
- Design, deployment, and operational best practices for NetFlow security monitoring
- How to best utilize NetFlow and identity services for security telemetry
- How to investigate and identify threats using statistical analysis of NetFlow telemetry
NetFlow Monitoring for Cyber Threat DefenseCisco Canada
Recent trends have led to the erosion of the security perimeter and increasingly attackers are gaining operational footprints on the network interior. For more information, please visit our website: http://www.cisco.com/web/CA/index.html
Stacks and Layers: Integrating P4, C, OVS and OpenStackOpen-NFP
Smart Network Interface Cards (SmartNICs) are increasingly being deployed in cloud data centers to offload inline network processing tasks from server CPUs, thereby improving system throughput while freeing up server CPU cycles for application processing. The match/action and tunnel handling semantics of SmartNIC datapaths can be either expressed directly in the P4 language, be defined by virtual switching software like Open vSwitch (implementing the semantics of a specification like OpenFlow), or by using a combination of these. This presentation compares these approaches, considering aspects like the expressiveness and performance of the resulting datapath as well how these datapath variants can be integrated into existing cloud management systems (e.g. OpenStack).
Johann Tönsing
Chief Architect & SVP, Software, Netronome
Johann is a recognized industry expert in SDN, Linux-based networking technologies, network virtualization, security, and NFV. Johann has been an active contributing member and has been nominated to leadership roles in multiple standards bodies related to SDN and NFV. As Netronome’s Chief Architect, Johann leads all aspects of Netronome’s product design and development, with heavy emphasis on advanced and open server-based networking technologies where he also holds multiple patents. He holds a Masters of Engineering in Electronics.
Summit 16: How to Compose a New OPNFV Solution Stack?OPNFV
This session showcases how a new OPNFV solution stack (a.k.a. ""scenario"") is composed and stood up. We'll use a new solution stack framed around a new software forwarder (""VPP"") provided by the FD.io project as example for this session. The session discusses how an evolution/change of upstream components from OpenStack, OpenDaylight and FFD.io are put in place for the scenario, how installers and tests need to be evolved to allow for integration into OPNFV's continuous integration, deployment and test pipeline.
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...thesakshi12
Best PROJECT TRAININg In CCNA from CMC faridabad. for details Call @ 9212508525 or send your resume at pt@cmcfaridabad.com ISP Of branch office to headoffice Network Project of CCNA
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linaro
"Session ID: BUD17-120
Session Name: Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Speaker: Stefan Schmidt
Track: LITE
★ Session Summary ★
Adding support for IEEE 802.15.4 and 6LoWPAN to an embedded Linux system opens up new possibilities to communicate with tiny devices. The mainline kernel
supports the wireless protocols to connect such devices to the internet, acting
as border router for such networks.
This talk will show the current kernel support, how to enable and configure the
subsystems to use it and how to communicate between Linux and IoT operating
systems like RIOT, Contiki or Zephyr.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-120/
Presentation: https://www.slideshare.net/linaroorg/linuxwpan-ieee-802154-and-6lowpan-in-the-linux-kernel-bud17120
Video: https://youtu.be/6YNeF2H2i-U
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
Keyword: linux-wpan, kernel, IEEE, Stefan Schmidt
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
Similar to How to configure flexible netflow export on cisco routers (20)
The Cisco IP Phone 8800 Key Expansion Module adds extra programmable buttons to the phone. The programmable buttons can be set up as phone speed-dial buttons, or phone feature buttons.
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
The Cisco Catalyst 9200 Series switches are Cisco’s latest addition to the fixed enterprise switching access platform, and are built for security, resiliency, and programmability.
The 900 ISRs offer easy management and pro-visioning capabilities through Cisco Configuration Professional Express, Cisco DNA Center, and Cisco IOS Software, with full visibility into and control of network configurations and applications.
Hpe pro liant gen9 to gen10 server transition guideIT Tech
HPE ProLiant Gen10 servers offer a secure, high-performing, and highly affordable platform to run Big Data workloads and the most demanding applications.
They provide a complete infrastructure that supports both your business objectives and your business growth.
Cisco ISR 4461 is the newest number of Cisco 4000 Family Integrated Services Router. Now the Cisco 4000 Family contains the following platforms: the 4461 ISR, 4451 ISR, 4431 ISR, 4351 ISR, 4331 ISR, 4321 ISR and 4221 ISR.
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
Cisco unveils new 400 Gigabit Ethernet (400G) switches.
Meeting modern data center network challenges demands high scale and high bandwidth. Large cloud and data center customers require a flexible, reliable solution that efficiently manages, troubleshoots and analyzes their IT infrastructure. They need security, automation, visibility, analytics and assurance. Yes, the new Cisco Nexus 400G Switches can help large cloud and data center customers stay ahead of these demands.
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
Cisco ISR 1000 offers a branch-in-a-box solution with various types of uplink connectivity, multiple Power over Ethernet (PoE) and PoE+ capable Gigabit-Ethernet ports, and built-in Cisco Mobility Express Solution for WLAN access and SD-WAN capability.
Aruba’s modern, programmable switches easily integrate with our industry leading network management solutions, either cloud-based Aruba Central or on premise Aruba AirWave.
Cisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various automation mechanisms are outlined here.
Cisco's wireless solutions can be broadly classified into Standalone systems that operate Cisco Aironet Access Points individually and Controller-based systems that centrally manage multiple Cisco Aironet Access Points using a Cisco Wireless Controller. Multiple expansion modes are also supported in Controller-based systems.
Four reasons to consider the all in-one isr 1000IT Tech
For SMBs, Cisco’s 1000 Series Integrated Services Routers (ISR 1000) provides an affordable solution for switching, routing, and wireless all in one device.
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
What is the Difference between Yellow and White Labeled Ports on a Nexus 2300 Series FEX?
The Cisco Nexus 2300 platform provides two types of ports: ports for end-host attachment (host interfaces) and uplink ports (fabric interfaces). Both yellow and white colored fabric interfaces can be used to provide connectivity to the upstream parent Cisco Nexus switch. There is no difference between yellow labeled and white labeled uplink ports.
The Cisco 892F ISRs have an SFP port that supports auto-media-detection, auto-failover, and remote fault indication (RFI), as described in the IEEE 802.3ah specification.
The Nexus 7000 Series switches form the core data center networking fabric. There are multiple chassis options from the Nexus 7000 and Nexus 7700 product family. The Nexus 7000 and the Nexus 7700 switches offer a comprehensive set of features for the data center network.
How to configure flexible netflow export on cisco routers
1. How to Configure Flexible NetFlow Export on Cisco Routers?
Cisco’s Flexible NetFlow technology is a powerful but sometimes
complicated way to customize your flow collection. Here are some tips how to
configure Cisco routers for NetFlow export. It can take a little bit of time to
understand and set up, but is well worth the effort.
There are three basic objects that need to be understood in order to make
sense of Flexible NetFlow:
Records
Exporters
Monitors
The terms aren’t necessarily obvious in their meaning. One can think of a
Cisco device as an inspection station, with packets going by from one
interface to another. Inspectors examine the packets and produce reports to
send outside. There may be multiple inspectors, each of whom might send a
couple different reports to a couple different places depending on the kind of
packets they see. In order for them to perform their tasks, a few things need
to be defined:
The forms they fill out and send as the reports. The forms will
have required fields and optional fields; if a given packet doesn’t have
the information needed to fill out a required field that form doesn’t get
filled out. The form fields have standardized names so that the end
reader of the form knows exactly how to treat the contents.
An envelope format with standardized address labels to match
to completed forms and send on their way, detailing everything needed
2. to deliver a form to a specific destination, as well as any special
instructions.
A set of standing orders: Watch this set of packets (an interface).
Fill out these forms. Send them in these envelopes.
Such a form is called a Record, and constitutes a NetFlow 9 or IPFIX
template. The envelope is anExporter, and gives the details of the host
receiving NetFlow records. The set of standing orders describes a Monitor, a
process on your router that collects and sends NetFlow records and templates.
Below follows the process of assembling records, exporters, and monitors,
and show the commands needed to enter them into your Cisco device
running an IOS version in the 15 Family, IOS 12.4T, or IOS 12.2. As
with previous NetFlow export configurations for Cisco routers, one of the
following must be enabled on your router and on any monitored interfaces:
Cisco Express Forwarding (CEF), distributed Express Forwarding (dCEF) or
their IPv6 equivalents.
RECORDS
The Record is a description of a NetFlow 9 template. This template will be
sent periodically to a collector (such as FlowTraq) so that it knows how to
interpret the NetFlow datagrams that describe network sessions. There are
two primary commands: match and collect. Match denotes a key, or
mandatory, field; if there is not sufficient data in the session to fill it out, then
that session is not recorded using that record. A common match field is IPv4
address; an IPv6 packet does not contain an IPv4 address, therefore the
match fails and no record is generated. Collect denotes an optional, non-key,
field such as VLAN. A space will be reserved for collect fields, but they will
simply be left as ‘0’ if not present.
Cisco provides a number of pre-defined records, however we outline the steps
taken to define a custom record. Each of the command sets below is
performed in global configuration mode.
3. Many of these items are specific to IPv4. This is due to the length
specifications in the NetFlow datagram: a Record is specifying which data
goes in which field, how long the field is and how to interpret it. IPv6 and
IPv4 addresses, being such different lengths, must be dealt with differently,
which requires separate forms. Internally, this data is broken down according
to a logical tree structure — once a packet is identified as being IPv6, then all
of the IPv4 fields will be blank. The configuration must therefore switch
everything (protocol, masks, etc) to read out of the v6 tree.
4. You may wish to skip this step, and use one of the pre-defined templates (see
the Monitor section below on how to do this), however, you are still required
to define an Exporter.
EXPORTER
The Exporter is a description of a destination for flow records, which is the
collector. At this stage we are not specifying what is being sent, instead we
are just crafting the envelope. This also determines how often to send
templates — 5 minutes in the configuration below, which will reduce
bandwidth overhead slightly, but will result in a delay of 5 minutes after any
reconfiguration. Official recommendations range from templates resends once
a minute to resending twice an hour.
5. MONITOR
The final stage is setting up the Monitor itself. Having already done the heavy
definition work, this bit goes fast, in two parts. First, define the monitor:
Remember that different Records for IPv4 and IPv6 traffic were created; each
needs a separate Monitor:
flow monitor main_monitor_v6
record ipv6_record
exporter my_flow_collector
cache timeout active 30
exit
You may wish to use a pre-defined Flexible NetFlow “NetFlow IPv4/IPv6
original input” template instead, substitute an alternate record command:
record netflow ipv4 original-input
or
6. record netflow ipv6 original-input
Finally, deploy the monitor by selecting the desired interface(s) and attaching
it:
interface InternalNetwork/0
ip flow monitor main_monitor input
exit
interface InternalNetwork/1
ip flow monitor main_monitor input
exit
…
If your network carries both IPv4 and IPv6 traffic, you may need to apply a
monitor to an IPv6 interface as well:
interface InternalNetwork/1
ip flow monitor main_monitor input
ipv6 flow monitor main_monitor_v6 input
exit
In most situations, you will be applying a monitor to each interface. In such a
case, that “input” line will be sufficient — all bases are covered by monitoring
each interface’s Ingress traffic. If you choose not to monitor all interfaces,
you may need to add an output monitor as well so that both Ingress and
Egress traffic are covered:
interface InternalNetwork/1
ip flow monitor main_monitor input
ip flow monitor main_monitor output
exit
FINISHING UP
At this point the Cisco device is configured and exporting NetFlow. Depending
on the configured timeouts, it could take some minutes for session traffic to
start arriving and being processed. If traffic fails to arrive at your collector,
there are a few things check:
First, make sure that your NetFlow collector is listening on the correct port
(UDP 2055 above) and that any firewalls in between (particularly on the host
running the collector) allow the NetFlow packets to pass.
Second, double-check the Exporter configuration and ensure the collector IP
address listed is correct and routable. You can verify the flow of session
records using a packet capture utility such as Wireshark or TCPdump.
7. Third, make sure the configuration includes all the data needed to store full
network session records: typically, collectors require IP addresses, protocol,
port numbers, and byte and packet counts.
Finally, if none of the above troubleshooting methods worked, contact your
vendor’s support.
—
This document applies to multiple versions of Cisco IOS, starting with the IOS
Release 12.2 family. Wherever possible, devices are listed according to the
latest release of IOS supported, organized according to version. This includes
the following more recent versions in particular:
Cisco IOS versions 15.3M and 15.3T, which is run by:
Cisco 800 Series Routers
Cisco 812G, Cisco 812G-CIFI
Cisco 819G
Cisco 819H, Cisco 819HG, Cisco 819HGW, Cisco 819HW
Cisco 861
Cisco 866VAE
Cisco 867VAE
Cisco 881, Cisco 881G, Cisco 881GW, Cisco 881SRST, Cisco
881W, Cisco 881WD, Cisco 881-CUBE
Cisco 886VA, Cisco 886VAG, Cisco 886VAJ,Cisco 886VA-W,
Cisco 886-CUBE
Cisco 887VA, Cisco 887VAG, Cisco 887VAGW, Cisco 887VAMG,
Cisco 887VA-M, Cisco 887VA-W, Cisco 887VA-WD, Cisco
887VAM-W, Cisco 887-CUBE
Cisco 888, Cisco 888E, Cisco 888EA, Cisco 888EG, Cisco
888SRST, Cisco 888-CUBE
(Cisco 888EA is supported in Cisco IOS Release 15.2(2)T and
later releases)
Cisco 891, Cisco 891F, Cisco 891FW-A, Cisco 891FW-E
Cisco 892, Cisco 892FSP, Cisco 892F-CUBE
Cisco 898EA
8. Cisco 1900 Series Integrated Services Routers
Cisco 1905
Cisco 1906C
Cisco 1921
Cisco 1941
Cisco 1941W
Cisco 2900 Series Integrated Services Routers
Cisco 2901
Cisco 2911
Cisco 2921
Cisco 2951
Cisco 3900 Series Integrated Services Routers
Cisco 3925
Cisco 3925E
Cisco 3945
Cisco 3945E
Cisco Connected Grid Router 2000 Series
Cisco Connected Grid Router 2010
Cisco Analog Voice Gateways
Cisco VG202XM
Cisco VG204XM
Cisco High Density Analog Voice Gateways
Cisco VG350 High Density Voice over IP Analog Gateway
Cisco IOS Version 15.3S, which is run by:
Cisco 7600 series routers
Cisco 7603-S
9. Cisco 7604
Cisco 7606
Cisco 7606-S
Cisco 7609
Cisco 7609-S
Cisco 7613
Cisco ASR 901 router
Cisco ASR 901 10G router
Cisco ME 3600X switch
Cisco ME 3600X-24CX switch
Cisco ME 3800X switch
Cisco RSP720-10GE
Cisco Supervisor Engine 32, Supervisor Engine 720, Route
Switch Processor 720
Cisco IOS Version 15.2S, which is run by:
Cisco ME 3600X switch (IOS Release 15.2(2)S)
Cisco ME 3600X 24CX (IOS Release 15.2(2)S1)
Cisco ME 3800X switch (IOS Release 15.2(2)S)
Cisco RSP720-10GE
Cisco Supervisor Engine 32, Supervisor Engine 720, Route Switch
Processor 720
Cisco 7200 router (supported in Cisco IOS Release 15.2(4)S)
Cisco 7301 router (supported in Cisco IOS Release 15.2(4)S)
Devices running Cisco IOS Version 15.2 M&T
Devices running Cisco IOS version 15.1S
Devices running Cisco IOS Version 15.0M
Devices running Cisco IOS Version 15.0S
10. Cisco Catalyst 6500 Switches running Supervisor Engine 2T or Supervisor
Engine 720
Devices running Cisco IOS Version 12.4T
Reference Guide from
http://www.flowtraq.com/corporate/blog/tech-thoughts/configuring-flexible-
netflow-export-cisco-routers/
More about Networking and Cisco Hardware & Network you can read here…
http://blog.router-switch.com/