SlideShare a Scribd company logo

How to configure flexible netflow export on cisco routers

Download as DOCX, PDF
IT Tech
IT Tech

This document provides instructions for configuring Flexible NetFlow export on Cisco routers to monitor network traffic. It explains the three key components needed: records (templates for the data), exporters (instructions for sending data), and monitors (assigning the tasks). Records define the data fields, exporters define where to send the data, and monitors combine records and exporters to assign the monitoring and exporting tasks. The document provides detailed configuration examples and commands for setting up each component to enable Flexible NetFlow export and network monitoring.

1 of 10
How to Configure Flexible NetFlow Export on Cisco Routers? Cisco’s Flexible NetFlow technology is a powerful but sometimes complicated way to customize your flow collection. Here are some tips how to configure Cisco routers for NetFlow export. It can take a little bit of time to understand and set up, but is well worth the effort. There are three basic objects that need to be understood in order to make sense of Flexible NetFlow:  Records  Exporters  Monitors The terms aren’t necessarily obvious in their meaning. One can think of a Cisco device as an inspection station, with packets going by from one interface to another. Inspectors examine the packets and produce reports to send outside. There may be multiple inspectors, each of whom might send a couple different reports to a couple different places depending on the kind of packets they see. In order for them to perform their tasks, a few things need to be defined:  The forms they fill out and send as the reports. The forms will have required fields and optional fields; if a given packet doesn’t have the information needed to fill out a required field that form doesn’t get filled out. The form fields have standardized names so that the end reader of the form knows exactly how to treat the contents.  An envelope format with standardized address labels to match to completed forms and send on their way, detailing everything needed
to deliver a form to a specific destination, as well as any special instructions.  A set of standing orders: Watch this set of packets (an interface). Fill out these forms. Send them in these envelopes. Such a form is called a Record, and constitutes a NetFlow 9 or IPFIX template. The envelope is anExporter, and gives the details of the host receiving NetFlow records. The set of standing orders describes a Monitor, a process on your router that collects and sends NetFlow records and templates. Below follows the process of assembling records, exporters, and monitors, and show the commands needed to enter them into your Cisco device running an IOS version in the 15 Family, IOS 12.4T, or IOS 12.2. As with previous NetFlow export configurations for Cisco routers, one of the following must be enabled on your router and on any monitored interfaces: Cisco Express Forwarding (CEF), distributed Express Forwarding (dCEF) or their IPv6 equivalents. RECORDS The Record is a description of a NetFlow 9 template. This template will be sent periodically to a collector (such as FlowTraq) so that it knows how to interpret the NetFlow datagrams that describe network sessions. There are two primary commands: match and collect. Match denotes a key, or mandatory, field; if there is not sufficient data in the session to fill it out, then that session is not recorded using that record. A common match field is IPv4 address; an IPv6 packet does not contain an IPv4 address, therefore the match fails and no record is generated. Collect denotes an optional, non-key, field such as VLAN. A space will be reserved for collect fields, but they will simply be left as ‘0’ if not present. Cisco provides a number of pre-defined records, however we outline the steps taken to define a custom record. Each of the command sets below is performed in global configuration mode.
Many of these items are specific to IPv4. This is due to the length specifications in the NetFlow datagram: a Record is specifying which data goes in which field, how long the field is and how to interpret it. IPv6 and IPv4 addresses, being such different lengths, must be dealt with differently, which requires separate forms. Internally, this data is broken down according to a logical tree structure — once a packet is identified as being IPv6, then all of the IPv4 fields will be blank. The configuration must therefore switch everything (protocol, masks, etc) to read out of the v6 tree.
You may wish to skip this step, and use one of the pre-defined templates (see the Monitor section below on how to do this), however, you are still required to define an Exporter. EXPORTER The Exporter is a description of a destination for flow records, which is the collector. At this stage we are not specifying what is being sent, instead we are just crafting the envelope. This also determines how often to send templates — 5 minutes in the configuration below, which will reduce bandwidth overhead slightly, but will result in a delay of 5 minutes after any reconfiguration. Official recommendations range from templates resends once a minute to resending twice an hour.
MONITOR The final stage is setting up the Monitor itself. Having already done the heavy definition work, this bit goes fast, in two parts. First, define the monitor: Remember that different Records for IPv4 and IPv6 traffic were created; each needs a separate Monitor: flow monitor main_monitor_v6 record ipv6_record exporter my_flow_collector cache timeout active 30 exit You may wish to use a pre-defined Flexible NetFlow “NetFlow IPv4/IPv6 original input” template instead, substitute an alternate record command: record netflow ipv4 original-input or
record netflow ipv6 original-input Finally, deploy the monitor by selecting the desired interface(s) and attaching it: interface InternalNetwork/0 ip flow monitor main_monitor input exit interface InternalNetwork/1 ip flow monitor main_monitor input exit … If your network carries both IPv4 and IPv6 traffic, you may need to apply a monitor to an IPv6 interface as well: interface InternalNetwork/1 ip flow monitor main_monitor input ipv6 flow monitor main_monitor_v6 input exit In most situations, you will be applying a monitor to each interface. In such a case, that “input” line will be sufficient — all bases are covered by monitoring each interface’s Ingress traffic. If you choose not to monitor all interfaces, you may need to add an output monitor as well so that both Ingress and Egress traffic are covered: interface InternalNetwork/1 ip flow monitor main_monitor input ip flow monitor main_monitor output exit FINISHING UP At this point the Cisco device is configured and exporting NetFlow. Depending on the configured timeouts, it could take some minutes for session traffic to start arriving and being processed. If traffic fails to arrive at your collector, there are a few things check: First, make sure that your NetFlow collector is listening on the correct port (UDP 2055 above) and that any firewalls in between (particularly on the host running the collector) allow the NetFlow packets to pass. Second, double-check the Exporter configuration and ensure the collector IP address listed is correct and routable. You can verify the flow of session records using a packet capture utility such as Wireshark or TCPdump.
Third, make sure the configuration includes all the data needed to store full network session records: typically, collectors require IP addresses, protocol, port numbers, and byte and packet counts. Finally, if none of the above troubleshooting methods worked, contact your vendor’s support. — This document applies to multiple versions of Cisco IOS, starting with the IOS Release 12.2 family. Wherever possible, devices are listed according to the latest release of IOS supported, organized according to version. This includes the following more recent versions in particular: Cisco IOS versions 15.3M and 15.3T, which is run by:  Cisco 800 Series Routers  Cisco 812G, Cisco 812G-CIFI  Cisco 819G  Cisco 819H, Cisco 819HG, Cisco 819HGW, Cisco 819HW  Cisco 861  Cisco 866VAE  Cisco 867VAE  Cisco 881, Cisco 881G, Cisco 881GW, Cisco 881SRST, Cisco 881W, Cisco 881WD, Cisco 881-CUBE  Cisco 886VA, Cisco 886VAG, Cisco 886VAJ,Cisco 886VA-W, Cisco 886-CUBE  Cisco 887VA, Cisco 887VAG, Cisco 887VAGW, Cisco 887VAMG, Cisco 887VA-M, Cisco 887VA-W, Cisco 887VA-WD, Cisco 887VAM-W, Cisco 887-CUBE  Cisco 888, Cisco 888E, Cisco 888EA, Cisco 888EG, Cisco 888SRST, Cisco 888-CUBE (Cisco 888EA is supported in Cisco IOS Release 15.2(2)T and later releases)  Cisco 891, Cisco 891F, Cisco 891FW-A, Cisco 891FW-E  Cisco 892, Cisco 892FSP, Cisco 892F-CUBE  Cisco 898EA
Cisco 1900 Series Integrated Services Routers  Cisco 1905  Cisco 1906C  Cisco 1921  Cisco 1941  Cisco 1941W Cisco 2900 Series Integrated Services Routers  Cisco 2901  Cisco 2911  Cisco 2921  Cisco 2951 Cisco 3900 Series Integrated Services Routers  Cisco 3925  Cisco 3925E  Cisco 3945  Cisco 3945E Cisco Connected Grid Router 2000 Series  Cisco Connected Grid Router 2010 Cisco Analog Voice Gateways  Cisco VG202XM  Cisco VG204XM Cisco High Density Analog Voice Gateways  Cisco VG350 High Density Voice over IP Analog Gateway Cisco IOS Version 15.3S, which is run by:  Cisco 7600 series routers  Cisco 7603-S
 Cisco 7604  Cisco 7606  Cisco 7606-S  Cisco 7609  Cisco 7609-S  Cisco 7613  Cisco ASR 901 router  Cisco ASR 901 10G router  Cisco ME 3600X switch  Cisco ME 3600X-24CX switch  Cisco ME 3800X switch  Cisco RSP720-10GE  Cisco Supervisor Engine 32, Supervisor Engine 720, Route Switch Processor 720 Cisco IOS Version 15.2S, which is run by:  Cisco ME 3600X switch (IOS Release 15.2(2)S)  Cisco ME 3600X 24CX (IOS Release 15.2(2)S1)  Cisco ME 3800X switch (IOS Release 15.2(2)S)  Cisco RSP720-10GE  Cisco Supervisor Engine 32, Supervisor Engine 720, Route Switch Processor 720  Cisco 7200 router (supported in Cisco IOS Release 15.2(4)S)  Cisco 7301 router (supported in Cisco IOS Release 15.2(4)S) Devices running Cisco IOS Version 15.2 M&T Devices running Cisco IOS version 15.1S Devices running Cisco IOS Version 15.0M Devices running Cisco IOS Version 15.0S
Cisco Catalyst 6500 Switches running Supervisor Engine 2T or Supervisor Engine 720 Devices running Cisco IOS Version 12.4T Reference Guide from http://www.flowtraq.com/corporate/blog/tech-thoughts/configuring-flexible- netflow-export-cisco-routers/ More about Networking and Cisco Hardware & Network you can read here… http://blog.router-switch.com/

Recommended

How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Nokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration GuideNokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration Guide
Abel Saduwa
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack Neutron
Michelle Holley
 
MPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связиMPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связи
SkillFactory
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Jose Liste
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the Datacenter
Robb Boyd
 
Hyperspace for Delta Lake
Hyperspace for Delta LakeHyperspace for Delta Lake
Hyperspace for Delta Lake
Databricks
 
Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD)
KHNOG
 

Recommended

How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Nokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration GuideNokia L3 VPN Configuration Guide
Nokia L3 VPN Configuration Guide
Abel Saduwa
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack Neutron
Michelle Holley
 
MPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связиMPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связи
SkillFactory
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Jose Liste
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the Datacenter
Robb Boyd
 
Hyperspace for Delta Lake
Hyperspace for Delta LakeHyperspace for Delta Lake
Hyperspace for Delta Lake
Databricks
 
Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD)
KHNOG
 
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
Igalia
 
Logging
LoggingLogging
Logging
Марія Русин
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsSegment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business Models
Cisco Service Provider
 
The Elastic ELK Stack
The Elastic ELK StackThe Elastic ELK Stack
The Elastic ELK Stack
enterprisesearchmeetup
 
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
Spark Summit
 
A 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANGA 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANG
Tail-f Systems
 
Calico routing modes_trans_by_duck_in_korean
Calico routing modes_trans_by_duck_in_koreanCalico routing modes_trans_by_duck_in_korean
Calico routing modes_trans_by_duck_in_korean
InfraEngineer
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
Cisco Canada
 
MPLS & BASIC LDP
MPLS & BASIC LDPMPLS & BASIC LDP
MPLS & BASIC LDP
Reza Farahani
 
Operational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudOperational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloud
Fernando Lopez Aguilar
 
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
Marcin Bielak
 
Social Analytics with MongoDB
Social Analytics with MongoDBSocial Analytics with MongoDB
Social Analytics with MongoDBPatrick Stokes
 
MPLS
MPLSMPLS
MPLS
Elyes Naouar
 
STUN protocol
STUN protocolSTUN protocol
STUN protocol
Giacomo Vacca
 
Logstash
LogstashLogstash
LogstashRajgourav Jain
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
APNIC
 
Doc6 mpls vpn-ppt
Doc6 mpls vpn-pptDoc6 mpls vpn-ppt
Doc6 mpls vpn-pptSwarup Kumar Mall
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Netgate
 
Apache NiFi Record Processing
Apache NiFi Record ProcessingApache NiFi Record Processing
Apache NiFi Record Processing
Bryan Bende
 
Iceberg: A modern table format for big data (Strata NY 2018)
Iceberg: A modern table format for big data (Strata NY 2018)Iceberg: A modern table format for big data (Strata NY 2018)
Iceberg: A modern table format for big data (Strata NY 2018)
Ryan Blue
 
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
IT Tech
 
5. mrtg in nagios1 0
5. mrtg in nagios1 05. mrtg in nagios1 0
5. mrtg in nagios1 0aqpjuan
 

More Related Content

What's hot

Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
Igalia
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsSegment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business Models
Cisco Service Provider
 
The Elastic ELK Stack
The Elastic ELK StackThe Elastic ELK Stack
The Elastic ELK Stack
enterprisesearchmeetup
 
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
Spark Summit
 
A 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANGA 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANG
Tail-f Systems
 
Calico routing modes_trans_by_duck_in_korean
Calico routing modes_trans_by_duck_in_koreanCalico routing modes_trans_by_duck_in_korean
Calico routing modes_trans_by_duck_in_korean
InfraEngineer
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
Cisco Canada
 
MPLS & BASIC LDP
MPLS & BASIC LDPMPLS & BASIC LDP
MPLS & BASIC LDP
Reza Farahani
 
Operational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudOperational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloud
Fernando Lopez Aguilar
 
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
Marcin Bielak
 
Social Analytics with MongoDB
Social Analytics with MongoDBSocial Analytics with MongoDB
Social Analytics with MongoDBPatrick Stokes
 
MPLS
MPLSMPLS
MPLS
Elyes Naouar
 
STUN protocol
STUN protocolSTUN protocol
STUN protocol
Giacomo Vacca
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
APNIC
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Netgate
 
Apache NiFi Record Processing
Apache NiFi Record ProcessingApache NiFi Record Processing
Apache NiFi Record Processing
Bryan Bende
 
Iceberg: A modern table format for big data (Strata NY 2018)
Iceberg: A modern table format for big data (Strata NY 2018)Iceberg: A modern table format for big data (Strata NY 2018)
Iceberg: A modern table format for big data (Strata NY 2018)
Ryan Blue
 

What's hot (20)

Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
Almacenamiento de objetos en Ceph y su API S3 (LibreCon 2017)
 
Logging
LoggingLogging
Logging
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsSegment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business Models
 
The Elastic ELK Stack
The Elastic ELK StackThe Elastic ELK Stack
The Elastic ELK Stack
 
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
Data Storage Tips for Optimal Spark Performance-(Vida Ha, Databricks)
 
A 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANGA 30-minute Introduction to NETCONF and YANG
A 30-minute Introduction to NETCONF and YANG
 
Calico routing modes_trans_by_duck_in_korean
Calico routing modes_trans_by_duck_in_koreanCalico routing modes_trans_by_duck_in_korean
Calico routing modes_trans_by_duck_in_korean
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
MPLS & BASIC LDP
MPLS & BASIC LDPMPLS & BASIC LDP
MPLS & BASIC LDP
 
Operational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudOperational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloud
 
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
IoT databases - review and challenges - IoT, Hardware & Robotics meetup - onl...
 
Social Analytics with MongoDB
Social Analytics with MongoDBSocial Analytics with MongoDB
Social Analytics with MongoDB
 
MPLS
MPLSMPLS
MPLS
 
STUN protocol
STUN protocolSTUN protocol
STUN protocol
 
Logstash
LogstashLogstash
Logstash
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
 
Doc6 mpls vpn-ppt
Doc6 mpls vpn-pptDoc6 mpls vpn-ppt
Doc6 mpls vpn-ppt
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
 
Apache NiFi Record Processing
Apache NiFi Record ProcessingApache NiFi Record Processing
Apache NiFi Record Processing
 
Iceberg: A modern table format for big data (Strata NY 2018)
Iceberg: A modern table format for big data (Strata NY 2018)Iceberg: A modern table format for big data (Strata NY 2018)
Iceberg: A modern table format for big data (Strata NY 2018)
 

Viewers also liked

BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
IT Tech
 
5. mrtg in nagios1 0
5. mrtg in nagios1 05. mrtg in nagios1 0
5. mrtg in nagios1 0aqpjuan
 
Network protocols
Network protocolsNetwork protocols
Network protocols
IT Tech
 
The feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 modelsThe feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 models
IT Tech
 
Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3
IT Tech
 
Ordering guide for cisco isr g2
Ordering guide for cisco isr g2Ordering guide for cisco isr g2
Ordering guide for cisco isr g2
IT Tech
 
How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?
Pankaj Rane
 
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardwareComputer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
Shripal Oswal
 
Nagios nrpe
Nagios nrpeNagios nrpe
Nagios nrpe
sharad chhetri
 
GTU PHP Project Training Guidelines
GTU PHP Project Training GuidelinesGTU PHP Project Training Guidelines
GTU PHP Project Training Guidelines
TOPS Technologies
 
Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...
IT Tech
 
Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowNetFlow Analyzer
 
Central management of network and call services
Central management of network and call servicesCentral management of network and call services
Central management of network and call services
Nazmul Hossain Rakib
 
Line cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switchesLine cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switches
IT Tech
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
Rafat Khandaker
 

Viewers also liked (17)

BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
 
5. mrtg in nagios1 0
5. mrtg in nagios1 05. mrtg in nagios1 0
5. mrtg in nagios1 0
 
Network protocols
Network protocolsNetwork protocols
Network protocols
 
The feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 modelsThe feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 models
 
Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3
 
Nagios
NagiosNagios
Nagios
 
Ordering guide for cisco isr g2
Ordering guide for cisco isr g2Ordering guide for cisco isr g2
Ordering guide for cisco isr g2
 
How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?
 
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardwareComputer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
 
Nagios nrpe
Nagios nrpeNagios nrpe
Nagios nrpe
 
GTU PHP Project Training Guidelines
GTU PHP Project Training GuidelinesGTU PHP Project Training Guidelines
GTU PHP Project Training Guidelines
 
Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...
 
Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlow
 
Central management of network and call services
Central management of network and call servicesCentral management of network and call services
Central management of network and call services
 
Line cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switchesLine cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switches
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
 
Netflow slides
Netflow slidesNetflow slides
Netflow slides
 

Similar to How to configure flexible netflow export on cisco routers

Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
PROIDEA
 
Analise NetFlow in Real Time
Analise NetFlow in Real TimeAnalise NetFlow in Real Time
Analise NetFlow in Real Time
Piotr Perzyna
 
NFA - Middle East Workshop
NFA - Middle East WorkshopNFA - Middle East Workshop
NFA - Middle East Workshop
ManageEngine, Zoho Corporation
 
Netflow
NetflowNetflow
Netflow
Sudha Ganapareddy
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat Defense
Cisco Canada
 
IWAN Lab Guide
IWAN Lab GuideIWAN Lab Guide
IWAN Lab Guide
jww330015
 
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux DeviceAdding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Samsung Open Source Group
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Open-NFP
 
Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?
OPNFV
 
Sdn dell lab report v2
Sdn dell lab report v2Sdn dell lab report v2
Sdn dell lab report v2
Oded Rotter
 
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
abdenour boussioud
 
Ccna 4 Chapter 3 V4.0 Answers
Ccna 4 Chapter 3 V4.0 AnswersCcna 4 Chapter 3 V4.0 Answers
Ccna 4 Chapter 3 V4.0 Answers
ccna4discovery
 
Internet Protocol Version 6 By Suvo 2002
Internet Protocol Version 6 By Suvo 2002Internet Protocol Version 6 By Suvo 2002
Internet Protocol Version 6 By Suvo 2002suvobgd
 
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under LinuxPractical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Samsung Open Source Group
 
Catalyst 3550 tutorial
Catalyst 3550 tutorialCatalyst 3550 tutorial
Catalyst 3550 tutorialPhani Kuamr
 
I pv6 mrtg_20111025
I pv6 mrtg_20111025I pv6 mrtg_20111025
I pv6 mrtg_20111025
itsuki810
 
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...
thesakshi12
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linaro
 

Similar to How to configure flexible netflow export on cisco routers (20)

Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
 
Analise NetFlow in Real Time
Analise NetFlow in Real TimeAnalise NetFlow in Real Time
Analise NetFlow in Real Time
 
NFA - Middle East Workshop
NFA - Middle East WorkshopNFA - Middle East Workshop
NFA - Middle East Workshop
 
Netflow
NetflowNetflow
Netflow
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
NetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat DefenseNetFlow Monitoring for Cyber Threat Defense
NetFlow Monitoring for Cyber Threat Defense
 
IWAN Lab Guide
IWAN Lab GuideIWAN Lab Guide
IWAN Lab Guide
 
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux DeviceAdding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
 
Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?
 
Sdn dell lab report v2
Sdn dell lab report v2Sdn dell lab report v2
Sdn dell lab report v2
 
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
Best practices for catalyst 4500 4000, 5500-5000, and 6500-6000 series switch...
 
Ccna 4 Chapter 3 V4.0 Answers
Ccna 4 Chapter 3 V4.0 AnswersCcna 4 Chapter 3 V4.0 Answers
Ccna 4 Chapter 3 V4.0 Answers
 
Internet Protocol Version 6 By Suvo 2002
Internet Protocol Version 6 By Suvo 2002Internet Protocol Version 6 By Suvo 2002
Internet Protocol Version 6 By Suvo 2002
 
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under LinuxPractical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux
 
Catalyst 3550 tutorial
Catalyst 3550 tutorialCatalyst 3550 tutorial
Catalyst 3550 tutorial
 
I pv6 mrtg_20111025
I pv6 mrtg_20111025I pv6 mrtg_20111025
I pv6 mrtg_20111025
 
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...
 
Data sheet c78-707001
Data sheet c78-707001Data sheet c78-707001
Data sheet c78-707001
 
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120
 

More from IT Tech

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setup
IT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guide
IT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
IT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
IT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
IT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
IT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
IT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
IT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
IT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
IT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
IT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
IT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
IT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
IT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
IT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
IT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
IT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
IT Tech
 

More from IT Tech (20)

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setup
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guide
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 

How to configure flexible netflow export on cisco routers

  • 1. How to Configure Flexible NetFlow Export on Cisco Routers? Cisco’s Flexible NetFlow technology is a powerful but sometimes complicated way to customize your flow collection. Here are some tips how to configure Cisco routers for NetFlow export. It can take a little bit of time to understand and set up, but is well worth the effort. There are three basic objects that need to be understood in order to make sense of Flexible NetFlow:  Records  Exporters  Monitors The terms aren’t necessarily obvious in their meaning. One can think of a Cisco device as an inspection station, with packets going by from one interface to another. Inspectors examine the packets and produce reports to send outside. There may be multiple inspectors, each of whom might send a couple different reports to a couple different places depending on the kind of packets they see. In order for them to perform their tasks, a few things need to be defined:  The forms they fill out and send as the reports. The forms will have required fields and optional fields; if a given packet doesn’t have the information needed to fill out a required field that form doesn’t get filled out. The form fields have standardized names so that the end reader of the form knows exactly how to treat the contents.  An envelope format with standardized address labels to match to completed forms and send on their way, detailing everything needed
  • 2. to deliver a form to a specific destination, as well as any special instructions.  A set of standing orders: Watch this set of packets (an interface). Fill out these forms. Send them in these envelopes. Such a form is called a Record, and constitutes a NetFlow 9 or IPFIX template. The envelope is anExporter, and gives the details of the host receiving NetFlow records. The set of standing orders describes a Monitor, a process on your router that collects and sends NetFlow records and templates. Below follows the process of assembling records, exporters, and monitors, and show the commands needed to enter them into your Cisco device running an IOS version in the 15 Family, IOS 12.4T, or IOS 12.2. As with previous NetFlow export configurations for Cisco routers, one of the following must be enabled on your router and on any monitored interfaces: Cisco Express Forwarding (CEF), distributed Express Forwarding (dCEF) or their IPv6 equivalents. RECORDS The Record is a description of a NetFlow 9 template. This template will be sent periodically to a collector (such as FlowTraq) so that it knows how to interpret the NetFlow datagrams that describe network sessions. There are two primary commands: match and collect. Match denotes a key, or mandatory, field; if there is not sufficient data in the session to fill it out, then that session is not recorded using that record. A common match field is IPv4 address; an IPv6 packet does not contain an IPv4 address, therefore the match fails and no record is generated. Collect denotes an optional, non-key, field such as VLAN. A space will be reserved for collect fields, but they will simply be left as ‘0’ if not present. Cisco provides a number of pre-defined records, however we outline the steps taken to define a custom record. Each of the command sets below is performed in global configuration mode.
  • 3. Many of these items are specific to IPv4. This is due to the length specifications in the NetFlow datagram: a Record is specifying which data goes in which field, how long the field is and how to interpret it. IPv6 and IPv4 addresses, being such different lengths, must be dealt with differently, which requires separate forms. Internally, this data is broken down according to a logical tree structure — once a packet is identified as being IPv6, then all of the IPv4 fields will be blank. The configuration must therefore switch everything (protocol, masks, etc) to read out of the v6 tree.
  • 4. You may wish to skip this step, and use one of the pre-defined templates (see the Monitor section below on how to do this), however, you are still required to define an Exporter. EXPORTER The Exporter is a description of a destination for flow records, which is the collector. At this stage we are not specifying what is being sent, instead we are just crafting the envelope. This also determines how often to send templates — 5 minutes in the configuration below, which will reduce bandwidth overhead slightly, but will result in a delay of 5 minutes after any reconfiguration. Official recommendations range from templates resends once a minute to resending twice an hour.
  • 5. MONITOR The final stage is setting up the Monitor itself. Having already done the heavy definition work, this bit goes fast, in two parts. First, define the monitor: Remember that different Records for IPv4 and IPv6 traffic were created; each needs a separate Monitor: flow monitor main_monitor_v6 record ipv6_record exporter my_flow_collector cache timeout active 30 exit You may wish to use a pre-defined Flexible NetFlow “NetFlow IPv4/IPv6 original input” template instead, substitute an alternate record command: record netflow ipv4 original-input or
  • 6. record netflow ipv6 original-input Finally, deploy the monitor by selecting the desired interface(s) and attaching it: interface InternalNetwork/0 ip flow monitor main_monitor input exit interface InternalNetwork/1 ip flow monitor main_monitor input exit … If your network carries both IPv4 and IPv6 traffic, you may need to apply a monitor to an IPv6 interface as well: interface InternalNetwork/1 ip flow monitor main_monitor input ipv6 flow monitor main_monitor_v6 input exit In most situations, you will be applying a monitor to each interface. In such a case, that “input” line will be sufficient — all bases are covered by monitoring each interface’s Ingress traffic. If you choose not to monitor all interfaces, you may need to add an output monitor as well so that both Ingress and Egress traffic are covered: interface InternalNetwork/1 ip flow monitor main_monitor input ip flow monitor main_monitor output exit FINISHING UP At this point the Cisco device is configured and exporting NetFlow. Depending on the configured timeouts, it could take some minutes for session traffic to start arriving and being processed. If traffic fails to arrive at your collector, there are a few things check: First, make sure that your NetFlow collector is listening on the correct port (UDP 2055 above) and that any firewalls in between (particularly on the host running the collector) allow the NetFlow packets to pass. Second, double-check the Exporter configuration and ensure the collector IP address listed is correct and routable. You can verify the flow of session records using a packet capture utility such as Wireshark or TCPdump.
  • 7. Third, make sure the configuration includes all the data needed to store full network session records: typically, collectors require IP addresses, protocol, port numbers, and byte and packet counts. Finally, if none of the above troubleshooting methods worked, contact your vendor’s support. — This document applies to multiple versions of Cisco IOS, starting with the IOS Release 12.2 family. Wherever possible, devices are listed according to the latest release of IOS supported, organized according to version. This includes the following more recent versions in particular: Cisco IOS versions 15.3M and 15.3T, which is run by:  Cisco 800 Series Routers  Cisco 812G, Cisco 812G-CIFI  Cisco 819G  Cisco 819H, Cisco 819HG, Cisco 819HGW, Cisco 819HW  Cisco 861  Cisco 866VAE  Cisco 867VAE  Cisco 881, Cisco 881G, Cisco 881GW, Cisco 881SRST, Cisco 881W, Cisco 881WD, Cisco 881-CUBE  Cisco 886VA, Cisco 886VAG, Cisco 886VAJ,Cisco 886VA-W, Cisco 886-CUBE  Cisco 887VA, Cisco 887VAG, Cisco 887VAGW, Cisco 887VAMG, Cisco 887VA-M, Cisco 887VA-W, Cisco 887VA-WD, Cisco 887VAM-W, Cisco 887-CUBE  Cisco 888, Cisco 888E, Cisco 888EA, Cisco 888EG, Cisco 888SRST, Cisco 888-CUBE (Cisco 888EA is supported in Cisco IOS Release 15.2(2)T and later releases)  Cisco 891, Cisco 891F, Cisco 891FW-A, Cisco 891FW-E  Cisco 892, Cisco 892FSP, Cisco 892F-CUBE  Cisco 898EA
  • 8. Cisco 1900 Series Integrated Services Routers  Cisco 1905  Cisco 1906C  Cisco 1921  Cisco 1941  Cisco 1941W Cisco 2900 Series Integrated Services Routers  Cisco 2901  Cisco 2911  Cisco 2921  Cisco 2951 Cisco 3900 Series Integrated Services Routers  Cisco 3925  Cisco 3925E  Cisco 3945  Cisco 3945E Cisco Connected Grid Router 2000 Series  Cisco Connected Grid Router 2010 Cisco Analog Voice Gateways  Cisco VG202XM  Cisco VG204XM Cisco High Density Analog Voice Gateways  Cisco VG350 High Density Voice over IP Analog Gateway Cisco IOS Version 15.3S, which is run by:  Cisco 7600 series routers  Cisco 7603-S
  • 9.  Cisco 7604  Cisco 7606  Cisco 7606-S  Cisco 7609  Cisco 7609-S  Cisco 7613  Cisco ASR 901 router  Cisco ASR 901 10G router  Cisco ME 3600X switch  Cisco ME 3600X-24CX switch  Cisco ME 3800X switch  Cisco RSP720-10GE  Cisco Supervisor Engine 32, Supervisor Engine 720, Route Switch Processor 720 Cisco IOS Version 15.2S, which is run by:  Cisco ME 3600X switch (IOS Release 15.2(2)S)  Cisco ME 3600X 24CX (IOS Release 15.2(2)S1)  Cisco ME 3800X switch (IOS Release 15.2(2)S)  Cisco RSP720-10GE  Cisco Supervisor Engine 32, Supervisor Engine 720, Route Switch Processor 720  Cisco 7200 router (supported in Cisco IOS Release 15.2(4)S)  Cisco 7301 router (supported in Cisco IOS Release 15.2(4)S) Devices running Cisco IOS Version 15.2 M&T Devices running Cisco IOS version 15.1S Devices running Cisco IOS Version 15.0M Devices running Cisco IOS Version 15.0S
  • 10. Cisco Catalyst 6500 Switches running Supervisor Engine 2T or Supervisor Engine 720 Devices running Cisco IOS Version 12.4T Reference Guide from http://www.flowtraq.com/corporate/blog/tech-thoughts/configuring-flexible- netflow-export-cisco-routers/ More about Networking and Cisco Hardware & Network you can read here… http://blog.router-switch.com/