Guest

Cisco Catalyst 2960-X Series Switches

Cisco Catalyst 2960-X NetFlow-Lite Solution Overview

  • Viewing Options

  • PDF (470.9 KB)
  • Feedback

Introduction

As networks become more complex and organizations enable more applications, traffic patterns become more diverse and unpredictable. Organizations require better visibility into network traffic in a manageable way. It is crucial for network operators to obtain information about where, why, when, how, and by whom specific applications are used and how the usage might affect the network. This information is vital to enhancing operational efficiency and optimizing operational costs. Cisco® NetFlow technology is one of the most scalable ways to provide this information throughout your network infrastructure. NetFlow-Lite introduces traffic visibility on the Cisco® Catalyst® 2960 Series Switches for the first time.

What Is NetFlow-Lite?

NetFlow-Lite on Cisco Catalyst 2960-X switches collects packets randomly, classifies them into flows, and measures flow statistics as they pass through the switch. It is a true flow-based traffic-monitoring mechanism that conserves valuable forwarding bandwidth when exporting flow-based data for analysis and reporting. This export data provides visibility into traffic that is switched through the Cisco Catalyst 2960X and Catalyst 2960XR Switches.

What Is NetFlow-Lite Used for?

NetFlow-Lite offers network administrators and engineers the following capabilities:

   Unprecedented visibility: NetFlow-Lite provides real-time information about traffic flows from endpoints such as PCs, phones, IP cameras, etc. You can use this information for traffic monitoring of Layer 2 and Layer 3 traffic as well as capacity planning.

   Network planning: You can use NetFlow-Lite to capture data over a long period of time so that customers can understand traffic patterns, top talkers, top applications, etc. This feature provides accurate data to track and anticipate network growth and plan upgrades.

   Simplified troubleshooting: You can use NetFlow-Lite flow-based analysis techniques to understand traffic patterns, which can help in proactively detecting problems, troubleshooting efficiently, and resolving problems quickly.

NetFlow-Lite Capabilities

NetFlow-Lite provides a granular packet-sampling mechanism that is adjustable up to 1:32 and available for all interfaces. The implication is that a subset of all packets passing through the Cisco Catalyst 2960X or Catalyst 2960XR will be selected for reporting. Figure 2 shows some of the data gathered by Cisco NetFlow-Lite.

Figure 1.      Output from Cisco NetFlow-Lite

NetFlow-Lite on the Cisco Catalyst 2960-X has the following capabilities:

   NetFlow-Lite is supported on all downlink and uplink ports.

   NetFlow-Lite is natively available with no additional hardware required.

   The sampling range is from 1:32 to 1:1022.

   The application measures 16,000 flows per switch.

   Physical ports and VLAN Interfaces (switched virtual interfaces [SVI]) are supported.

   NetFlow-Lite on the Cisco Catalyst 2960-X supports ingress flows only.

   Export using standards-based IP Information export (IPFIX) or Version 9 record format.

NetFlow-Lite Sampling Techniques

The sampling method of the traffic can be random or deterministic. Random sampling chooses one packet randomly out of a configured sample size, whereas deterministic sampling chooses the first packet out of a configured sample size. For example, for 1:32 sampling, deterministic mode would choose the 1st, 33rd, 65th, 97th, and so on packet coming into an interface, and random mode can choose the 5th, 39th, 72nd, 103rd, and so on packet coming into an interface. Random packet sampling is statistically more accurate than deterministic packet sampling.

Differences Between Flexible NetFlow-Lite, Flexible NetFlow, and sFlow

Table 1 illustrates the differences between NetFlow-Lite, Flexible NetFlow, and sFlow.

Table 1.       Differences Between NetFlow-Lite, Flexible NetFlow, and sFlow

 

NetFlow-lite

Flexible NetFlow

sFlow

Technology

Flow-based

Flow-based

Packet-based

Sampling

Sampling (1 in 32, configurable)

Every packet accounted for

Sampling (1 in hundreds to thousands*)

Export format

V9 and IPFIX

V5, V9 and IPFIX

sFlow v5

Ecosystem

NetFlow Collector

NetFlow Collector

sFlow Collector

Availability

Cisco Catalyst 2960-X and 4948E

Cisco Catalyst 3K, 4K, 6K

Cisco Routers Nexus 7K, 2K, 1KV

Nexus 3K

* Product support of sFlow may vary.

NetFlow-Lite Solution

The following steps illustrate NetFlow-Lite configuration on the Cisco Catalyst 2960-X Switches:

Step 1.   Configure a Flow Record, which defines the data collection. You can customize it for specific requirements. You can use the following example with most NetFlow collectors:

flow record v4
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect transport tcp flags
 collect interface input
 collect flow sampler
 collect counter bytes long
 collect counter packets long
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last

Step 2.   Configure a Flow Exporter, which defines where the collected data needs to be sent. Please refer to the NetFlow collector application user guides and manual for specific details such as port number, differentiated services code point (DSCP), and other options. The configuration follows:

flow exporter Replicator
 description Exporter to Cisco Prime 2.0
 destination 10.2.44.12
 source GigabitEthernet1/0/1
 dscp 16
 template data timeout 60
 option interface-table

Step 3.   Configure a Flow Monitor, which binds the flow record and exporter along with options to configure the flow cache:

flow monitor v4
 record v4
 exporter Replicator
 cache timeout active 30

Step 4.   Configure a Flow Sampler. Define the sampling technique and sample size. The configuration follows:

sampler v4
 mode random 1 out-of 32

Step 5.   Attach the Flow Monitor and Sampler to the interface:

interface GigabitEthernet1/0/1
 ip flow monitor v4 sampler v4 input

Cisco Prime and Partner NetFlow Collector Applications

Cisco Prime Infrastructure can collect flow data from all Cisco devices including NetFlow-Lite data from Cisco Catalyst 2960-X. It also uses an application visibility engine to determine well-known applications based on NetFlow collection (Figure 2).

Figure 2.      NetFlow Capture on Cisco Prime

Partner collector applications such as ActionPacked LiveAction, Plixer Scrutinizer, and others have been tested with NetFlow-Lite, as illustrated in Figure 3.

Figure 3.      NetFLow Capture with Partner Applications

NetFlow-Lite Partner Program

The Cisco Catalyst 2960-X has been tested with the leading NetFlow collector applications such as Cisco Prime, ActionPacked LiveAction, Plixer Scrutinizer, and many more. Customers can now order these applications with the $0 FnF SKUs on the Cisco Catalyst 2960-X price list.

For More Information

For more information about NetFlow-Lite on the Cisco Catalyst 2960-X, please visit http://www.cisco.com/go/2960x.

For information about NetFlow-Lite, please visit: http://www.cisco.com/go/2960x.