Guest

Cisco Nexus 7000 Series Switches

NetFlow on Nexus 7000 Series Switches using Nx-OS Configuration Example

Document ID: 112213

Updated: Dec 03, 2010

   Print

Introduction

This document provides an example of how to configure NetFlow on Cisco Nexus 7000 Series Switches using Nx-OS .

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Basic knowledge of NetFlow

  • Basic knowledge of the CLI configuration on Cisco Nexus 7000 Series Switches

Components Used

The information in this document is based on these software and hardware versions:

  • Nexus 7000 Series Switch that runs Nx-OS 4.2(1) software

  • Nx-OS software

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information

NetFlow technology efficiently provides accounting for various applications such as network traffic accounting, usage-based network billing, network planning, as well as Denial Services monitoring capabilities, network monitoring, outbound marketing, and data mining capabilities for both Service Provider and Enterprise customers. You can configure NetFlow with either Nx-OS or Cisco® IOS software. This document provides an example of how to configure the NetFlow with Nx-OS software. For more information on NetFlow technology, refer to the NetFlow Introduction.

NetFlow command line interface (CLI) configuration and verification commands are not available until you enable the NetFlow feature with the feature netflow command. A flexible architecture is used that consists of flow records, flow exports, and flow monitors.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Nx-OS Features

This list provides some of the features for Nx-OS software:

  • NetFlow CLI configuration and verification commands are available when you enable the NetFlow feature with the feature netflow command.

  • A flexible architecture is used that consist of flow records, flow exports, and flow monitors.

  • Nx-OS supports more key and non-key fields for creating flow records and can collect additional information such as TCP flags and system uptime.

  • Nx-OS provides more granular aging timers such as session timer and aggressive threshold.

  • Nx-OS supports the full and sampled flow modes.

  • Each line card module supports 512,000 NetFlow cache entries.

  • Layer 2 NetFlow based on MAC addresses is not supported at this time.

  • The default aging timer values are different than in Cisco IOS Software.

  • The NetFlow feature supports stateful process restarts.

  • NetFlow Versions 5 and 9 Export features are supported.

  • You must configure a source interface for each flow export.

  • Cisco Nx-OS defaults to User Datagram Protocol (UDP) port 9995 for NetFlow Data Export.

Configuration Guidelines

  • The removal of the feature netflow command also removes all relevant NetFlow configuration information.

  • NetFlow consumes hardware resources such as TCAM and CPU. Therefore, understanding the resource utilization on a device is important before you enable NetFlow.

  • Sampling mode preserves CPU and NetFlow cache entries in high-traffic environments.

  • You need to specify a traffic direction when a flow monitor is applied to an interface.

    • The active-aging flow timeout is 1800 seconds by default.

    • The inactive-aging flow timeout is 15 seconds by default.

    • The fast-aging flow timeout is disabled by default.

    • The aggressive-aging flow threshold is disabled by default.

    • TCP session aging is disabled by default.

Configurations

This document uses these configurations:

NetFlow Flow Record
Switch(Config)#flow record Netflow-Record-1
switch(config-flow-record)#description Custom-Flow-Record
switch(config-flow-record)#match ipv4 source address
switch(config-flow-record)#match ipv4 destination address
switch(config-flow-record)#match transport destination-port
switch(config-flow-record)#collect counter bytes
switch(config-flow-record)#collect counter packets 

NetFlow Flow Export
Switch(Config)#flow exporter Netflow-Exporter-1
Switch(Config-flow-exporter)#description Production-Netflow-Exporter
Switch(Config-flow-exporter)#destination 192.168.11.2
Switch(Config-flow-exporter)#source Ethernet2/2
Switch(Config-flow-exporter)#version 9 

NetFlow Monitor with a Custom Record
Switch(config)#flow monitor Netflow-Monitor-1
Switch(config-flow-monitor)#description Applied Inbound-Eth-2/1
Switch(config-flow-monitor)#record Netflow-Record-1
Switch(config-flow-monitor)#exporter Netflow-Exporter-1 

NetFlow Monitor with an Original Record
Switch(config)#flow monitor Netflow-Monitor-2
Switch(config-Netflow-Monitor)#description Use Predefined “Original-Netflow-Record”
Switch(config-Netflow-Monitor)#record netflow-original
Switch(config-Netflow-Monitor)#exporter Netflow-Exporter-1 

NetFlow Timer Adjustment
Switch(config)#flow timeout active 120
Switch(config)#flow timeout inactive 32
Switch(config)#flow timeout fast 32 threshold 100
Switch(config)#flow timeout session
Switch(config)#flow timeout aggressive threshold 75 

NetFlow Sampler Configuration
Switch(config)#sampler NF-Sampler-1
Switch(config-flow-sampler)#description Sampler-for-Int-Eth-2/1
Switch(config-flow-sampler)#mode 1 out-of 1000

!--- Applying a NetFlow Sampler to an Interface:

Switch(config)#interface Ethernet2/1
Switch(config-if)#ip flow monitor NF-Mntr-1 input sampler NF-Sampler-1 

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Dec 03, 2010
Document ID: 112213