Guest

Cisco IOS Software Releases 12.0 S

Output Sampled NetFlow

  • Viewing Options

  • PDF (252.9 KB)
  • Feedback
Output Sampled NetFlow

Table Of Contents

Output Sampled NetFlow

Contents

Prerequisites for Output Sampled Netflow

Restrictions for Output Sampled Netflow

Information About Output Sampled Netflow

Output Sampled NetFlow

NetFlow Configuration

How to Configure Output Sampled NetFlow

Configure Output Sampled NetFlow on an Interface

Display NetFlow Cache Information

Configuration Example for Output Sampled NetFlow

Output Sampled NetFlow Configuration Example

Displaying NetFlow Cache Information Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

ip route-cache flow


Output Sampled NetFlow


The Output Sampled NetFlow feature collects NetFlow statistics for outgoing IPv4 traffic on Cisco 12000 Series IP Service Engine (ISE) line cards.

Feature History for Output Sampled NetFlow

Feature History
 
Release
Modification

12.0(24)S

This feature was introduced.

12.0(26)S

The feature was enhanced to report the input interface field in a flow as the lowest interface on the ingress line card from which the flow arrives.

Support for the Cisco 12000 Series 4-Port Gigabit Ethernet ISE line card was added.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for Output Sampled Netflow

Restrictions for Output Sampled Netflow

Information About Output Sampled Netflow

How to Configure Output Sampled NetFlow

Configuration Example for Output Sampled NetFlow

Additional References

Command Reference

Prerequisites for Output Sampled Netflow

If you are aggregating NetFlow data, you should have aggregation schemes configured.

If you are exporting NetFlow data, you will need a NetFlow collector and analyzer capable of collecting NetFlow export packets in Version 5, 8, or 9 format.

Table 1 lists the Cisco 12000 series line cards that support output sampled NetFlow.

Table 1 Cisco 12000 Series Line Cards Support for Output Sampled NetFlow

Type
Line Card

Packet Over Sonet (POS)

4-Port OC-12 POS ISE
1-Port OC-48 POS ISE
4-Port OC-3 POS ISE
8-Port OC-3 POS ISE
16-Port OC-3 POS ISE

Channelized Interfaces

1-Port CHOC-48 ISE
4-Port CHOC-12 ISE

Ethernet

4-Port GE ISE


Restrictions for Output Sampled Netflow

In Cisco IOS Release 12.0(24)S, output sampled NetFlow is implemented only on Cisco 12000 Series IP Service Engine (ISE) line cards.

In Cisco IOS Release 12.0(24)S, the feature reports the input interface field as "NULL" in all flow records.

However, starting in Cisco IOS Release 12.0(26)S, the input interface field in a flow is reported as the lowest interface on the ingress line card from which the flow arrives.

Information About Output Sampled Netflow

To configure and use the Output Sampled Netflow feature, you must understand the following concepts:

Output Sampled NetFlow

NetFlow Configuration

Output Sampled NetFlow

Configuring sampled NetFlow on an interface allows you to collect NetFlow statistics for a subset of incoming (ingress) IPv4 traffic on the interface, selecting only one out of "N" sequential packets, where "N" is a configurable parameter. Configuring output sampled NetFlow on an interface allows you to collect NetFlow statistics for a subset of outgoing (egress) IPv4 traffic on the interface. This outgoing IPv4 traffic can arrive at the router as either MPLS or IPv4; however, the feature will collect NetFlow statistics only on IPv4 traffic leaving the interface.

Output sampled NetFlow uses the output interface as a key flow field instead of the input interface. The feature reports the input interface flow field as:

NULL, starting in Cisco IOS Release 12.0(24)S

The lowest interface on the ingress line card from which a flow arrives, starting in Cisco IOS Release 12.0(26)S. For example, if the input subinterface of flow traffic is POS2/1.10, output sampled NetFlow reports the input subinterface as POS2/0.

For more information on existing NetFlow features, see the "Related Documents" section.

NetFlow Configuration

Output sampled NetFlow shares configuration of the packet sampling interval, export, and aggregation settings with input sampled NetFlow. For example, the packet sampling interval setting applies globally to both input and output sampled NetFlow.

For more information on configuring the packet sampling interval, export, and aggregation see the "Related Documents" section.

How to Configure Output Sampled NetFlow

This section provides the procedure for configuring output sampled NetFlow on an ISE line card.

Configure Output Sampled NetFlow on an Interface

SUMMARY STEPS

1. enable

2. configure {terminal | memory | network}

3. interface type slot/port

4. ip route-cache flow [sampled [{input | output}]]

5. Repeat steps 3 and 4 for each interface.

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure {terminal | memory | network}

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type slot/port

Example:

Router(config)# interface pos 3/0

Specifies an interface and enters interface configuration mode.

Step 4 

ip route-cache flow [sampled [{input | output}]]

Example:

Router(config-if)# ip route-cache flow sampled output

Enables NetFlow data collection on the interface:

The sampled keyword enables NetFlow data collection in sampled mode on the interface.

The input keyword (default) enables NetFlow data collection for incoming (ingress) traffic on the interface.

The output keyword enables NetFlow data collection for outgoing (egress) traffic on the interface.

This example enables output sampled NetFlow on the interface.

Step 5 

Repeat Steps 3 and 4 for each interface where you want to enable NetFlow accounting.

Step 6 

exit

Example:

Router(config-if)# exit

Exits the current mode.

Step 7 

exit

Example:

Router(config)# exit

Exits the current mode.

Display NetFlow Cache Information

Perform this task to display output sampled NetFlow cache information.

SUMMARY STEPS

1. enable

2. attach slot-number

3. show ip cache verbose flow

4. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

attach slot-number

Example:

Router# attach 3

Accesses the Cisco IOS software image on a line card.

The slot-number argument is the slot number of the line card.

Step 3 

show ip cache [verbose] flow

Example:

LC-Slot3# show ip cache verbose flow

Displays input and output IP flow records in the NetFlow cache.

Use the verbose keyword to display flow records in the NetFlow cache in detailed format.

Step 4 

exit

Example:

LC-Slot3# exit

Exits to privileged EXEC mode.

Configuration Example for Output Sampled NetFlow

This section provides the following configuration examples:

Output Sampled NetFlow Configuration Example

Displaying NetFlow Cache Information Example

Output Sampled NetFlow Configuration Example

The following example enables output sampled NetFlow on interface POS 3/0. This example also includes a configuration of NetFlow export, NetFlow sampling rate, and aggregation scheme.

interface POS3/0 
 ip route-cache flow sampled output 
!
ip flow-export version 5 origin-as 
ip flow-export destination 172.16.1.3 3000 
ip flow-export source Loopback0
ip flow-sampling-mode packet-interval 101 
ip flow-aggregation cache destination-prefix-tos 
 enabled

Displaying NetFlow Cache Information Example

The following output from the show ip cache verbose flow command in Cisco IOS Release 12.0(24)S shows the current content of the NetFlow cache with output flows that are indicated by a NULL value in the source (input) interface field.

Router> enable
Router# attach 3
LC-Slot3# show ip cache verbose flow
  ...             
  SrcIf        SrcIPaddress  DstIf        DstIPaddress  Pr TOS Flgs   Pkts
  Port Msk AS                Port Msk AS  NextHop       B/Pk   Active
  NULL         10.1.1.1      PO3/0        10.0.0.1      06 00  00      24K
  0100 /24 50                0200 /0  60  10.2.1.1      256    34.6

The next example shows sample output from the show ip cache verbose flow command in Cisco IOS Release 12.0(26)S and later releases for an output flow. In this example, the source (input) interface of the flow is POS2/1.10. However, the source interface field is displayed as PO2/0, the lowest interface on the ingress line card from which the flow arrives.

Router> enable
Router# attach 3
LC-Slot3# show ip cache verbose flow
  ...             
  SrcIf        SrcIPaddress  DstIf        DstIPaddress  Pr TOS Flgs   Pkts
  Port Msk AS                Port Msk AS  NextHop       B/Pk   Active
  PO2/0        10.1.1.1      PO3/0        10.0.0.1      06 00  00      24K
  0100 /24 50                0200 /0  60  10.2.1.1      256    34.6

Additional References

For additional information related to output sampled NetFlow, refer to the following references:

Related Documents

Related Topic
Document Title

Enabling Sampled NetFlow and customizing the sampling mode interval.

Sampled NetFlow, Release 12.0(11)S

NetFlow aggregation cache configuration

NetFlow ToS-Based Router Aggregation, Release 12.0(15)S

Configuring NetFlow multiple export destinations

NetFlow Multiple Export Destinations, Release 12.0(19)S

Enabling NetFlow switching and exporting NetFlow cache entries

Configuring NetFlow Switching" chapter in the Cisco IOS Switching Services Configuration Guide, Release 12.0

NetFlow commands

Cisco IOS Switching Services Command Reference, Release 12.0


Standards

Standards 1
Title

No new or modified MIBs are supported by this feature.

1 Not all supported standards are listed.


MIBs

MIBs 1
MIBs Link

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

1 Not all supported MIBs are listed.


To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco  MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco  MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

RFCs

RFCs 1
Title

No new or modified MIBs are supported by this feature.

1 Not all supported RFCs are listed.


Technical Assistance

Description
Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and lots more. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml


Command Reference

This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.

ip route-cache flow

To enable NetFlow data collection on an interface, use the ip route-cache flow command in interface configuration mode. To disable NetFlow switching, use the no form of this command.

ip route-cache flow [sampled [{input | output}]]

no ip route-cache flow

Syntax Description

sampled

(Optional) Enables NetFlow data collection in sampled mode on the interface.

input

(Optional) Enables NetFlow data collection for incoming (ingress) traffic on the interface.

output

(Optional) Enables NetFlow data collection for outgoing (egress) traffic on the interface.


Defaults

This command is not enabled by default.

If neither the input nor output keywords are specified in the command, NetFlow collects statistics for incoming traffic.

Command Modes

Interface configuration

Command History

Release
Modification

11.1

This command was introduced.

12.0(11)S

The sampled keyword was added.

12.0(24)S

The input and output keywords were added.


Usage Guidelines

You can enable input, output, or both input and output NetFlows on an interface at the same time.


Note NetFlow does consume additional memory and CPU resources on your router and line cards.


Examples

The following example shows output sampled NetFlow enabled on interface POS3/0.

interface POS3/0 
 ip route-cache flow sampled output 

Related Commands!

Command
Description

ip flow-export

Configures the exporting of information from the NetFlow cache.

ip flow-sampling-mode

Enables NetFlow in sampling mode.

ip flow-aggregation cache

Enables aggregation cache configuration mode.


Copyright © 2003 Cisco Systems, Inc. All rights reserved.