Guest

Cisco IOS Software Releases 12.0 S

Output Aggregate NetFlow

  • Viewing Options

  • PDF (452.2 KB)
  • Feedback
Output Aggregate NetFlow

Table Of Contents

Output Aggregate NetFlow

Contents

Prerequisites for Output Aggregate NetFlow

Restrictions for Output Aggregate NetFlow

Information About Output Aggregate NetFlow

NetFlow Aggregation of Output Flows on ISE and Engine 5 Line Cards

NetFlow Cache Aggregation Schemes

Export Formats for NetFlow Aggregation Schemes

NetFlow Support on Cisco 12000 Series ISE an E5 Line Cards

Configuring Output Aggregate NetFlow

Monitoring and Maintaining Output Aggregate NetFlow

Configuration Examples for Output Aggregate NetFlow

Configuring Output Aggregate NetFlow Example

Displaying Cache Information for Output Aggregate NetFlow Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

cache

export destination

hw-module slot tcam carve

ip flow-aggregation cache

ip route-cache flow output

show ip cache flow aggregation

show ip flow export


Output Aggregate NetFlow


Part Number OL-8713-01 (Rev A0), January 19, 2006

The Output Aggregate NetFlow feature is an extension of the NetFlow Aggregation accounting feature and allows you to gather flow information for IPv4 traffic on the output interfaces of Cisco 12000 series IP services engine (ISE) and Engine 5 (E5) line cards. The outgoing IPv4 traffic can arrive on the router in either Multiprotocol Label Switching (MPLS) or IPv4 format. The Output Aggregate NetFlow feature is performed in nonsampled mode, in which NetFlow data is collected by examining each packet in outgoing IPv4 traffic. This feature includes 11 aggregation schemes: autonomous system (AS), destination prefix, prefix, protocol port, source prefix, AS-Type of Service (ToS), destination prefix-ToS, prefix-port, prefix-ToS, protocol-port-ToS, and source prefix-ToS.


Note The Output Aggregate NetFlow feature contains enhanced functionality to replace the Maximum Mask Aggregate Output NetFlow feature.


 Feature History for Output Aggregate NetFlow

Release
Modification

12.0(32)S

This feature was introduced on Cisco 12000 series IP services engine (ISE) and Engine 5 line cards.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions.

Contents

Prerequisites for Output Aggregate NetFlow

Restrictions for Output Aggregate NetFlow

Information About Output Aggregate NetFlow

Configuring Output Aggregate NetFlow

Monitoring and Maintaining Output Aggregate NetFlow

Configuration Examples for Output Aggregate NetFlow

Additional References

Command Reference

Prerequisites for Output Aggregate NetFlow

To collect autonomous system (AS) information in the aggregation scheme, you must specify either the peer-as or origin-as keyword in the ip flow-export version command. For detailed information, see the Prerequisites section in Configuring Output Aggregate NetFlow.

To increase the number of output flows that the Output Aggregate NetFlow feature can handle, you can increase the percentage of ternary content addressable memory (TCAM) used for the NetFlow hardware cache by entering the hw-module slot tcam carve command. For detailed information, see the Prerequisites section in Configuring Output Aggregate NetFlow.

If you are exporting NetFlow data, you need a NetFlow collector and analyzer that handles NetFlow export packets in Version 8 or 9 format.

Restrictions for Output Aggregate NetFlow

Aggregation scheme—The Output Aggregate NetFlow feature does not support the BGP-next hop-ToS aggregation scheme for collecting data for output flows on an ISE or E5 line card.

Sampling mode—You cannot enable output NetFlow data collection in sampled and nonsampled mode on the same output interface.

Supported line cards—The Output Aggregate NetFlow feature is supported on all ISE and Engine 5 (E5) line cards, except the 2.5G ISE SPA Interface Processor (SIP).

Subinterface configuration

The configuration of the Output Aggregate NetFlow feature on an individual ISE or E5 subinterface is not supported. However, if you configure Output Aggregate NetFlow on an ISE or E5 interface, NetFlow data is collected on all associated subinterfaces and reported in the configured aggregation scheme.

Multicast traffic—The Output Aggregate NetFlow feature does not support NetFlow accounting for outgoing multicast traffic.

Unicast traffic—The Output Aggregate NetFlow feature does not collect output flow information for IPv4 unicast packets generated by the Route Processor.

IPv6 packets—The Output Aggregate NetFlow feature does not support NetFlow accounting for outgoing IPv6 traffic.

Data collection of output flows—In the data records exported for output flows, the value in the input interface field is the lowest interface number on the ingress line card from which the flow arrives.

NetFlow Version 9 Export Format—The export format used in NetFlow Version 9 does not distinguish flows collected from input NetFlow and flows collected from output NetFlow.

Information About Output Aggregate NetFlow

To configure the Output Aggregate NetFlow feature, you should understand the following concepts:

NetFlow Aggregation of Output Flows on ISE and Engine 5 Line Cards

NetFlow Cache Aggregation Schemes

Export Formats for NetFlow Aggregation Schemes

NetFlow Support on Cisco 12000 Series ISE an E5 Line Cards

NetFlow Aggregation of Output Flows on ISE and Engine 5 Line Cards

On a Cisco 12000 series Internet router, the Output Aggregate NetFlow feature allows you to collect data about output flows on an ISE or E5 output interface. The specialized ISE and E5 hardware can capture aggregated flows without the additional step required on software-based platforms of first capturing nonaggregate flows, such as individual TCP or UDP sessions.

On an ISE or E5 line card, aggregated NetFlow data is collected in two steps:

1. Data is aggregated in TCAM of the ISE or E5 hardware-forwarding ASIC. TCAM is used as a hardware-based cache.

The performance of aggregate NetFlow (input and output) features depends on the amount of TCAM allocated for NetFlow.

On an ISE line card, you can change the NetFlow TCAM size by entering the hw-module slot tcam carve command, as described in the Prerequisites section in Configuring Output Aggregate NetFlow.

On an E5 line card, the NetFlow TCAM size is fixed at 256K entries and cannot be reconfigured.

To display the percentage of TCAM used by NetFlow and non-NetFlow features in the current configuration, enter the show controllers frfab alpha tcam carve command.

2. Data collected in ISE or E5 hardware-based TCAM is moved to a software-based cache for a configured NetFlow aggregation scheme.

To achieve greater flow aggregation on the router (accumulate more packets in each flow record before the flow records are exported), configure the size of the software cache to be larger than the size of the NetFlow TCAM. To configure the size of the software-based NetFlow cache, use the cache entries command in aggregation-cache configuration mode to specify the maximum number of entries.

Because each flow record requires two entries, you can compare the number of flow records supported in the hardware-based ISE or E5 NetFlow TCAM and the configured number in the software-based cache as follows:

On an ISE line card, enter the show controllers frfab alpha tcam carve command to display the number of entries supported in the NetFlow (TX_TOP_NF) TCAM region. The number of NetFlow entries supported is the value displayed in the "Value Cells Total" field (for example, "91744" in the command output in hw-module slot tcam carve). By dividing this number by two, you get the number of flow records allocated for NetFlow in ISE TCAM.

On an E5 line card, the size of NetFlow TCAM is fixed at 256 K entries and cannot be reconfigured. There fore, the number of flow records supported in E5 NetFlow TCAM is 256 K divided by two, or 128 K records.

The Output Aggregate NetFlow feature collects aggregate data in nonsampled mode about output flows that are received on the router in IP or MPLS format and transmitted in IPv4 format (if necessary, after MPLS label disposition) on an output ISE or E5 interface. Figure 1 shows a sample topology.

Figure 1 Provider and Customer Networks with Output Aggregate NetFlow

To capture the flow of traffic going to customer sites 2 and 3 of VPN 1 from the remote Site 1, you enable Output Aggregate NetFlow accounting on one or more ISE or E5 line cards on the provider edge router PE2 that are configured for the PE2-CE3 and PE2-CE5 links. The flows are stored in a global flow cache maintained by each NetFlow-enabled line card. You can use the show ip cache flow aggregation and show ip flow export commands to view the active output flow data.

On the PE2 router, an ISE or E5 line card exports the captured output flows to configured collector devices in the provider network, such as NetFlow FlowCollector or NetFlow Analyzer, for further processing and analysis.

NetFlow Cache Aggregation Schemes

Cisco IOS NetFlow aggregation allows you to configure the size of the software cache used by each aggregation scheme, as well as the cache ager timeout parameter, export destination IP address, and export destination UDP port. For the Output Aggregate NetFlow feature, as data flows expire in the hardware-based TCAM cache on an ISE or E5 line card, the flow records are moved to a software-based cache for a configured aggregation scheme on the line card.

The normal flow ager process runs on each software-based aggregation cache. The default aggregation cache size is 4096 bytes.

You configure a cache aggregation scheme through the use of arguments in the ip flow-aggregation cache command.


Note On an ISE or E5 line card, the performance of aggregate NetFlow (input and output) features depends on the number of aggregation schemes you configure. If you configure two or more aggregation schemes, the TCAM capacity allocated to NetFlow is shared between these schemes. For example, if NetFlow TCAM uses 256 K and this amount is equally shared between four aggregation schemes, each scheme can use only 64 K of TCAM and store only 32 K of flow records.


The Output Aggregate NetFlow feature supports the following schemes for cache aggregation:

Autonomous system (AS) aggregation scheme

Destination prefix aggregation scheme

Prefix aggregation scheme

Protocol port aggregation scheme

Source prefix aggregation scheme

AS-ToS aggregation scheme

Destination prefix-ToS aggregation scheme

Prefix-port aggregation scheme

Prefix-ToS aggregation scheme

Protocol-port-ToS aggregation scheme

Source prefix-ToS aggregation scheme


Note The Output Aggregate NetFlow feature does not support the BGP-next hop-ToS aggregation scheme.


For detailed information about cache aggregation schemes, refer to Configuring NetFlow Aggregation Caches and Schemes.

Export Formats for NetFlow Aggregation Schemes

Aggregate NetFlow exports information in UDP datagrams either in Version 8 or Version 9 export format.

Version 8 export format only supports data export from aggregation caches.

Version 9 export format is flexible and extendable, which provides the versatility needed for the support of new fields and record types.

To configure NetFlow to capture and export network traffic data, refer to NetFlow v9 Export Format and Configuring NetFlow to Capture and Export Network Traffic Data.

NetFlow Support on Cisco 12000 Series ISE an E5 Line Cards

In addition to the Output Aggregate NetFlow feature that is performed in nonsampled mode, the following types of NetFlow accounting are also supported on Cisco 12000 series ISE and E5 line cards:

Sampled NetFlow (sampled mode on input and output interfaces)

MPLS-aware NetFlow (sampled mode on input interfaces)

NetFlow Aggregation (sampled and nonsampled mode on input and output interfaces)

NetFlow Minimum Prefix Mask for Router-Based Aggregation on input and output interfaces


Note The Output Aggregate NetFlow feature is designed with enhanced functionality to replace the Maximum Mask Aggregate Output NetFlow feature.


Configuring Output Aggregate NetFlow

This section describes the procedure for configuring the Output Aggregate NetFlow feature.

PREREQUISITES

Before you configure the Output Aggregate NetFlow feature, you may need to perform the following steps:

1. (Optional) On an ISE or E5 line card, the number of output flows that the Output Aggregate NetFlow feature can manage depends on the percentage of TCAM allocated for the NetFlow hardware cache. You can change this percentage by entering the following commands in global configuration mode:

hw-module slot number tcam carve region percentage
microcode reload slot-number

As shown in the following example, enter the hw-module slot tcam carve command one time to configure the percentage reserved for each TCAM region. The NetFlow TCAM region is "tx_top_nf". For detailed information on the command syntax, refer to hw-module slot tcam carve.

Router(config)# hw-module slot 3 tcam carve tx_top_nf 35
Router(config)# hw-module slot 3 tcam carve tx_144b 30
Router(config)# hw-module slot 3 tcam carve tx_288b 20

To display the amount of TCAM allocated for NetFlow and non-NetFlow features in the current ISE configuration, enter the show controllers frfab alpha tcam carve command.


Note On an ISE line card, all Cisco IOS features share the same TCAM. You can reconfigure the percentage of ISE TCAM used by NetFlow. On an E5 line card, the number of NetFlow TCAM entries is fixed at 256 K and cannot be reconfigured.


To reload the software and microcode on an ISE line card so that the newly configured TCAM region sizes take effect, use the microcode reload command. You must enter the microcode reload command only one time on an ISE line card, and only if you reconfigure TCAM regions on the line card.

For example, if you enable Output Aggregate NetFlow on an additional interface on the same line card after you have reconfigured TCAM use in certain regions and reloaded the microcode, you do not have to reload the microcode a second time.

After you enter the microcode reload command, the line card is reset. As a result, traffic forwarding is interrupted. The control protocols and interfaces are down until the line card reset is complete.

2. (Optional) To configure the exporting of NetFlow data in the configured aggregation cache when an output flow expires, enter the following commands in global configuration mode:

ip flow-export version {5 | 9} [origin-as | peer-as]
ip flow-export destination ip-address udp-port

Where in the ip flow-export version command:

The 5 keyword configures the router to export aggregate NetFlow cache entries to a workstation in Version 8 format.

The 9 keyword configures the router to export aggregate NetFlow cache entries to a workstation if you are using receiving software that accepts Version 9.

The origin-as keyword specifies that export statistics include the originating autonomous system (AS) for the source and destination.

The peer-as keyword specifies that export statistics include the peer AS for the source and destination.

Where in the ip flow-export destination command:

The ip-address argument is the IP address of the workstation to which you want to send the NetFlow information.

The udp-port argument is the destination port number in the UDP protocol.

To verify that the router is exporting NetFlow data, enter the show ip flow export command.

For more information about how to use the ip flow-export version and ip flow-export destination commands, refer to Configuring NetFlow to Capture and Export Network Traffic Data.


Note The Output Aggregate NetFlow feature does not support the use of the optional bgp-nexthop keyword in the ip flow-export command. This keyword specifies that export statistics include the BGP next-hop field.



Caution Entering the ip flow-export version or no ip flow-export version command on a Cisco 12000 series Internet router and specifying any format version other than Version 1 causes packet forwarding to stop for a few seconds while NetFlow reloads the route processor and line card CEF tables. In other words, entering the ip flow-export version or no ip flow-export version command and specifying either the version 5 or version 9 keyword causes an interruption of service. To avoid interruption of service to a live network, apply this command during a maintenance window, or include it in the startup-config file for execution during a router reboot.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip flow-aggregation cache {as | as-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}

4. cache {entries number | timeout {active minutes | inactive seconds}}

5. export {destination ip-address | hostname}udp-port | version [8 | 9] | template [refresh-rate packets | timeout minutes]}

6. enable

7. exit

8. interface type slot/port

Or

interface type slot/subslot/port

9. ip route-cache flow output

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip flow-aggregation cache {as | as-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}

Example:

Router(config)# ip flow-aggregation cache prefix-tos

Enters NetFlow cache command mode to configure the specified aggregation scheme.

For detailed information on the command syntax, refer to ip flow-aggregation cache.

Step 4 

cache entries number


Router(config-flow-cache)# cache entries 64000

Configures the number of cached entries allowed in the aggregation cache. The number of entries can be 1024 to 524288. The default is 4096.

For detailed information on the cache command syntax, refer to NetFlow Command Reference.

Step 5 

export {destination ip-address | hostname} udp-port | version [8 | 9] | template [refresh-rate packets | timeout minutes]}

Example:

Router(config-flow-cache)# export destination 10.42.41.1 9991

Enables the exporting of information from NetFlow aggregation caches.

The destination ip-address | hostname udp-port keyword-argument parameter specifies the IP address or hostname of the workstation to which you want to send the NetFlow information and the number of the UDP port on which the workstation is listening for this input. You can configure a maximum of 2 concurrent destinations using the destination keyword with the export command.

The version [8|9] keywords specify the version of the format for export.

The template keyword configures transmission parameters for options and templates used in the NetFlow Version 9 export format.

The refresh-rate packets keyword-argument pair specifies the number of export packets before the templates are resent.

The timeout minutes keyword-argument pair specifies the time that elapses before the templates are resent.

Step 6 

enable

Example:

Router(config-flow-cache)# enable

Enables the aggregation scheme.

Step 7 

exit

Example:

Router(config-flow-cache)# exit

Exits NetFlow cache command mode and returns to global configuration mode.

Step 8 

interface type slot/port

Example:

Router(config)# interface pos 3/0


Or

interface type slot/subslot/port

Example:

Router(config)# interface gigabitethernet 2/0/0

Specifies an interface and enters interface configuration mode.

The type argument is the type of interface to be configured.

The slot/port argument specifies the slot and port numbers of the interface.

The slot/subslot/port argument specifies the slot and port numbers of a SPA interface.

Note When you configure a SPA on the Cisco 12000 series Internet router, the interface address is in the format slot/subslot/port.

Step 9 

ip route-cache flow output

Example:

Router(config-if)# ip route-cache flow output

Enables the Output Aggregate NetFlow feature to collect data for egress traffic on the output interface in nonsampled mode.

Monitoring and Maintaining Output Aggregate NetFlow

To display information about the Output Aggregate NetFlow data collected in the configured aggregation cache, use the following show commands in privileged EXEC mode:

Command
Purpose

Router> execute-on slot slot-number show ip cache [prefix mask] [type number] [verbose] flow aggregation {as | as-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}


Or

Router> attach slot-number
LC-Slot> show ip cache [prefix mask] [type number] [verbose] flow aggregation {as | as-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}

Displays the statistics, configuration, and contents of an aggregation cache on a specified line card. Enter these commands, starting in User EXEC mode.

Router# show ip flow export


Or

Router> attach slot-number
LC-Slot> show ip flow export

Displays statistics about the NetFlow data that has been exported. Enter the command in User EXEC mode to display NetFlow data from one line card, or in Privileged EXEC mode to display NetFlow data collected from all line cards.


Configuration Examples for Output Aggregate NetFlow

This section contains the following configuration examples for Output Aggregate NetFlow:

Configuring Output Aggregate NetFlow Example

Displaying Cache Information for Output Aggregate NetFlow Example

Configuring Output Aggregate NetFlow Example

The following example shows how to enable the Output Aggregate NetFlow feature to collect NetFlow data in nonsampled mode for outgoing IPv4 traffic on the (ISE or E5) interface, POS 3/1, using an autonomous system (AS) aggregation scheme configured with a maximum capacity of 64000 entries:

Router# configure terminal
Router(config)# ip cache flow aggregation as
Router(config-flow-cache)# cache entries 64000
Router(config-flow-cache)# enable
Router(config-flow-cache)# exit
Router(config)# interface pos 3/1 
Router(config-if)# ip route-cache flow output

Displaying Cache Information for Output Aggregate NetFlow Example

The following example shows how to display detailed statistical and configuration information, and the contents of the Prefix-ToS aggregation cache used to collect NetFlow data for the Output Aggregate NetFlow feature on the ISE or E5 line card in slot 3:

Router> attach 3 
LC-Slot3> show ip cache verbose flow aggregation prefix-tos

========= Line Card (Slot 3) =========
IP Flow Switching Cache, 4096000 bytes
  2 active, 64000 inactive, 3 added
  70 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  Inactive flows timeout in 10 seconds

Src If 			Src Prefix 				Dst If 			Dst Prefix 				TOS Flows 			Pkts
			Msk AS 							Msk AS 				B/Pk 			Active
PO1/0 			21.4.1.0		 		PO3/1* 			21.7.0.0 				E0  7105 			37M
			/24 0 							/16 0 				40 			18.5
PO1/1 			21.5.1.0 				PO3/1* 			21.5.1.1 				E0  7104 			37M
			/24 0 							/32 0 				40 			18.5

Note In this example, note that a star (*) is displayed following the entries in the Dst If column. The star indicates that the NetFlow data on this line is collected for an output flow. If no start (*) is displayed, the NetFlow data is collected for an input flow.


Table 1 describes the significant fields shown in this example.

Table 1 show ip cache verbose flow aggregation prefix-tos Field Descriptions 

Field
Description

Src If

Specifies the input interface of the packets in the flow.

Src Prefix

Specifies the IPv4 prefix of the source address from the routing table.

Src Msk

Specifies the IPv4 network mask for the source address in the routing table.

Src AS

Specifies the BGP autonomous system from which the packet is received (origin AS or peer AS). This value is configured using the ip flow-export version command.

Dst If

Specifies the output interface of the packets in the flow.

Dst Prefix

Specifies the IPv4 prefix of the destination address from the routing table.

Dst Msk

Specifies the IPv4 network mask for the destination address in the routing table.

Dst AS

Specifies the BGP autonomous system to which the flow is sent. This value is configured with the ip flow-export version command.

ToS

8-bit Type of Service field from the IP packet headers in the flow.

Flows

Number of flows captured by hardware forwarding ASIC that are aggregated in this flow.

B/Pk

Average number of bytes per packet in the flow.

Pkts

Total number of packets accounted in the flow.

Active

Number of seconds that data for this flow is collected in the NetFlow cache.


Additional References

The following sections provide references related to the Output Aggregate NetFlow feature.

Related Documents

Related Topic
Document Title

Description of the NetFlow application, including information about:

NetFlow flows

NetFlow main cache operation

NetFlow data capture

NetFlow export formats

NetFlow preprocessing features: filtering and sampling

NetFlow advanced features: BGP Next Hop, Multicast, MPLS, NetFlow Layer 2 and Security Monitoring Exports, and IPv6

NetFlow postprocessing features: aggregation schemes and export to multiple destinations

NetFlow MIBs

"Cisco IOS NetFlow Overview" chapter in the Cisco IOS NetFlow Configuration Guide, Release 12.4

NetFlow configuration commands for IPv4

NetFlow Command Reference

Information and procedures for configuring NetFlow aggregation caches and cache aggregation schemes.

"Configuring NetFlow Aggregation Caches and Schemes" chapter in the Cisco IOS NetFlow Configuration Guide, Release 12.4

NetFlow statistics in ToS-based aggregation schemes

NetFlow ToS-Based Router Aggregation

Netflow statistics for output IP flows of IPv4 traffic using deterministic sampling

Output Sampled NetFlow

Netflow statistics for output IP flows of packets undergoing MPLS label disposition (packets that arrive on a router as MPLS and are transmitted as IP)

MPLS Egress NetFlow Accounting

NetFlow statistics for MPLS traffic in MPLS-enabled networks

MPLS-aware NetFlow

NetFlow statistics collected in Prefix, Destination-Prefix, and Source-Prefix aggregation schemes using a minimum mask value

NetFlow Minimum Prefix Mask for Router-Based Aggregation

NetFlow statistics for output IP flows using a maximum source prefix or destination prefix mask to filter flows for the Prefix-ToS aggregation scheme

Maximum Mask Aggregate Output NetFlow

Hardware installation and software configuration of ISE and Engine 5 SPA interface processors (SIPs) and shared port adapters (SPAs) supported on the Cisco 12000 series Internet router

Cisco 12000 Series SIP and SPA Installation and Configuration Guides

Description of how to configure and use Version 9 data export

NetFlow v9 Export Format

Information and procedures for configuring NetFlow to capture and export network traffic data

"Configuring NetFlow to Capture and Export Network Traffic Data" chapter in the Cisco IOS NetFlow Configuration Guide, Release 12.4


Standards

Standards
Title

No new or modified standards are supported by this feature.


MIBs

MIBs
MIBs Link

No new or modified MIBs are supported by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature.


Technical Assistance

Description
Link

The Cisco Technical Support website, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access more content.

http://www.cisco.com/public/support/tac/home.shtml


Command Reference

This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0S command reference publications.

cache

export destination

hw-module slot tcam carve

ip flow-aggregation cache

ip route-cache flow output

show ip cache flow aggregation

show ip flow export

cache

To configure operational parameters for NetFlow accounting aggregation caches, use the cache command in NetFlow aggregation cache configuration mode. To disable the NetFlow aggregation cache operational parameters for NetFlow accounting, use the no form of this command.

cache {entries number | timeout {active minutes | inactive seconds}}

no cache {entries | timeout {active | inactive}}

Syntax Description

entries number

The number of cached entries allowed in the aggregation cache. The number of entries can be 1024 to 524288. The default is 4096.

timeout

Dissolves the session in the aggregation cache.

active minutes

(Optional) The number of minutes that an active entry remains in the aggregation cache before it is exported and removed. The range is from 1 to 60 minutes. The default is 30 minutes.

inactive seconds

(Optional) The number of seconds that an inactive entry will stay in the aggregation cache before it times out. The range is from 10 to 600 seconds. The default is 15 seconds.


Defaults

The default for cache entries is 4096.
The default for active cache entries is 30 minutes.
The default for inactive cache entries is 15 seconds.

Command Modes

NetFlow aggregation cache configuration

Command History

Release
Modification

12.0(11)S

This command was introduced on Cisco 12000 series Internet routers.


Usage Guidelines

Before you can use the cache command, you must have NetFlow accounting configured on the router.

Examples

The following example shows how to set the NetFlow aggregation cache entry limits and timeout values for the NetFlow protocol-port aggregation cache:

Router(config)# ip flow-aggregation cache protocol-port
Router(config-flow-cache)# cache entries 64000
Router(config-flow-cache)# cache timeout inactive 100
Router(config-flow-cache)# cache timeout active 45
Router(config-flow-cache)# enabled

Related Commands

Command

Description

enabled (aggregation cache)

Enables aggregate NetFlow accounting.

export destination (aggregation cache)

Enables the export of NetFlow accounting information from NetFlow aggregation caches.

ip flow-aggregation cache

Enters aggregation-cache configuration submode to configure NetFlow accounting for a specified aggregation scheme.

mask (aggregation cache)

Specifies the minimum mask for the source or destination IPv4 prefix used in aggregate NetFlow accounting.

show ip cache flow aggregation

Displays the NetFlow accounting aggregation cache statistics.

show ip cache flow

Displays a summary of the NetFlow accounting statistics.


export destination

To enable the exporting of NetFlow accounting information from NetFlow aggregation caches, use the export destination command in NetFlow aggregation cache configuration mode. To disable the export of NetFlow accounting information from NetFlow aggregation caches, use the no form of this command.

export {destination ip-address | hostname} udp-port | version [8 | 9] | template [refresh-rate packets | timeout minutes]}

no export {destination ip-address | hostname} udp-port | version | template [refresh-rate | timeout]}

Syntax Description

destination ip-address | hostname udp-port

IP address or hostname of the workstation to which you want to send the NetFlow information and the number of the UDP port on which the workstation is listening for this input. You can configure a maximum of 2 concurrent destinations using the destination keyword with the export command.

version [8 | 9]

(Optional) Version of the format for the export.

template

Enables the refresh-rate and timeout keywords for configuring Version 9 export templates.

refresh-rate packets

(Optional) Specifies the number of export datagrams that are sent before the templates or options (as appropriate) are resent. You can specify from 1 to 600 packets. The default is 20 packets.

timeout minutes

(Optional) Specifies the interval (in minutes) between which the templates or options (as appropriate) are sent. You can specify from 1 to 3600 minutes. The default is 30 minutes.


Defaults

A NetFlow aggregation cache export destination is not set.

Command Modes

NetFlow Aggregation cache configuration

Command History

Release
Modification

12.0(11)S

This command was introduced on Cisco 12000 series Internet routers.

12.0(24)S

The version, template, refresh-rate, and timeout keywords were added.


Usage Guidelines

Before you can use the export destination command, you must have NetFlow accounting configured on the router.

Determining the Appropriate Export Version For Your Requirements

NetFlow aggregation caches export data in UDP datagrams using either the Version 9 or Version 8 export formats. Table 2 describe how to determine the most appropriate export format version for your requirements.

Table 2 Selecting a Particular NetFlow Export Format  

Export Format
Select When...

Version 9

You need to export data from various technologies, such as Multicast, DoS, IPv6, BGP next hop, and so on. This format accommodates new NetFlow-supported technologies such as Multicast, MPLS, and BGP next hop.

The Version 9 export format supports export from the main cache and from aggregation caches.

Version 8

Version 8 export format is available only for export from aggregation caches.


NetFlow Version 9 Data Export Format Overview

The NetFlow Version 9 Export Format feature, which was introduced in Cisco IOS Release 12.0(24)S:

Supports CEF switching, dCEF switching, and fast switching.

Provides a flexible and extensible means for transferring NetFlow records from a network node to a collector.

Uses definable record types and is self-describing for easier NetFlow Collection Engine configuration.

Using Version 9 export, you can:

Define new formats on the router that you can send to the NetFlow Collection Engine (formerly called NetFlow FlowCollector) at set intervals.

Enable the features that you want, and the field values corresponding to those features are sent to the NetFlow Collection Engine.

Third-party business partners who produce applications that provide NetFlow Collection Engine or display services for NetFlow do not need to recompile their applications each time a new NetFlow technology is added. Instead, with the NetFlow v9 Export Format feature, they can use an external data file that documents the known template formats and field types.

In NetFlow Version 9:

Record formats are defined by templates.

Template descriptions are communicated from the router to the NetFlow Collection Engine.

Flow records are sent from the router to the NetFlow Collection Engine with minimal template information so that the NetFlow Collection Engine can relate the records to the appropriate template.

Version 9 is independent of the underlying transport (UDP, TCP, SCTP, and so on).

NetFlow Version 9 Template-Based Flow Record Format

NetFlow Version 9 export format is template based. A template describes a NetFlow record format and attributes of the fields (such as type and length) within the record. The router assigns each template an ID, which is communicated to the NetFlow Collection Engine along with the template description. The template ID is used for all further communication from the router to the NetFlow Collection Engine.

NetFlow Version 9 Export Flow Records

The basic output of NetFlow is a flow record. In the NetFlow Version 9 export format, a flow record follows the same sequence of fields used in the template definition. The template to which NetFlow flow records belong is determined by the prefixing of the template ID to the group of NetFlow flow records that belong to a template. For a description of existing NetFlow flow-record formats, see the NetFlow Services Solutions Guide.

NetFlow Version 9 Export Packet

In NetFlow Version 9, an export packet consists of the packet header and flowsets. The packet header identifies the new version and provides other information. There are two types of flowsets:

Template flowsets—Describe the fields that will be in the data flowsets (or flow records).

Data flowsets—Contain the values or statistics of one or more flows with the same template ID.

When the NetFlow Collection Engine receives a template flowset, it stores the flowset and export source address so that subsequent data flowsets that match the flowset ID and source combination are parsed according to the field definitions in the template flowset. Version 9 supports NetFlow Collection Engine Version 4.0.

For a description of the Version 9 packet headers, template flowsets, and data flowsets, see the Cisco IOS NetFlow Version 9 Flow-Record Format white paper.

NetFlow Version 8 Data Export Format Overview

The Version 8 data export format is the NetFlow export format used when the router-based NetFlow aggregation feature is enabled on Cisco IOS router platforms. The Version 8 format allows for export datagrams to contain a subset of the Version 5 export data that is based on the configured aggregation cache scheme. For example, a certain subset of the Version 5 export data is exported for the destination prefix aggregation scheme, and a different subset is exported for the source-prefix aggregation scheme.

The Version 8 export format was introduced in Cisco IOS Release 12.0(11)S for the Cisco IOS NetFlow Aggregation feature. An additional six aggregation schemes that also use Version 8 format are defined in the NetFlow ToS-Based Router Aggregation feature introduced in Cisco IOS Release 12.0(15)S.

The Version 8 datagram consists of a header with the version number (which is 8) and time stamp information, followed by one or more records corresponding to individual entries in the NetFlow cache.

Table 3 lists the NetFlow Version 8 export packet header field names and definitions.

Table 3 NetFlow Version 8 Export Packet Header Field Names and Descriptions 

Field Name
Description

Version

Flow export format version number. In this case 8.

Count

Number of export records in the datagram.

System Uptime

Number of milliseconds since the router last booted.

UNIX Seconds

Number of seconds since 0000 UTC 1970.

UNIX NanoSeconds

Number of residual nanoseconds since 0000 UTC 1970.

Flow Sequence Number

Sequence counter of total flows sent for this export stream.

Engine Type

Type of switching engine. RP = 0 and LC = 1.

Engine ID

Slot number of the NetFlow engine.

Aggregation

Type of aggregation scheme being used.

Agg Version

Aggregation subformat version number. The current value is 2.

Sampling Interval

Interval value used if Sampled NetFlow is configured.

Reserved

Zero field.


For Version 8 data exports, the maximum number of aggregated flow records and the maximum size in bytes of each UDP datagram are shown in Table 4.

Table 4 NetFlow Version 8 Aggregation Scheme, Flow Record and UDP Packet Size

Aggregation Scheme
Maximum Number of Flow Records
UDP Packet Size

BGP Autonomous System

51

1456 bytes

Destination Prefix

44

1436 bytes

Prefix

35

1428 bytes

Protocol Port

51

1456 bytes

Source Prefix

44

1436 bytes


Examples

The following example shows how to configure 2 export destinations for a NetFlow accounting protocol-port aggregation cache scheme:

Router(config)# ip flow-aggregation cache protocol-port
Router(config-flow-cache)# export destination 10.41.41.1 9992
Router(config-flow-cache)# export destination 172.16.89.1 5555
Router(config-flow-cache)# enabled

The following example shows how to configure the Version 9 template and the Version 9 template refresh-rate and timeout parameters for a NetFlow accounting protocol-port aggregation cache scheme:

Router(config)# ip flow-aggregation cache protocol-port
Router(config-flow-cache)# version 9
Router(config-flow-cache)# export template refresh-rate 100
Router(config-flow-cache)# export template timeout 120
Router(config-flow-cache)# enabled

Related Commands

Command
Description

cache

Defines operational parameters for NetFlow accounting aggregation caches.

enabled (aggregation cache)

Enables aggregate NetFlow accounting.

ip flow-aggregation cache

Enters aggregation-cache configuration submode to configure NetFlow accounting for a specified aggregation scheme.

show ip cache flow aggregation

Displays the NetFlow accounting aggregation cache statistics.


hw-module slot tcam carve

To reconfigure the percentage of ternary content addressable memory (TCAM) on an ISE hardware-forwarding ASIC that is used by a particular ingress or egress feature, use the hw-module slot tcam carve command in global configuration mode. The no form of this command has no effect.

hw-module slot number tcam carve region percentage

Syntax Description

number

Slot number of a line card.

region

Region in TCAM reserved for a software feature.

percentage

Percentage of TCAM reserved for the specified software region.


Defaults

The default percentage reserved for each feature region differs according to Cisco IOS release.

Command Modes

Global configuration

Command History

Release
Modification

12.0(23)S

This command was introduced on Cisco 12000 series ISE line cards.

12.0(30)S

Support for the TX_TOP_NF region was added.

12.0(31)S

Support for Cisco 12000 series Engine 5 line cards was added.


Usage Guidelines

For the Output Aggregate NetFlow feature, use the hw-module slot tcam carve command to reconfigure the percentage of TCAM used by the NetFlow hardware cache on an ISE line card. To display the percentage of TCAM used in the default configuration by NetFlow and non-NetFlow features, enter the show controllers frfab alpha tcam carve command.

For example, you can increase the TCAM capacity for handling an increased number of output flows and decrease the percentage allocated to other features on a NetFlow-enabled ISE line card. Enter the hw-module slot tcam carve command to configure the percentage reserved for each TCAM region.

For the new TCAM region sizes to take effect, you must enter the microcode reload slot-number command. This command reloads the software and microcode on the specified line card. Only enter the microcode reload command one time on a line card, and only if you reconfigure TCAM regions on a line card. For example, if you enable Output Aggregate NetFlow on an additional interface on the same line card after you have reconfigured TCAM usage for certain regions and reloaded the microcode, you do not have to reload the microcode a second time.


Note After you enter the microcode reload command, the line card is reset. As a result, traffic forwarding is interrupted. The control protocols and interfaces are down until the line card reset is complete.


Examples

The following example shows how to:

Display the percentage of TCAM used by different features in the default configuration.

Increase the percentage of TCAM used for the Output Aggregate NetFlow feature (TX_TOP_NF entry) to 40 percent and decrease the amounts used for two other regions in the default configuration.

Router> attach 3

LC-Slot3# show controllers frfab alpha tcam carve


Id Region % Curr/Carve/Dflt Mask Blocks Masks Value Cells

Total/Used(%) Total/Used(%) Total/Used(%)

-----------------------------------------------------------------------------

0 RX_TOP_NF 34.99/35.00/35.00 2867/0 0.00% 5734/0 0.00% 91744/0 0.00%

1 RX_TOP_72b 0.98/ 1.00/ 1.00 324/0 0.00% 324/0 0.00% 2592/0 0.00%

2 RX_TOP_144b 0.98/ 1.00/ 1.00 81/2 2.46% 162/4 2.46% 2592/64 2.46%

3 RX_TOP_288b 0.98/ 1.00/ 1.00 20/0 0.00% 81/1 1.23% 2592/32 1.23%

4 RX_72b 3.99/ 4.00/ 4.00 1308/0 0.00% 1308/0 0.00% 10464/0 0.00%

5 RX_144b 19.99/20.00/20.00 1638/0 0.00% 3276/0 0.00% 52416/0 0.00%

6 RX_288b 29.99/30.00/30.00 614/0 0.00% 2457/0 0.00% 78624/0 0.00%

7 RX_IPv6_128 3.99/ 4.00/ 4.00 327/0 0.00% 654/1 0.15% 10464/16 0.15%

136 RX_IPv6_mca 0.98/ 1.00/ 1.00 20/0 0.00% 81/1 1.23% 2592/32 1.23%

137 RX_BOT_72b 0.98/ 1.00/ 1.00 324/1 0.30% 324/1 0.30% 2592/8 0.30%

138 RX_BOT_144b 0.98/ 1.00/ 1.00 81/1 1.23% 162/2 1.23% 2592/32 1.23%

139 RX_BOT_288b 1.09/ 1.00/ 1.00 22/0 0.00% 90/1 1.11% 2880/32 1.11%

140 TX_TOP_NF 0.98/ 1.00/ 1.00 81/0 0.00% 162/0 0.00% 2592/0 0.00%

141 TX_TOP_72b 0.98/ 1.00/ 1.00 324/0 0.00% 324/0 0.00% 2592/0 0.00%

142 TX_TOP_144b 0.98/ 1.00/ 1.00 81/0 0.00% 162/0 0.00% 2592/0 0.00%

143 TX_TOP_288b 0.98/ 1.00/ 1.00 20/0 0.00% 81/1 1.23% 2592/32 1.23%

144 TX_72b 3.99/ 4.00/ 4.00 1308/0 0.00% 1308/0 0.00% 10464/0 0.00%

145 TX_144b 39.99/40.00/40.00 3276/0 0.00% 6552/0 0.00% 104832/0 0.00%

146 TX_288b 43.99/44.00/44.00 901/0 0.00% 3604/0 0.00% 115328/0 0.00%

147 TX_V6Cmp128 4.99/ 5.00/ 5.00 409/0 0.00% 818/0 0.00% 13088/0 0.00%

276 TX_BOT_72b 0.98/ 1.00/ 1.00 324/1 0.30% 324/1 0.30% 2592/8 0.30%

277 TX_BOT_144b 0.98/ 1.00/ 1.00 81/0 0.00% 162/0 0.00% 2592/0 0.00%

278 TX_BOT_288b 1.09/ 1.00/ 1.00 22/0 0.00% 90/0 0.00% 2880/0 0.00%

-----------------------------------------------------------------------------

Unused regions with 0% current/carved/default are not shown


LC-Slot3# exit

Router> enable

Router(config)# hw-module slot 3 tcam carve tx_top_nf 40

Router(config)# hw-module slot 3 tcam carve tx_144b 10

Router(config)# hw-module slot 3 tcam carve tx_288b 25

Router(config)# microcode reload 3

Related Commands

Command
Description

hw-module slot ip flow output collect-from-slot

Configures an additional ISE or E5 line card to collect output flows for the aggregation scheme configured for the Output Aggregate NetFlow feature.

ip flow-aggregation cache

Enters aggregation-cache configuration submode to configure NetFlow accounting for a specified aggregation scheme.

ip flow-export destination

Enables the exporting of information in NetFlow cache entries to the collection device at a specified IP address.

ip route-cache flow output

Enables the Output Aggregate NetFlow feature on a specified interface.


ip flow-aggregation cache

To enable NetFlow accounting aggregation cache schemes, use the ip flow-aggregation cache command in global configuration mode. To disable NetFlow accounting aggregation cache schemes, use the no form of this command.

ip flow-aggregation cache {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}

no ip flow-aggregation cache {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}

Syntax Description

as

Configures the autonomous system aggregation cache scheme.

as-tos

Configures the autonomous system type of service (ToS) aggregation cache scheme.

bgp-nexthop-tos

Configures the Border Gateway Protocol (BGP) next hop ToS aggregation cache scheme.

Note The BGP-next hop-ToS aggregation scheme is not supported by the Output Aggregate NetFlow feature.

destination-prefix

Configures the destination-prefix aggregation cache scheme.

destination-prefix-tos

Configures the destination prefix ToS aggregation cache scheme.

prefix

Configures the prefix aggregation cache scheme.

prefix-port

Configures the prefix port aggregation cache scheme.

prefix-tos

Configures the prefix ToS aggregation cache scheme.

protocol-port

Configures the protocol-port aggregation cache scheme.

protocol-port-tos

Configures the protocol-port ToS aggregation cache scheme.

source-prefix

Configures the source-prefix aggregation cache scheme.

source-prefix-tos

Configures the source-prefix ToS aggregation cache scheme.


Defaults

This command is disabled by default.

Command Modes

Global configuration

Command History

Release
Modification

12.0(11)S

This command was introduced on Cisco 12000 series Internet routers.

12.0(15)S

This command was modified to include the ToS aggregation scheme keywords.


Usage Guidelines

Before you can use the ip flow-aggregation cache command, you must have NetFlow accounting configured on your router. The export destination command supports a maximum of 2 concurrent export destinations.


Note On an ISE or E5 line card, the BGP-next hop-ToS aggregation scheme is not supported by the Output Aggregate NetFlow feature, which is performed in nonsampled mode. However, the BGP-next hop-ToS aggregation scheme is supported on an ISE or E5 line card by the Output Sampled NetFlow feature, which is performed in sampled mode.


The ToS aggregation cache scheme keywords enable NetFlow accounting aggregation cache schemes that include the ToS byte in their export records. The ToS byte is an 8-bit field in the IP header. The ToS byte specifies the quality of service for a datagram during its transmission through the Internet.

You can enable only one aggregation cache configuration scheme per command line. In source-prefix aggregation mode, only the source mask is configurable. In destination-prefix aggregation mode, only the destination mask is configurable.

To enable aggregation (whether or not an aggregation cache is fully configured), you must enter the enabled command in aggregation cache configuration mode. (You can use the no form of this command to disable aggregation. The cache configuration remains unchanged even if aggregation is disabled.)

Examples

The following example shows how to configure a NetFlow accounting autonomous system aggregation cache scheme:

Router(config)# ip flow-aggregation cache as
Router(config-flow-cache)# enabled

The following example shows how to configure multiple export destinations for the NetFlow accounting destination-prefix aggregation cache scheme:

Router(config)# ip flow-aggregation cache destination-prefix
Router(config-flow-cache)# export destination 10.0.101.254 9991
Router(config-flow-cache)# export destination 172.16.10.2 9991
Router(config-flow-cache)# enabled

The following example shows how to enable a NetFlow accounting autonomous system ToS aggregation cache scheme:

Router(config)# ip flow-aggregation cache as-tos
Router(config-flow-cache)# enabled

Related Commands

Command
Description

export destination (aggregation cache)

Enables the export of NetFlow accounting information from NetFlow aggregation caches

show ip cache flow aggregation

Displays a summary of the NetFlow accounting aggregation cache statistics.


ip route-cache flow output

To enable the Output Aggregate NetFlow feature in nonsampled mode on an ISE or Engine 5 interface, use the ip route-cache flow output command. To disable the Output Aggregate NetFlow feature, use the no form of this command.

ip route-cache flow output

no ip route-cache flow output

Syntax Description

This command has no arguments or keywords.

Defaults

This command is not enabled by default.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(11)S

This command was introduced on Cisco 12000 series Internet routers.

12.0(30)S

The output keyword was added to enable the Maximum Mask Aggregate Output NetFlow feature on Cisco 12000 series ISE interfaces.

12.0(32)S

Support for the Output Aggregate NetFlow feature on Cisco 12000 series ISE and Engine 5 interfaces was added.


Usage Guidelines

Use the ip route-cache flow output command to enable the nonsampled aggregate collection of NetFlow statistics for output IPv4 traffic flows on a Cisco 12000 series ISE or Engine 5 interface configured for the Output Aggregate NetFlow feature.

You cannot enable NetFlow data collection in sampled and nonsampled mode at the same time on an ISE or E5 output interface.

To export NetFlow data (traffic statistics) to a remote workstation for further processing, use the ip flow-export version command in global configuration mode.

Examples

The following example shows how to enable the Output Aggregate NetFlow feature to collect NetFlow data in nonsampled mode for outgoing IPv4 traffic on the interface, POS 3/1, using an autonomous system aggregation scheme configured for a maximum of 64,000 entries:

Router# configure terminal
Router(config)# ip cache flow aggregation as
Router(config-flow-cache)# cache entries 64000
Router(config-flow-cache)# enable
Router(config-flow-cache)# exit
Router(config)# interface pos 3/1 
Router(config-if)# ip route-cache flow output

Related Commands

Command
Description

hw-module slot ip flow output collect-from-slot

Configures an additional ISE or E5 line card to collect output flows for the aggregation scheme configured for the Output Aggregate NetFlow feature.

hw-module slot tcam carve

Configures the percentage of ternary content addressable memory (TCAM) hardware used to process packets for a specified software feature.

ip flow-aggregation cache

Enters aggregation-cache configuration submode to configure NetFlow accounting for a specified aggregation scheme.

ip flow-export destination

Enables the exporting of information in NetFlow cache entries to the collection device at a specified IP address.


show ip cache flow aggregation

To display the NetFlow accounting aggregation cache statistics, use the show ip cache flow aggregation command in user EXEC or privileged EXEC mode.

show ip cache [prefix mask] [type number] [verbose] flow aggregation {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}

Syntax Description

prefix mask

(Optional) Displays only the entries in the cache that match the prefix and mask combination.

type number

(Optional) Displays only the entries in the cache that match the interface type and number combination.

verbose

(Optional) Displays additional information from the aggregation cache.

as

Displays the configuration of the autonomous system aggregation cache scheme.

as-tos

Displays the configuration of the autonomous system type of service (ToS) aggregation cache scheme.

bgp-nexthop-tos

Displays the BGP next hop and ToS aggregation cache scheme.

Note The bgp-nexthop-tos aggregation scheme is not supported by the Output Aggregate NetFlow feature.

destination-prefix

Displays the configuration of the destination prefix aggregation cache scheme.

destination-prefix-tos

Displays the configuration of the destination prefix ToS aggregation cache scheme.

prefix

Displays the configuration of the prefix aggregation cache scheme.

prefix-port

Displays the configuration of the prefix port aggregation cache scheme.

prefix-tos

Displays the configuration of the prefix ToS aggregation cache scheme.

protocol-port

Displays the configuration of the protocol port aggregation cache scheme.

protocol-port-tos

Displays the configuration of the protocol port ToS aggregation cache scheme.

source-prefix

Displays the configuration of the source prefix aggregation cache scheme.

source-prefix-tos

Displays the configuration of the source prefix ToS aggregation cache scheme.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.0(11)S

This command was introduced on Cisco 12000 series Internet routers.

12.0(15)S

This command was modified to include new show output for ToS aggregation schemes.


Examples

The following is a sample display of a Prefix-ToS aggregation cache configured on the line card in slot 3 using the show ip cache flow aggregation command:

Router> attach 3 
Router(LC-Slot3)# show ip cache verbose flow aggregation prefix-tos

========= Line Card (Slot 3) =========
IP Flow Switching Cache, 4096000 bytes
  2 active, 6400 inactive, 3 added
  70 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  Inactive flows timeout in 10 seconds

Src If 			Src Prefix 				Dst If 			Dst Prefix 				TOS Flows 			Pkts
			Msk AS 							Msk AS 				B/Pk 			Active
PO1/0 			21.4.1.0		 		PO3/1* 			21.7.0.0 				E0  7105 			37M
			/24 0 							/16 0 				40 			18.5
PO1/1 			21.5.1.0 				PO3/1* 			21.5.1.1 				E0  7104 			37M
			/24 0 							/32 0 				40 			18.5

Note In this example, note that a star (*) is displayed following the entries in the Dst If column. The star indicates that the NetFlow data on this line is collected for an output flow. If no start (*) is displayed, the NetFlow data is collected for an input flow.


Related Commands

Command
Description

cache

Defines operational parameters for NetFlow accounting aggregation caches.

enabled (aggregation cache)

Enables aggregate NetFlow accounting.

export destination (aggregation cache)

Enables the exporting of NetFlow accounting information from NetFlow aggregation caches.

ip flow-aggregation cache

Enters aggregation-cache configuration submode to configure NetFlow accounting for a specified aggregation scheme.

show ip flow export

Displays statistics for NetFlow data export.


show ip flow export

To display the status and the statistics for NetFlow accounting data export, including the main cache and all other enabled caches, use the show ip flow export command in user EXEC or privileged EXEC mode.

show ip flow export [template]

Syntax Description

template

(Optional) Shows the data export statistics (such as template timeout and refresh rate) for the template-specific configurations.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.0(11)S

This command was introduced on Cisco 12000 series Internet routers.

12.0(24)S

The template keyword was added.


Examples

The following is sample output from the show ip flow export command:

Router# show ip flow export

Flow export v5 is disabled for main cache
  Version 5 flow records
  Cache for as aggregation:
    Exporting flows to 10.1.1.1 (1000) 10.2.1.1 (2000)
    Exporting using source IP address 10.3.1.1
  11 flows exported in 8 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
  0 export packets were dropped enqueuing for the RP
  0 export packets were dropped due to IPC rate limiting
  0 export packets were dropped due to output drops

Table 5 describes the significant fields shown in the display.

Table 5 show ip flow export Field Descriptions 

Field
Description

Exporting flows to 10.1.1.1 (1000) and 10.2.1.1

Specifies the export destinations and ports. The ports are in parentheses.

Exporting using source IP address 10.3.1.1

Specifies the source address or interface.

Version 5 flow records

Specifies the version of the flow.

11 flows exported in 8 udp datagrams

The total number of export packets sent, and the total number of flows contained within them.

0 flows failed due to lack of export packet

No memory was available to create an export packet.

0 export packets were sent up to process level

The packet could not be processed by CEF or by fast switching, possibly because another feature requires running on the packet.

0 export packets were dropped due to no fib

0 export packets were dropped due to adjacency issues

Indicates that CEF was unable to switch the packet or forward it up to the process level.

0 export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

Indicates that the packet was dropped because of problems constructing the IP packet.

0 export packets were dropped enqueuing for the RP

0 export packets were dropped due to IPC rate limiting

Indicates that there was a problem transferring the export packet between the RP and the line card.

0 export packets were dropped due to output drops

Indicates that the send queue was full while the packet was being transmitted.


Related Commands

Command
Description

ip flow-export version

Enables the export of NetFlow accounting information in NetFlow cache entries.

export destination (aggregation cache)

Enables the exporting of NetFlow accounting information from NetFlow aggregation caches.

show ip cache flow aggregation

Displays a summary of the NetFlow accounting aggregation cache statistics.