This documentation has been moved
Implementing NetFlow for IPv6
Downloads: This chapterpdf (PDF - 212.0KB) The complete bookPDF (PDF - 7.45MB) | Feedback

Implementing NetFlow for IPv6

Table Of Contents

Implementing NetFlow for IPv6

Finding Feature Information

Contents

Prerequisites for Implementing NetFlow for IPv6

Restrictions for Implementing NetFlow for IPv6

Information About Implementing NetFlow for IPv6

NetFlow for IPv6 Environments

How to Implement NetFlow for IPv6

Defining the Exporting Scheme Used to Gather NetFlow for IPv6 Statistics

Customizing the NetFlow for IPv6 Cache

Customizing the NetFlow for IPv6 Cache

Managing NetFlow for IPv6 Statistics

Configuring an Aggregation Cache for NetFlow for IPv6

Prerequisites

Configuring a NetFlow for IPv6 Minimum Prefix Mask for Router-Based Aggregation

Configuring the Minimum Mask of a Prefix Aggregation Scheme

Configuring the Minimum Mask of a Destination-Prefix Aggregation Scheme

Configuring the Minimum Mask of a Source-Prefix Aggregation Scheme

Configuration Examples for Implementing NetFlow for IPv6

Configuring NetFlow in IPv6 Environments: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for Implementing NetFlow for IPv6


Implementing NetFlow for IPv6


First Published: June 26, 2006
Last Updated: July 11, 2008

Note Effective with Cisco IOS Release 12.4(20)T, the NetFlow for IPv6 feature has been replaced by the IPv6 Flexible NetFlow feature. For information on this feature, see the Cisco IOS Flexible NetFlow Features Roadmap.


NetFlow for IPv6 provides basic NetFlow functionality for IPv6 without affecting IPv4 NetFlow performance.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Implementing NetFlow for IPv6" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Finding Feature Information

Prerequisites for Implementing NetFlow for IPv6

Restrictions for Implementing NetFlow for IPv6

Information About Implementing NetFlow for IPv6

How to Implement NetFlow for IPv6

Configuration Examples for Implementing NetFlow for IPv6

Additional References

Feature Information for Implementing NetFlow for IPv6

Prerequisites for Implementing NetFlow for IPv6

This document assumes that you are familiar with IPv4. Refer to the publications referenced in the "Additional References" section for IPv4 configuration and command reference information.

Restrictions for Implementing NetFlow for IPv6

The Cisco IOS SX software release train supports only egress IPv6 netflow.

Information About Implementing NetFlow for IPv6

To configure NetFlow for IPv6 for Cisco IOS software, you should understand the following concept:

NetFlow for IPv6 Environments

NetFlow for IPv6 Environments

NetFlow for IPv6 is based on NetFlow Version 9 and functions by identifying packet flows for ingress IP and IPv6 packets. NetFlow enables you to collect traffic flow statistics on your routing devices and analyze traffic patterns, such as tasks that are used to perform traffic analysis and detect denial of service (DoS) attacks. It does not involve any connection-setup protocol between routers or to any other networking device or end station and does not require any change externally—either to the traffic or packets themselves or to any other networking device.

NetFlow is completely transparent to the existing network, including end stations and application software and network devices such as LAN switches. Also, NetFlow is performed independently on each internetworking device; it need not be operational on each router in the network. You can use NetFlow Data Export (NDE) to export data to a remote workstation for data collection and further processing. Network planners can selectively invoke NDE on a router or on a per-subinterface basis to gain traffic performance, control, or accounting benefits in specific network locations. NetFlow collects accounting information for IPv6 encapsulation and tunnels. If NetFlow capture is configured on a logical interface, IPv6 flows will be reported with that interface as the input or output interface, depending on whether the feature has been activated on the ingress or egress port.

How to Implement NetFlow for IPv6

To configure NetFlow for IPv6, you must define the exporting scheme that will be used to export NetFlow statistics, configure the NetFlow cache, and configure NetFlow on the interfaces from which statistics will be gathered. The tasks required to complete perform these functions are described in the following sections:

Defining the Exporting Scheme Used to Gather NetFlow for IPv6 Statistics (required)

Customizing the NetFlow for IPv6 Cache (optional)

Managing NetFlow for IPv6 Statistics (optional)

Configuring an Aggregation Cache for NetFlow for IPv6 (optional)

Configuring a NetFlow for IPv6 Minimum Prefix Mask for Router-Based Aggregation (optional)

Defining the Exporting Scheme Used to Gather NetFlow for IPv6 Statistics

This task describes how to define the exporting scheme that is used to gather NetFlow for IPv6 statistics.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 flow-export version 9 [origin-as | peer-as] [bgp-nexthop]

4. ipv6 flow-export destination ip-address udp-port

5. ipv6 flow-export template {refresh-rate packet-refresh-rate | timeout timeout-value}

6. ipv6 flow-export template options {export-stats | refresh-rate packet-refresh-rate | timeout timeout-value}

7. interface type number

8. ipv6 flow {ingress | egress}

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 flow-export version 9 [origin-as | peer-as] [bgp-nexthop]

Example:

Router(config)# ipv6 flow-export version 9

Enables NetFlow routing.

Step 4 

ipv6 flow-export destination ip-address udp-port

Example:
Router(config)# ipv6 flow-export destination 
10.0.101.254 9991

Enables the exporting of information in NetFlow cache entries to a specific address or port.

Step 5 

ipv6 flow-export template {refresh-rate packet-refresh-rate | timeout timeout-value}

Example:

Router(config)# ipv6 flow-export template timeout 60

Enables the exporting of information in NetFlow cache entries.

Step 6 

ipv6 flow-export template options {export-stats | refresh-rate packet-refresh-rate | timeout timeout-value}

Example:
Router(config)# ipv6 flow-export template 
options export-stats

Configures templates for IPv6 cache exports.

Step 7 

interface type number

Example:

Router(config)# interface atm 0

Specifies an interface type and number, and places the router in interface configuration mode.

Step 8 

ipv6 flow {ingress | egress}

Example:

Router(config-if)# ipv6 flow ingress

(Optional) Enables IPv6 flow capture for incoming (ingress) or outgoing (egress) packets.

Commands for ingress and egress can be specified on the same interface. If a switched packet belongs to a flow that is captured at both ingress and egress, it will be counted twice. This command must be entered on each interface and for each direction in which NetFlow capture is needed.

Customizing the NetFlow for IPv6 Cache

Several options are available for configuring and customizing the NetFlow for IPv6 cache:

Customize the number of entries in the NetFlow for IPv6 cache

Customize the timeout

Customize the Multiprotocol Label Switching (MPLS) parameters

These options are described in the following optional task:

Customizing the NetFlow for IPv6 Cache

Customizing the NetFlow for IPv6 Cache

Normally, the size of the NetFlow for IPv6 cache will meet your needs. However, you can increase or decrease the number of entries maintained in the cache to meet the needs of your NetFlow traffic rates. The default is 64K flow cache entries. Each cache entry requires about 64 bytes of storage. Assuming a cache with the default number of entries, about 4 MB of DRAM would be required. Each time a new flow is taken from the free flow queue, the number of free flows is checked. If only a few free flows remain, NetFlow attempts to age 30 flows using an accelerated timeout. If only 1 free flow remains, NetFlow automatically ages 30 flows regardless of their age. The intent is to ensure that free flow entries are always available.


Caution Cisco recommends that you not change the number of NetFlow cache entries. Improper use of this feature could cause network problems. To return to the default NetFlow cache entries, use the no ip flow-cache entries global configuration command.

The following task describes how to customize the number of entries in the NetFlow cache.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 flow-cache entries number

4. ipv6 flow-cache timeout {active minutes | inactive seconds}

5. ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 flow-cache entries number

Example:

Router(config)# ipv6 flow-cache entries 131072

Changes the number of entries maintained in the NetFlow cache.

Step 4 

ipv6 flow-cache timeout {active minutes | inactive seconds}

Example:

Router(config)# ipv6 flow-cache timeout active 10

Changes the timeout values for the NetFlow cache.

Step 5 

ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

Example:

Router(config)# ipv6 flow-aggregation cache as

Configures the aggregation cache configuration scheme.

Managing NetFlow for IPv6 Statistics

You can display and clear NetFlow for IPv6 statistics. NetFlow for IPv6 statistics consist of IPv6 packet size distribution, IP flow cache information, and flow information such as the protocol, total flow, and flows per second. The resulting information can be used to determine information about your router traffic.

The following task describes how to manage NetFlow for IPv6 statistics. Use these commands as needed for verification of configuration.

SUMMARY STEPS

1. enable

2. show ip cache flow

3. clear ip flow stats

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show ip cache flow

Example:

Router# show ip cache flow

Displays NetFlow statistics.

Step 3 

clear ip flow stats

Example:

Router# clear ip flow stats

Clears the NetFlow statistics.

Configuring an Aggregation Cache for NetFlow for IPv6

The following task describes how to configure an aggregation cache for NetFlow for IPv6.

Prerequisites

To configure an aggregation cache, you must enter aggregation cache configuration mode, and you must decide which type of aggregation scheme you want to configure: Autonomous System, Destination Prefix, Prefix, Protocol Prefix, or Source Prefix aggregation cache. Once you define the aggregation scheme, the following task lets you define the operational parameters for that scheme.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 flow-export destination ip-address udp-port

4. ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

5. cache {entries number | timeout {active minutes | inactive seconds}}

6. cache {entries number | timeout {active minutes | inactive seconds}}

7. exit

8. ipv6 flow-export destination ip-address udp-port

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 flow-export destination ip-address udp-port

Example:
Router(config)# ipv6 flow-export destination 
10.42.42.1 9991

Enables the exporting of information in NetFlow cache entries to a specific address or port.

Step 4 

ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

Example:

Router(config)# ipv6 flow-aggregation cache as

Configures the aggregation cache configuration scheme, and places the router in NetFlow aggregation cache configuration mode.

Step 5 

cache {entries number | timeout {active minutes | inactive seconds}}

Example:

Router(config-flow-cache)# cache entries 2046

Specifies the number (in this example, 2046) of cache entries to allocate for the autonomous system aggregation cache.

Step 6 

cache {entries number | timeout {active minutes | inactive seconds}}

Example:

Router(config-flow-cache)# cache timeout inactive 199

Specifies the number of seconds (in this example, 199) that an inactive entry is allowed to remain in the aggregation cache before it is deleted.

Step 7 

exit

Example:

Router(config-flow-cache)# exit

Exits NetFlow aggregation cache configuration mode, and places the router in global configuration mode.

Step 8 

ipv6 flow-export destination ip-address udp-port

Example:

Router(config)# ipv6 flow-export destination 10.0.101.254 9991

Enables the data export.

Configuring a NetFlow for IPv6 Minimum Prefix Mask for Router-Based Aggregation

To configure the NetFlow for IPv6 Minimum Prefix Mask for Router-Based Aggregation feature, perform the tasks described in the following sections. Each task is optional.

Configuring the Minimum Mask of a Prefix Aggregation Scheme

Configuring the Minimum Mask of a Destination-Prefix Aggregation Scheme

Configuring the Minimum Mask of a Source-Prefix Aggregation Scheme

Configuring the Minimum Mask of a Prefix Aggregation Scheme

The following task describes how to configure the minimum mask of a prefix aggregation scheme.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

4. mask {destination | source} minimum value

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

Example:

Router(config)# ipv6 flow-aggregation cache prefix

Configures the aggregation cache configuration scheme, and places the router in NetFlow aggregation cache configuration mode.

Step 4 

mask {destination | source} minimum value

Example:

Router(config-flow-cache)# mask source minimum value

Configures the minimum value for the source mask.

Configuring the Minimum Mask of a Destination-Prefix Aggregation Scheme

The following task describes how to configure the minimum mask of a destination-prefix aggregation scheme.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

4. mask {destination | source} minimum value

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

Example:

Router(config)# ipv6 flow-aggregation cache destination-prefix

Configures the aggregation cache configuration scheme, and places the router in NetFlow aggregation cache configuration mode.

Step 4 

mask {destination | source} minimum value

Example:

Router(config-flow-cache)# mask destination minimum 32

Configures the minimum value for the destination mask.

Configuring the Minimum Mask of a Source-Prefix Aggregation Scheme

The following task describes how to configure the minimum mask of a source-prefix aggregation scheme.


Note If the minimum mask has not been explicitly configured, no minimum mask information is displayed. The default value of the minimum mask is zero. The configurable range for the minimum mask is from 1 to 32. An appropriate value should be chosen by the user depending on the traffic. A higher value of the minimum mask will provide more detailed network addresses, but it may also result in an increased number of flows in the aggregation cache.


SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

4. mask {destination | source} minimum value

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix}

Example:

Router(config)# ipv6 flow-aggregation cache source-prefix

Configures the aggregation cache configuration scheme, and places the router in NetFlow aggregation cache configuration mode.

Step 4 

mask {destination | source} minimum value

Example:

Router(config-flow-cache)# mask source minimum 5

Configures the minimum value for the source mask.

Configuration Examples for Implementing NetFlow for IPv6

The section provides the following configuration example:

Configuring NetFlow in IPv6 Environments: Example

Configuring NetFlow in IPv6 Environments: Example

If you configure the ipv6 flow ingress command on a few selected subinterfaces and then configure the ip route-cache flow command on the main interface, enabling the main interface will overwrite the ip flow ingress command and data collection will start from the main interface and from all the subinterfaces. In a scenario where you configure the ipv6 flow ingress command and then configure the ip route-cache flow command on the main interface, you can restore subinterface data collection by using the no ip route-cache flow command. This configuration will disable data collection from the main interface and restore data collection to the subinterfaces you originally configured with the ipv6 flow ingress command.

The following example shows how to configure NetFlow on Fast Ethernet subinterface 6/3.0:

Router(config)# interface FastEthernet6/3.0
Router(config-subif)# ipv6 flow ingress

The following example shows the configuration for a loopback source interface. The loopback interface has the IPv6 address 2001:0DB8:1:1:FFFF:FFFF:FFFF:FFFE/64 and is used by the serial interface in slot 5, port 0.

Router# configure terminal
Router(config)# interface loopback 0
Router(config-if)# ipv6 address 2001:0DB8:1:1:FFFF:FFFF:FFFF:FFFE/64
Router(config-if)# exit
Router(config)# interface serial 5/0:0
Router(config-if)# ip unnumbered loopback0
Router(config-if)# encapsulation ppp
Router(config-if)# ipv6 flow cache
Router(config-if)# exit
Router(config)# ipv6 flow-export source loopback 0
Router(config)# exit

Additional References

The following sections provide references related to the Implementing NetFlow for IPv6 feature.

Related Documents

Related Topic
Document Title

Cisco IOS Flexible NetFlow

Cisco IOS Flexible NetFlow Features Roadmap

NetFlow for IPv4 commands: complete command syntax, command mode, defaults, usage guidelines, and examples

Cisco IOS NetFlow Command Reference

NetFlow for IPv6 commands

Cisco IOS IPv6 Command Reference


Standards

Standard
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIB
MIBs Link
 

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Feature Information for Implementing NetFlow for IPv6

Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(2)T or a later release appear in the table.

For information about a feature in this technology that is not documented here, see the Start Here: Cisco IOS Software Release Specifies for IPv6 Features roadmap.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.


Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 1 Feature Information for Implementing NetFlow for IPv6

Feature Name
Releases
Feature Information

IPv6: NetFlow for IPv6

12.3(7)T 12.4 12.4(2)T

NetFlow for IPv6 enables you to collect traffic flow statistics on your routing devices and analyze traffic patterns, which are used to detect DoS attacks.

The following sections provide information about this feature:

NetFlow for IPv6 Environments

How to Implement NetFlow for IPv6

NetFlow: Removal of IPv6 NetFlow

12.4(20)T

This feature was removed.