User Guide for the Cisco NetFlow Generation Appliance
Using Cisco NetFlow Generation
Downloads: This chapterpdf (PDF - 403.0KB) The complete bookPDF (PDF - 1.16MB) | Feedback

Setting Up Multiple NetFlow Monitor Instances

Table Of Contents

Setting Up Multiple NetFlow Monitor Instances

Advanced Configuration Overview

Understand the Advanced Component Configuration Order

Configure Filters

Configure Collectors

Configure Records

Configure Exporters

Configure and Activate Monitors

Activate/Inactivate Monitors


Setting Up Multiple NetFlow Monitor Instances


Cisco NetFlow Generation Appliance (NGA) software contains two separate user interfaces that allow you to quickly set up a single NetFlow monitor instance from one window or configure multiple flow monitor instances using several windows, manually associating the components.

This chapter describes how to configure your multiple flow components and associate them to each other in order to allow Cisco NGA to export NetFlow packet information to your collectors.

This chapter contains the following sections:

Advanced Configuration Overview

Configure Filters (optional)

Configure Collectors

Configure Records

Configure Exporters

Configure and Activate Monitors

Once the flow component configuration is complete, you should verify that the collectors are receiving the data as well as configure your system parameters.

Advanced Configuration Overview

You must complete the steps in the "Prepare and Install the Cisco NetFlow Generation Appliance" section of the Quick Start Guide for Cisco NetFlow Generation Appliance document before you configure Cisco NGA.

Use Figure 3-1 to provide a visual guide to the workflow required to configure Cisco NGA.

Figure 3-1 Configuring Multiple Components Workflow Overview

The complete description of all the tasks required in the appliance configuration are described in Understand What to Configure.

If you want to create more than one instance of a flow monitor or other flow components, you can do so manually using the Advanced Setup UI. Some of the other benefits to using the Advanced Setup UI include creating:

Up to ten filters—To define which flows are sent to certain collectors. This allows you to use your collector's analysis applications and load balance NetFlow data across collectors.

Up to four managed devices—To allow you to off load NetFlow data from your Nexus 5000 and 7000 Series switches.

Up to six collectors—To enable you to load balance NetFlow data export and monitor specific applications in your network.

Up to four monitors—Up to four independent flow monitors may be active simultaneously. Each monitor supports up to three records. Of those three records, only one IPv4, one IPv6, and one Layer2 record type is supported.

You must also complete the order of component configuration as specified in Understand the Advanced Component Configuration Order. Once you have completed your advanced configuration tasks, remember to verify the exported flow on your collectors and ensure you set up your system parameters,

Understand the Advanced Component Configuration Order

Use the following sequence to configure your flow components. Note that the configuration order matches the order of the tasks located in this guide:

1. Optionally define one or more filters. See Configure Filters.

2. Define one or more collectors. See Configure Collectors.

3. Optionally define one or more records. See Configure Records.

4. Define a flow exporter and associate the collector(s) with it. If you wish to use a v9 or IPFIX exporter, you must also first define one or more records to be used with it, prior to defining a flow exporter. See Configure Exporters.

5. Define a flow monitor and associate the exporter with it. See Configure and Activate Monitors.

6. Activate the flow monitor. See Configure and Activate Monitors.

Configure Filters

You can apply filters globally to a particular exporter, which could have more than one collector. Filter rules in exporter level affect all its collectors.

Cisco NetFlow Generation Appliance is a high-performance device capable of exporting hundreds of thousands of flow records per second. Third-party flow collectors may be unable to process this rate of data and become unresponsive, drop records, or both. In this case, you can use filters to reduce the demand on the collector.

Creating filters is optional, but should be in place before defining collectors and exporters.

You can apply filters to individual collectors in an exporter. You can also apply filters globally to an exporter, and they will apply to all collectors within that exporter.

To define optional filters and describe which flows should be accepted and exported to the collectors:

Procedure


Step 1 Select Setup > NetFlow > Advanced Setup.

Step 2 Select the Filter tab.

Step 3 Choose one of the following tasks:

Click Create to add a new filter. Continue to step 4.

Select a row and click Edit to change an existing filter.

Select a row and click Delete to remove an existing filter.

Step 4 Enter the information in the Configure Filter window (see Table B-2 for details).

Step 5 Click Submit.

Continue to the Collectors tab to configure the flow collector component. See Configure Collectors.


Configure Collectors

Collectors receive flow records from Cisco NGA and interprets those records. Typical collectors summarize and aggregate the data based on user-defined criteria, and store the data in a database or other long-term repository. Collectors typically generate various reports and charts based upon data received over time from the appliance. See your particular collector's user guide for a description of its capabilities and how to use it.

This section describes the steps required to define one or more collectors and allow the appliance to transmit flow records to them.

Before You Begin

Configure a SPAN session or TAP device to one of the collector data ports. This enables the appliance to receive network traffic.

To add one or more collectors to your NetFlow environment:

Procedure


Step 1 Select Setup > NetFlow > Advanced Setup.

Step 2 Select the Collector tab.

Step 3 Choose one of the following tasks:

Click Create to add a new collector. Continue to step 4.

Select a row and click Edit to change an existing collector.

Select a row and click Delete to remove an existing collector.

Step 4 Enter the following information in the Configure Collector window (see Table B-4 for details).

Step 5 Click Submit.

Continue to the Records tab to configure the flow record component. See Configure Records.


Configure Records

A flow record is the basic unit of information exported by the Cisco NetFlow Generation Appliance to collectors. Each flow record describes a sequence of packets sent from one host to another host which is monitored at one of the appliance data ports.

The flow record consists of a set of match fields and a set of collect fields. The match fields are keys which are used to uniquely distinguish different flows from each other. They do not change for the entire lifetime of the flow. Typical examples of match fields are source and destination IP addresses, since it is important to keep separate statistics for different IP addresses.

The collect fields are the statistics that are accumulated and reported once the flow has been selected by the match fields. Typical examples of collect fields are packet count and byte count. These fields are not useful for distinguishing unique flows from each other, but instead provide the desired information to be tracked for each flow.

The value of the collect fields change throughout the lifetime of a flow. For example, we expect the packet count field to continually increase during the life of a flow until that flow is expired and flushed.

If you are using NetFlow version 5, you do not need to explicitly define your own records. The NetFlow version 5 standard defines all the match and collect fields and permits no variation.

NetFlow version 9 and IPFIX, on the other hand, are considered forms of flexible NetFlow. The match and collect fields are not predefined, so you can customize these fields within certain restrictions. The primary restriction is that each individual field may only be used either as a match field or a collect field. For example, the source IP address may only be used as a match field, never as a collect field. Similarly, the packet count may only be used as a collect field and not a match field. For more details on filter field options, see The window field description tables for the following are included in this section:.

To define a record when using flexible NetFlow such as version 9 or IPFIX:

Procedure


Step 1 Select Setup > NetFlow > Advanced Setup.

Step 2 Select the Record tab.

Step 3 Choose one of the following tasks:

Click Create to add a new record. Continue to step 4.

Select a record and click Edit to change an existing record.

Select a record and click Delete.

Step 4 Enter the required information (see Table B-3 for details).

Step 5 Click Submit.

Continue to the Exporter tab to configure the exporter flow component. See Configure Exporters.


Configure Exporters

The exporter configuration defines a group of one or more collectors, the load-balancing policy to be used with multiple collectors, and allows filters to limit which flows are sent to which collectors. An exporter is a required configuration item for the Cisco NGA to function.

An exporter must be defined prior to creating a monitor. If the exporter is configured with v9 or IPFIX, at least one record must be defined.

To configure exporters:

Procedure


Step 1 Use Setup > NetFlow > Advanced Setup > Exporter to configure your exporters.

Step 2 Enter the required information in the Configure Exporter window (see Table B-5 for details).

Step 3 Click Submit.


Note You can use the same collector in more than one exporter.


Continue to the Monitor tab to configure the monitor flow component. See Configure and Activate Monitors.


Configure and Activate Monitors

A flow monitor represents one instance of the complete functionality of the Cisco NGA. You must create at least one active flow monitor so that the appliance can export NetFlow records. Up to four independent flow monitors may be active simultaneously.

A monitor supports up to three records. Of those three records, only one IPv4, one IPv6, and one Layer2 record type is supported.

Before You Begin

Before you can activate a flow monitor, you must ensure the other components have been successfully configured. See Understand the Advanced Component Configuration Order before you activate your monitor.

To create, edit, delete and make a flow monitor active or inactive:

Procedure


Step 1 Select Setup > NetFlow > Advanced Setup.

Step 2 Select the Monitor tab.

Step 3 Choose one of the following tasks:

Click Create to add a new monitor. Continue to step 4.

Select a row and click Edit to change an existing monitor.

Select a row and click Delete to remove an existing monitor.

Step 4 Enter the required information in the Configure Monitor window (see Table B-6 for details).

Step 5 Click Submit.

Step 6 Choose the monitor name you want to make active or inactive and click Activate/Inactivate. For more details, see Activate/Inactivate Monitors.

Continue to the next step, to verify that the collector data is successful (see Verify Flow Records Generated).


Activate/Inactivate Monitors

You must activate a monitor to start exporting records. and at most four monitors may be active at the same time. If you already have four active monitors and want to make another monitor active, you must choose a monitor that is already active to inactivate it, then click the Activate/Inactivate button to allow the cache memory resources to be freed for use.

When a monitor is in Active state, configuration of all components that are being used by the monitor cannot be modified. To modify, you must first inactivate the monitor.