Cisco IOS XR Netflow Command Reference for the Cisco XR 12000 Series Router, Release 4.3.x
NetFlow Commands
Downloads: This chapterpdf (PDF - 1.68MB) The complete bookPDF (PDF - 2.42MB) | Feedback

NetFlow Commands

NetFlow Commands

This module provides command line interface (CLI) commands for configuring NetFlow on the Cisco XR 12000 Series Router.

cache entries

To configure the number of entries in the monitor map flow cache, enter the cache entries command in flow monitor map configuration mode. To remove a configured number of entries and return the cache to the default configuration, use the no form of this command.

cache entries number

no cache entries number

Syntax Description

number

Number of entries in the flow cache. Replace the number argument with the number of flow entries allowed in the flow cache. Range is from 4096 through 1000000.

Command Default

number : 65535

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the number of entries in the monitor map flow cache to be 10000:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# cache entries 10000

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow monitor-map

Creates and configures a flow monitor map  

show flow monitor

Displays flow monitor cache data in various formats.  

show flow monitor-map

Displays flow monitor map data.  

cache permanent

To disable the removal of entries from the monitor map flow cache, enter the cache permanent command in flow monitor map configuration mode. To re-enable the removal of entries from the flow cache, use the no form of this command.

cache permanent

no cache permanent

Syntax Description

This command has no keywords or arguments.

Command Default

The removal of entries from the monitor map flow cache is enabled.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to disable the removal of entries from the monitor map flow cache:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)#flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# cache permanent

This example shows how to re-enable the removal of entries from the monitor map flow cache:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# no cache permanent

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow monitor-map

Creates and configures a flow monitor map  

show flow monitor

Displays flow monitor cache data in various formats.  

show flow monitor-map

Displays flow monitor map data.  

cache timeout

To configure the active, inactive, and update flow cache timeout, enter the cache timeout command in flow monitor map configuration mode. To remove the configured timeout value and return the cache to its default timeout value, use the no form of this command.

cache timeout { active | inactive | update } timeout_value

no cache timeout { active | inactive | update } timeout_value

Syntax Description

active

Specifies the active flow timeout.

inactive

Specifies the inactive flow timeout.

update

Specifies the update timeout.

timeout_value

Timeout value for the specified keyword ( active , inactive , or update ), in seconds. Range is from 1 through 604800.

Command Default

For active timeout, the default value is 1800 seconds.

For inactive timeout, the default value is 15 seconds.

For update timeout, the default value is 1800 seconds.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Note


The inactive timeout value should be smaller than the active timeout value. The update keyword is used for permanent caches only. It specifies the timeout value that is used to export entries from permanent caches. In this case, the entries are exported but remain the cache.


Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to set the active timeout for the monitor map cache to 200,000 seconds:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# cache timeout active 200000

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow monitor-map

Creates and configures a flow monitor map  

show flow monitor

Displays flow monitor cache data in various formats.  

show flow monitor-map

Displays flow monitor map data.  

clear flow exporter

To export flow exporter templates to the collector or restart the flow exporter statistics collector, enter the clear flow exporter command in EXEC mode.

clear flow exporter [fem-name] { restart | statistics } location node-id

Syntax Description

fem-name

(Optional) Flow exporter name.

restart

Exports all of the current templates to the collector.

statistics

Clears the exporter statistics.

location node-id

Identifies the node whose flow exporter statistics you want to clear, or whose flow exporter statistics collector you want to restart. The node-id argument is expressed in the rack/slot/module notation.

Command Default

No default behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

basic-services

read, write

netflow

read, write

Examples

This example exports all templates to the collector:

RP/0/0/CPU0:router# clear flow exporter restart location 0/0/SP
Restart exporter all locations. Continue? [confirm]

This example shows how to clear flow exporter statistics on a specific node:

RP/0/0/CPU0:router# clear flow exporter statistics location 0/0/CPU0
Clear statistics for all exporters on the location. Continue? [confirm]

Related Commands

Command

Description

flow exporter-map

Creates a flow exporter map  

show flow exporter

Displays flow exporter data  

clear flow monitor

To clear the flow monitor data, enter the clear flow monitor command in EXEC mode.

clear flow monitor [name] cache [ force-export | statistics ] location node-id

Syntax Description

name

(Optional) Identifies a specific cache you want to clear.

cache

Clears all cache related information.

force-export

(Optional) Forces the export of flow records on flushing the cache on the specified node.

statistics

(Optional) Clears cache statistics on a specific node.

location node-id

Node whose flow monitor you want to clear. The node-id argument is expressed in the rack/slot/module notation.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to clear the cache-related flow records on a specific node:

RP/0/0/CPU0:routerclear flow monitor cache force-export location 0/0/CPU0

Clear cache entries for this monitor on this location. Continue? [confirm]

Related Commands

Command

Description

flow monitor-map

Creates and configures a flow monitor map  

show flow monitor-map

Displays flow monitor map data.  

destination

To configure the collector export destination, enter the destination command in flow exporter map configuration mode. To remove a configured export destination, use the no form of this command.

destination hostname_or_IP_address [ vrf vrf_name]

no destination hostname_or_IP_address [ vrf vrf_name]

Syntax Description

hostname_or_IP_address

Specify the export destination for the current flow exporter map. Enter the hostname or destination IP address in the A.B.C.D format.

vrf vrf_name

(Optional) Specify the name of the VRF that is used to reach export destination. This is an optional keyword. If the vrf keyword is specified, then the destination is searched in the VRF that is specified (vrf_name). If the vrf keyword is not specified then, the destination is searched in the default routing table.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.4.0

This command was moved to the flow exporter map configuration mode.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the flow exporter map export destination to be a specific IP address:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow exporter-map map1
RP/0/0/CPU0:router(config-fem)# destination 172.18.189.38

Related Commands

Command

Description

flow exporter-map

Creates a flow exporter map  

flow monitor-map

Creates and configures a flow monitor map  

show flow exporter

Displays flow exporter data  

dscp

To configure the differentiated services codepoint (DSCP) value for export packets, enter the dscp command in flow exporter map configuration mode. To remove a configured DSCP value, use the no form of this command.

dscp dscp_value

no dscp dscp_value

Syntax Description

dscp_value

Specifies the DSCP value for export packets. Replace dscp_value with a number. Range is from 0 through 63.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.4.0

This command was moved to the flow exporter map configuration mode.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the DSCP value for export packets to be 30:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow exporter-map map1
RP/0/0/CPU0:router(config-fem)# dscp 30

Related Commands

Command

Description

flow exporter-map

Creates a flow exporter map  

flow monitor-map

Creates and configures a flow monitor map  

show flow exporter

Displays flow exporter data  

exporter

To associate a flow exporter map with the current flow monitor map, enter the exporter command in flow monitor map configuration mode. To remove an associated flow exporter map from a flow monitor map, use the no form of this command.

exporter map_name

no exporter map_name

Syntax Description

map_name

Name of the flow exporter map you want to associate with the current flow monitor map. The exporter map name can be a maximum of 32 characters.

Note   

A single flow monitor map supports up to 8 exporters.

Command Default

None

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.4.0

NetFlow was updated so that a single flow monitor map supports up to 8 exporters.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to associate a flow exporter map called “fem_1” with the current flow monitor map:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# exporter fem_1

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow monitor-map

Creates and configures a flow monitor map  

show flow monitor

Displays flow monitor cache data in various formats.  

show flow monitor-map

Displays flow monitor map data.  

flow

To specify a flow monitor map and a sampler map for the packets on an interface, use the flow command in interface configuration mode. To remove a configured flow monitor map, use the no form of this command.

flow [ ipv4 | ipv6 | mpls ] monitor name sampler name { egress | ingress }

no flow [ ipv4 | ipv6 | mpls ] monitor name sampler name { egress | ingress }

Syntax Description

ipv4

Enables IPV4 NetFlow on the specified interface.

ipv6

Enables IPV6 NetFlow on the specified interface.

mpls

Enables Multiprotocol Label Switching (MPLS)-aware NetFlow on the specified interface.

monitor name

Specifies the name of the flow monitor map you want to specify for IPv4, IPv6, or MPLS packets.

sampler name

Name of the sampler map you want to apply to the flow monitor map.

egress

Applies the flow monitor map on outgoing packets.

ingress

Applies the flow monitor map on incoming packets.

Command Default

None

Command Modes

Interface configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.5.0

The mpls keyword was added to the flow command to support MPLS-aware NetFlow.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to enable IPv4 NetFlow on a Bridge-group virtual interface, and then apply the flow monitor map on incoming and outgoing IPv4 packets:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# interface BVI 1
RP/0/0/CPU0:router(config-if)# flow ipv4 monitor NMS sampler NMS ingress
RP/0/0/CPU0:router(config-if)# flow ipv4 monitor NMS sampler NMS egress

This example shows how to enable IPv6 NetFlow on a Bridge-group virtual interface, and then apply the flow monitor map on incoming and outgoing IPv6packets:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# interface BVI 1
RP/0/0/CPU0:router(config-if)# flow ipv6 monitor NMS sampler NMS ingress
RP/0/0/CPU0:router(config-if)# flow ipv6 monitor NMS sampler NMS egress

Related Commands

Command

Description

flow monitor-map

Creates and configures a flow monitor map  

show flow monitor-map

Displays flow monitor map data.  

flow exporter-map

To create a flow exporter map and enter flow exporter map configuration mode, use the flow exporter-map command in global configuration mode. To remove a configured flow exporter map, use the no form of this command.

flow exporter-map fem-name

no flow exporter-map fem-name

Syntax Description

fem-name

Creates a new exporter map name, or specifies the name of an existing exporter map.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

When you issue the flow exporter-map fem-name command in global configuration mode, the CLI prompt changes to “config-fem,” indicating that you have entered the flow exporter map configuration submode.

In this sample output, the question mark ( ? ) online help function displays all the commands available under flow exporter map configuration submode:

RP/0/0/CPU0:router(config)# flow exporter-map map1
RP/0/0/CPU0:router(config-fem)# ?

RP/0/0/CPU0:routerconfig-fem)#?
  clear        Clear the uncommitted configuration
  commit       Commit the configuration changes to running
  describe     Describe a command without taking real actions
  destination  Export destination configuration
  do           Run an exec command
  dscp         Specify DSCP value for export packets
  exit         Exit from this submode
  no           Negate a command or set its defaults
  pwd          Commands used to reach current submode
  root         Exit to the global configuration mode
  show         Show contents of configuration
  source       Source interface
  transport    Specify the transport protocol for export packets
  version      Specify export version parameters

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to create a flow exporter map called “map1,” and then enter the flow exporter map configuration submode for that map:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow exporter-map map1
RP/0/0/CPU0:router(config-fem)# 

Related Commands

Command

Description

flow monitor-map

Creates and configures a flow monitor map  

show flow exporter

Displays flow exporter data  

flow monitor-map

To create and configure a flow monitor map and enter flow monitor map configuration submode, use the flow monitor-map command in global configuration mode. To remove a configured flow monitor map, use the no form of this command:

flow monitor-map map_name

no flow monitor-map map_name

Syntax Description

map_name

New monitor map name, or specifies the name of an existing monitor map. The monitor map name can be a maximum 32 characters.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.4.0

NetFlow was updated so that a single flow monitor map supports up to 8 exporters.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

When you issue the flow monitor-map map_name command in global configuration mode, the CLI prompt changes to “config-fmm,” indicating that you have entered the flow monitor map configuration submode. In the following sample output, the question mark ( ? ) online help function displays all the commands available under flow monitor map configuration submode:

RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)#?

  cache     Specify flow cache attributes
  clear     Clear the uncommitted configuration
  commit    Commit the configuration changes to running
  describe  Describe a command without taking real actions
  do        Run an exec command
  exit      Exit from this submode
  exporter  Specify flow exporter map name
  no        Negate a command or set its defaults
  pwd       Commands used to reach current submode
  record    Specify a flow record map name
  root      Exit to the global configuration mode
  show      Show contents of configuration

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to enter flow monitor map configuration mode for a monitor map called “map1:”

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)#

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow

Specifies a flow monitor map  

show flow monitor

Displays flow monitor cache data in various formats.  

show flow monitor-map

Displays flow monitor map data.  

options

To export the tables in the options template and specify export timeout values, enter the options command in flow exporter map version configuration mode. To return the options template to its default configuration values, use the no form of this command.

options { interface-table | sampler-table } [ timeout seconds ]

no options { interface-table | sampler-table } [ timeout seconds ]

Syntax Description

interface-table

Export the interface table.

sampler-table

Exports the sampler table.

timeout seconds

Specifies the export timeout value. Replace seconds with the export timeout value. Range is from 1 through 604800 seconds.

Command Default

Without options command, the default value for timeout is 0 seconds, which means that the template options are not exported by default. Where as when options command is used without mentioning any timeout, default timeout is 1800 seconds.

Command Modes

Flow exporter map version configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to export the timeout in the interface table to the options template.

RP/0/0/CPU0:router(config)# flow exporter-map f1
RP/0/0/CPU0:router(config-fem)# version v9
RP/0/0/CPU0:router(config-fem)# options interface-table timeout 45

Related Commands

Command

Description

flow exporter-map

Creates a flow exporter map  

flow monitor-map

Creates and configures a flow monitor map  

show flow exporter

Displays flow exporter data  

random 1 out-of

To configure the packet sampling interval for a monitor map, use the random 1 out-of command in sampler map configuration submode. To remove a configured sampling interval and return to the default sampling interval, use the no form of this command. The limit of sampling rate values per line card per direction is 4, and limit of total samplers per line card per direction is 16.

random 1 out-of number_of_packets

no random 1 out-of number_of_packets

Syntax Description

number_of_packets

Sampling interval in units of packets. Replace the number_of_packets argument with a number. Range is from 1 through 65535 units.

Command Default

There is no default value to number_of_packets . However, for optimal performance, the recommended value for number_of_packets is 10000.

Command Modes

Sampler map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the sampler map to randomly sample 1 out of every 10 packets:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# sampler map1
RP/0/0/CPU0:router(config-sm)# random 1 out-of 10

record ipv4

To activate an IPv4 flow record, use the record ipv4 command in flow monitor map configuration mode. To deactivate the flow record, use the no form of this command.

record ipv4 [ peer-as | destination ]

no record ipv4

Syntax Description

peer-as

Records peer AS.The Border Gateway Protocol (BGP) AS is not collected unless the bgp attribute download command is configured.

destination

Records IPv4 destination based NetFlow accounting.

Command Default

The default is that no IPv4 flow record is enabled.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.7.0

The destination keyword was added to support destination-based NetFlow accounting.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The BGP AS is not collected unless the bgp attribute download command is configured.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure an IPv4 flow record:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# record ipv4

This example shows how to configure an IPv4 flow record for destination-based NetFlow accounting:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# record ipv4 destination 
RP/0/0/CPU0:router(config-fmm)# exit
RP/0/0/CPU0:router(config)# interface Gigabit Ethernet 0/0/0/0
RP/0/0/CPU0:router(config-if)# flow ipv4 monitor monitor1 ingress
RP/0/0/CPU0:router(config-if)# end

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow monitor-map

Creates and configures a flow monitor map  

record ipv6

Configures the flow record map name for IPv6  

show flow monitor

Displays flow monitor cache data in various formats.  

show flow monitor-map

Displays flow monitor map data.  

record ipv6

To configure the flow record map name for IPv6, use the record ipv6 command in flow monitor map configuration mode. To remove the configured name from a flow record, use the no form of this command.

record ipv6

no record ipv6

Syntax Description

peer-as

Records peer AS.

Command Default

The default is that originating AS numbers are recorded.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 4.0.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the flow record map name for IPv6:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# record ipv6

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow monitor-map

Creates and configures a flow monitor map  

record ipv4

Activates an IPv4 flow record  

show flow monitor

Displays flow monitor cache data in various formats.  

show flow monitor-map

Displays flow monitor map data.  

record mpls

To configure the flow record map name for MPLS, use the record mpls command in flow monitor map configuration mode. To remove the configured name from a flow record, use the no form of this command.

record mpls [ipv4-fields] [ipv6-fields] [ipv4-ipv6-fields] [ labels number ]

no record mpls [ipv4-fields] [ipv6-fields] [ipv4-ipv6-fields] [ labels number ]

Syntax Description

ipv4-fields

(Optional) Collects IPv4 fields in the MPLS-aware Netflow when the payload of the MPLS packet has IPv4 fields. It also collects MPLS traffic with no IPv4 payload, but the IPv4 fields are set to zero.

ipv6-fields

(Optional) Collects IPv6 fields in the MPLS-aware Netflow when the payload of the MPLS packet has IPv6 fields. It also collects MPLS traffic with no IPv6 payload, but the IPv6 fields are set to zero.

ipv4-ipv6-fields

(Optional) Collects IPv4 and IPv6 fields in the MPLS-aware Netflow when the payload of the MPLS packet has either IPv4 fields or IPv6 fields. It also collects MPLS traffic with no IPv4 or IPv6 payload, but those fields are set to zero.

labels number

(Optional) Configures the number of labels that are used in hashing. The number argument is the number of labels that are used in hashing. The range is from 1 to 6.

Command Default

The default is no IPV4 fields and six labels.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 3.5.0

This command was introduced.

Release 4.0.0

IPv6 and IPv4-IPv6 fields were added.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

In Cisco IOS XR software, you can have only one MPLS flow monitor running on an interface at a time. If you apply an additional MPLS flow monitor to the interface, the new flow monitor overwrites the existing one.

You can configure the MPLS flow monitor to collect IPv4 fields, IPv6 fields, or both types of fields.

Task ID

Task ID

Operations

netflow

read, write

Examples

This configuration allows you to collect only MPLS fields. No payload information is collected.

RP/0/0/CPU0:router(config)# flow monitor-map MPLS-fmm
RP/0/0/CPU0:router(config-fmm)# record mpls labels 3
RP/0/0/CPU0:router(config-fmm)# cache permanent
RP/0/0/CPU0:router(config)# exit
RP/0/0/CPU0:router(config)# interface Gigabit Ethernet 0/0/0/0
RP/0/0/CPU0:router(config-if)# flow mpls monitor MPLS-fmm sampler fsm ingress

This configuration allows you to collect MPLS traffic with IPv4 fields. It also collects MPLS traffic with no IPv4 payload, but the IPv4 fields are set to zero.

RP/0/0/CPU0:router(config)# flow monitor-map MPLS-IPv4-fmm
RP/0/0/CPU0:router(config-fmm)# record mpls IPv4-fields labels 3
RP/0/0/CPU0:router(config-fmm)# cache permanent
RP/0/0/CPU0:router(config-fmm)# exit
RP/0/0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-fmm sampler fsm ingress

This configuration allows you to collect MPLS traffic with IPv6 fields. It also collects MPLS traffic with no IPv6 payload, but the IPv6 fields are set to zero.

RP/0/0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm
RP/0/0/CPU0:router(config-fmm)# record mpls IPv6-fields labels 3
RP/0/0/CPU0:router(config-fmm)# cache permanent
RP/0/0/CPU0:router(config-fmm)# exit
RP/0/0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler fsm ingress

This configuration allows you to collect MPLS traffic with both IPv6 and IPv4 fields. It also collects MPLS traffic with no IPv4 or IPv6 payload, but those fields are set to zero.

RP/0/0/CPU0:router(config)# flow monitor-map MPLS-IPv4-IPv6-fmm
RP/0/0/CPU0:router(config-fmm)# record mpls IPv4-IPv6-fields labels 3
RP/0/0/CPU0:router(config-fmm)# cache permanent
RP/0/0/CPU0:router(config-fmm)# exit
RP/0/0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-IPv6-fmm sampler fsm ingress

This example shows how to configure three labels for hashing:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow monitor-map map1
RP/0/0/CPU0:router(config-fmm)# record mpls labels 3

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow monitor-map

Creates and configures a flow monitor map  

record ipv4

Activates an IPv4 flow record  

show flow monitor

Displays flow monitor cache data in various formats.  

show flow monitor-map

Displays flow monitor map data.  

sampler-map

To enter sampler map configuration submode for a specific monitor map, use the sampler-map command in global configuration mode. To remove a configured sampler map, use the no form of this command.

sampler-map map_name

no sampler-map map_name

Syntax Description

map_name

Name of the sampler map you want to configure. The sampler map name can be a maximum 32 characters.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

When you issue the sampler-map map_name command in global configuration mode, the CLI prompt changes to “config-sm,” indicating that you have entered the sampler map configuration submode. In this sample output, the question mark ( ? ) online help function displays all the commands available under sampler map configuration submode:

RP/0/0/CPU0:router(config)# sampler-map test
RP/0/0/CPU0:router(config-sm)# ?

  clear     Clear the uncommitted configuration
  commit    Commit the configuration changes to running
  describe  Describe a command without taking real actions
  do        Run an exec command
  exit      Exit from this submode
  no        Negate a command or set its defaults
  pwd       Commands used to reach current submode
  random    Use random mode for sampling packets
  root      Exit to the global configuration mode
  show      Show contents of configuration

These restrictions prevent the NetFlow processes from using up all of the available CPU:

  • NetFlow supports a policer rate of 35,000 packets per second per direction for each individual line card.
  • NetFlow supports a policer rate of 50,000 packets per second per direction for each individual line card if Sampled NetFlow (SNF) is enabled in one direction (ingress or egress). Note that this limit does not apply if SNF is enabled in both directions. If SNF is enabled in both directions, then NetFlow supports 25,000 packets per second per direction for each individual line card.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to use the sampler-map command to enter sampler map configuration submode for the monitor map called “map1:”

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# sampler-map map1
RP/0/0/CPU0:router(config-sm)#

Related Commands

Command

Description

flow

Specifies a flow monitor map  

show flow exporter

To display flow exporter data, enter the show flow exporter command in EXEC mode.

show flow exporter [exporter_name] location node-id

Syntax Description

exporter_name

Identifies the flow exporter whose data you want to display.

location node-id

Location where the cache resides. The node-id argument is expressed in the rack/slot/module notation.

Note   

Enter the show platform command to see the location of all nodes installed in the router.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display flow exporter map data:

RP/0/0/CPU0:router# show flow exporter fem1 location 0/0/CPU0

Flow Exporter: NFC 
Used by flow monitors: fmm4
 
Status: Normal
Transport   UDP
Destination 12.24.39.0      (50001)
Source      12.25.54.3      (5956)
Flows exported:                                   0 (0 bytes)
Flows dropped:                                    0 (0 bytes)
 
Templates exported:                               1 (88 bytes)
Templates dropped:                                0 (0 bytes)
 
Option data exported:                             0 (0 bytes)
Option data dropped:                              0 (0 bytes)
 
Option templates exported:                        2 (56 bytes)
Option templates dropped:                         0 (0 bytes)
 
Packets exported:                                 3 (144 bytes)
Packets dropped:                                  0 (0 bytes)
 
Total export over last interval of:
  1 hour:                                         0 pkts
                                                  0 bytes
                                                  0 flows
  1 minute:                                       3 pkts
                                                144 bytes
                                                  0 flows
  1 second:                                       0 pkts
                                                  0 bytes
                                                  0 flows
Table 1 show flow exporter Field Descriptions

Field

Description

Id

Identifies the flow exporter map.

Used by flow monitors

Name of the flow monitors associated with the specified flow exporter map.

Status

Status of the exporter.

  • Normal—Exporter is active and can export packets.
  • Disabled—Exporter cannot send out packets because the collector is unreachable or the configuration is incomplete.

Destination

Export destination address the current flow exporter map.

Flows exported

Flows exported, in bytes.

Flows dropped

Flows dropped, in bytes.

Templates exported

Templates exported, in bytes.

Templates dropped

Templates dropped, in bytes.

Option data exported

Option data exported, in bytes.

Option data dropped

Option data dropped, in bytes.

Option templates exported

Option templates exported, in bytes.

Option templates dropped

Option templates dropped, in bytes.

Packets exported:

Packets exported, in bytes.

Packets dropped

Packets dropped, in bytes.

Average export rate over interval of last:

Average export rate, in bytes/pkts. Information is displayed for intervals of the last hour, minute, and second.

show flow exporter-map

To display flow exporter map information for a specific node, enter the show flow exporter-map command in EXEC mode.

show flow exporter-map [name]

Syntax Description

name

Name of the exporter map whose information you want to display.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display flow exporter map information:

RP/0/0/CPU0:router# show flow exporter-map map1

Flow Exporter Map : map1
-------------------------------------------------
Id                 : 2
DestinationIpAddr   : 10.1.1.1
SourceIfName        : Loopback0
SourceIpAddr        : 10.1.1.1
DSCP                : 10
TransportProtocol   : UDP
TransportDestPort   : 1024

Export Version: 9
  Common Template Timeout : 1800 seconds
  Options Template Timeout : 1800 seconds
  Data Template Timeout : 600 seconds
  Interface-Table Export Timeout : 1800 seconds
  Sampler-Table Export Timeout : 0 seconds

This table describes the significant fields shown in the display.



Table 2 show flow exporter-map Field Descriptions

Field

Description

Id

Identifies the flow exporter map.

DestinationIpAddr

Exports destination configuration.

SourceIfName

Source interface for this exporter map. You can specify the source interface with the flow exporter-map command.

SourceIpAddr

IP address of the source interface (SourceIfName).

DSCP

Differentiated services codepoint (DSCP) value for export packets.

Note   

You can specify the DSCP with the flow exporter-map command.

TransportProtocol

Displays the configured transport protocol.

Note   

Cisco IOS XR software supports the UDP transport protocol only.

Note   

You can specify the transport protocol with the flow exporter-map command.

TransportDestPort

Displays the configured destination port for UDP packets.

Export Version

Displays the configured export format.

Note   

Cisco IOS XR software supports export format version 9 only.

Common Template Timeout

Displays the configured common template timeout.

Options Template Timeout

Displays the configured options template timeout.

Note   

You can specify the options template timeout with the flow exporter-map command.

Data Template Timeout

Displays the configured data template timeout.

Note   

You can specify the data template timeout with the flow exporter-map command.

Interface-Table Export Timeout

Displays the export timeout value for the interface table.

Note   

You can specify the export timeout for the interface table with the flow exporter-map command.

Sampler-Table Export Timeout

Displays the export timeout value for the sampler table.

Note   

You can specify the export timeout for the sampler table with the flow exporter-map command.

Related Commands

Command

Description

clear flow exporter

Exports flow exporter templates to the collector  

flow exporter-map

Creates a flow exporter map  

show flow exporter

Displays flow exporter data  

show flow monitor

To display flow monitor cache data in various formats, enter the show flow monitor command in EXEC mode.

To match on Access Control Lists (ACLs) and one or more fields:

show flow monitor monitor-name cache match { ipv4 { acl name | source-address match-options | destination-address match-options | protocol match-options | tos match-options } | ipv6 { acl name | source-address match-options | destination-address match-options | protocol match-options | tc match-options } | layer4 { source-port-overloaded match-options | destination-port-overloaded match-options | tcp-flags match-flags-options } | bgp { source-as match-options | destination-as match-options } | interface { ingress match-if-options | egress match-if-options } | timestamp { first match-options | last match-options } | counters { byte match-options | packets match-options } | misc { forwarding-status match-options | direction match-dir-options } }

To sort flow record information according to a particular field:

show flow monitor monitor-name cache sort { ipv4 { source-address | destination-address | tos | protocol } | ipv4 { source-address | destination-address | tc | protocol } | mpls { label-2 | label-3 | label-4 | label-5 | label-6 | label-type | prefix | top-label } | layer4 { source-port-overloaded | destination-port-overloaded } | bgp { source-as | destination-as } | timestamp { first | last } | counters { bytes | packets } | misc { forwarding-status | direction } { top | bottom } [entries] }

To include or exclude one or more fields in the show flow monitor command output:

show flow monitor monitor-name cache { include | exclude } { ipv4 { source-address | destination-address | tos | protocol } | ipv6 { source-address | destination-address | tc | flow-label | option-headers | protocol } | mpls { label-2 | label-3 | label-4 | label-5 | label-6 | top-label } | layer4 { source-port-overloaded | destination-port-overloaded } | bgp { source-as | destination-as } | timestamp { first | last } | counters { bytes | packets } | misc { forwarding-status match-options | direction match-dir-options } }

To display summarized flow record statistics:

show flow monitor monitor-name cache summary location node-id

To display only key field, packet, and byte information for the flow records:

show flow monitor monitor-name cache brief location node-id

To display flow record information for a particular node only:

show flow monitor monitor-name cache location node-id

Syntax Description

If you specified the show flow monitor monitor-name cache match command to match on ACL and one or more fields:

monitor-name

Flow monitor map whose details you want to display.

cache

Displays details about the flow monitor cache.

match

Specifies match criteria for the display.

Enter the match keyword followed by the ? command to see a complete list of possible match criteria.

ipv4

Specifies IPv4 fields.

ipv6

Specifies IPv6 fields.

acl name

Specifies an access list. Replace name with the name of the access whose information you want to display.

source-address match-options

Specifies source IP address match options. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the source-address keyword followed by the ? command to see a complete list of possible match criteria.

destination-address

Specifies IPV4 or IPv6 destination address match options. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the destination-address keyword followed by the ? command to see a complete list of possible match criteria.

tos match-options

Compares fields and matches them based on the type of service value. Range is from 0 through 255. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the tos keyword followed by the ? command to see a complete list of possible match criteria.

protocol match-options

Compares fields and matches them based on the protocol value. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the protocol keyword followed by the ? command to see a complete list of possible match criteria.

layer4

Compares Layer 4 fields and matches them based on specific criteria. You can specify match criteria for any of the following Layer 4 fields:

  • destination-port-overloaded
  • source-port-overloaded
  • tcp-flags
Note   

Enter the layer4 keyword followed by the ? command to see a complete list of possible Layer 4 fields to compare and match.

destination-port-overloaded

Compares fields and matches them based on the destination-port-overloaded value. The destination port is matched if the protocol specified for that port is TCP or UDP.

Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the destination-port-overloaded keyword followed by the ? command to see a complete list of possible match criteria.

source-port-overloaded

Compares fields and matches them based on the source-port-overloaded value.

The source port is matched if the protocol specified for that port is one of the following:

  • TCP—Range is from 0 through 65535.
  • UDP—Range is from 0 through 65535.
  • ICMP—Type or code is in range from 0 through 255.
  • IGMP—Type is in range from 0 through 255.

Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

NoteEnter the source-port-overloaded keyword followed by the ? command to see a complete list of possible match criteria.

tcp-flags match-flags-options

Specifies TCP flags, as follows:

  • all —Match all of the fields
  • any —Match any of the fields
  • none —Match none of the fields.
Note   

Enter the tcp-flags keyword followed by the ? command to see a complete list of possible match criteria.

bgp

Compares BGP fields and matches them based on specific criteria. You can specify match criteria for any of the following BGP fields:

  • destination-as —Destination as.
  • source-as —Source as.
source-as match-options

Compares and matches the BGP autonomous system number of the destination address.

Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the source-as keyword followed by the ? command to see a complete list of possible match criteria.

destination-as match-options

Compares and matches the BGP autonomous system number of the source address. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the destination-as keyword followed by the ? command to see a complete list of possible match criteria.

timestamp

Specifies the time stamp for which to compare and match the specified criteria. Enter the first keyword or the last keyword to specify the time stamp whose criteria you want to compare.

first match-options

Compares fields from the first time stamp and matches them based on the match-options value. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the first keyword followed by the ? command to see a complete list of possible match criteria.

last match-options

Compares fields from the last time stamp and matches them based on the match-if-options value. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the last keyword followed by the ? command to see a complete list of possible match criteria.

counters

Specifies the counters for which to compare and match the specified criteria. Enter the byte keyword or the packets keyword to specify the counters whose criteria you want to compare.

byte match-options

Compares bytes counter fields and matches them based on the match-options value. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the byte keyword followed by the ? command to see a complete list of possible match criteria.

packets match-options

Compares packets counter fields and matches them based on the match-options value. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.
Note   

Enter the byte keyword followed by the ? command to see a complete list of possible match criteria.

misc

Specifies miscellaneous fields for which to compare and match the specified criteria. Enter the forwarding-status keyword or the direction keyword to specify the field whose criteria you want to compare.

forwarding-status match-options

Compares forwarding status fields and matches them based on the match-options value. Possible match options are:

  • eq —Match if equal to field value.
  • gt —Match if greater than field value.
  • lt —Match if less than field value.
  • neq —Match if not equal to field value.
  • range —Match if within the range of field values.

Enter the forwarding-status keyword followed by the ? command to see a complete list of possible match criteria.

direction match-dir-options

Compares information about the direction of the flow and matches it based on the match-options value. Possible match options are:

  • eq —Match if equal to field value.
  • neq —Match if not equal to field value.
Note   

Enter the direction keyword followed by the ? command to see a complete list of possible match criteria.

To sort flow record information according to a particular field:

monitor-name

Flow monitor map whose details you want to display.

cache

Displays details about the flow monitor cache.

sort

Determines sorting criteria for the show flow monitor command display.

ipv4

Specifies sorting criteria for one of the following IPv4 fields:

  • destination-address
  • source-address
  • protocol
  • tos
Note   

Enter the ipv4 keyword followed by the ? command to see a complete list of possible sorting criteria.

ipv6

Specifies sorting criteria for one of the following IPv6 fields:

  • destination-address
  • source-address
  • protocol
  • tos
Note   

Enter the ipv6 keyword followed by the ? command to see a complete list of possible sorting criteria.

source-address

Displays IPv4 or IPv6 information for the source address according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the source-address keyword followed by the ? command to see a complete list of possible sorting criteria.

destination-address

Displays IPv4 or IPv6 information for the destination address according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the destination-address keyword followed by the ? command to see a complete list of possible sorting criteria.

tos

Displays IPv4 type of service information according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the tos keyword followed by the ? command to see a complete list of possible sorting criteria.

tc

Displays IPv6 traffic class information according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the tc keyword followed by the ? command to see a complete list of possible sorting criteria.

protocol

Displays IPv4 or IPv6 protocol information according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the tos keyword followed by the ? command to see a complete list of possible sorting criteria.

mpls

Specifies sorting criteria for one of the following MPLS fields:

  • label-2
  • label-3
  • label-4
  • label-5
  • label-6
  • label-type
  • prefix
  • top-label
Note   

Enter the mpls keyword followed by the ? command to see a complete list of possible sorting criteria.

label-2

Displays MPLS information for the second label in the MPLS label stack. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
label-3

Displays MPLS information for the third label in the MPLS label stack. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
label-4

Displays MPLS information for the fourth label in the MPLS label stack. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
label-5

Displays MPLS information for the fifth label in the MPLS label stack. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
label-6

Displays MPLS information for the sixth label in the MPLS label stack. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
label-type

Displays MPLS information for the specified type of label in the MPLS label stack. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
prefix

Displays MPLS information for the destination address. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
top-label

Displays MPLS information for the top label in the MPLS label stack. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
layer4

Specifies sorting criteria for one of the following Layer 4 fields:

  • source-port-overloaded
  • destination-port-overloaded
Note   

Enter the layer4 keyword followed by the ? command to see a complete list of possible sorting criteria.

source-port-overloaded

Displays source port overload information according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the source-port-overloaded keyword followed by the ? command to see a complete list of possible sorting criteria.

destination-port-overloaded

Displays destination port overload information according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the destination-port-overloaded keyword followed by the ? command to see a complete list of possible sorting criteria.

bgp

Specifies sorting criteria for one of the following BGP fields:

  • source-as
  • destination-as
Note   

Enter the layer4 keyword followed by the ? command to see a complete list of possible sorting criteria.

source-as Displays information about the BGP source address autonomous system number according to the specified sorting criteria. Possible sorting options are:
  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the source-as keyword followed by the ? command to see a complete list of possible sorting criteria.

destination-as

Displays information about the BGP destination address autonomous system number according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the destination-as keyword followed by the ? command to see a complete list of possible sorting criteria.

timestamp

Specifies sorting criteria for the first or last time stamp. Enter the first keyword or the last keyword to specify the time stamp whose criteria you want to specify.

Note   

Enter the timestamp keyword followed by the ? command to see a complete list of possible sorting criteria.

first

Displays information for the first time stamp according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the first keyword followed by the ? command to see a complete list of possible sorting criteria.

last

Displays information for the last time stamp according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the last keyword followed by the ? command to see a complete list of possible sorting criteria.

counters

Specifies sorting criteria for the bytes or packets counters. Follow the counters keyword with the byte keyword or the packets keyword to specify the counters whose criteria you want to compare.

bytes

Displays bytes counter information according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the bytes keyword followed by the ? command to see a complete list of possible sorting criteria.

packets

Displays packets counter information according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the packets keyword followed by the ? command to see a complete list of possible sorting criteria.

misc

Specifies sorting criteria for miscellaneous fields. Follow the misc keyword with the forwarding-status keyword or the direction keyword to specify the counters whose criteria you want to compare.

forwarding-status

Displays forwarding status information according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the forwarding-status keyword followed by the ? command to see a complete list of possible sorting criteria.

direction

Displays information about the direction of the flow according to the specified sorting criteria. Possible sorting options are:

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
Note   

Enter the direction keyword followed by the ? command to see a complete list of possible sorting criteria.

top

Displays top cache entries. Replace records with the number of records you want to display.

Note   

You can follow the top keyword with the optional entries argument to specify the number of records to display.

bottom

Displays bottom cache entries. Replace records with the number of records you want to display.

Note   

You can follow the bottom keyword with the optional entries argument to specify the number of records to display.

entries

Number of records to display. Range is from 1 through 1000.

To include or exclude one or more fields in the show flow monitor command output:

monitor-name

Flow monitor map whose details you want to display.

cache

Displays details about the flow monitor cache.

include

Includes the specified fields in the display output. Enter the include keyword, followed by the keyword or keywords that specify the fields to include.

Note   

To see a list of fields that can be included, enter the include keyword, followed by the ? command.

exclude

Excludes the specified fields in the display output. Enter the exclude keyword, followed by the keyword or keywords that specify the fields to exclude.

Note   

To see a list of fields that can be excluded, enter the exclude keyword, followed by the ? command.

ipv4

Includes or excludes one of the following IPv4 fields in the command output:

  • destination-address
  • source-address
  • protocol
  • tos
Note   

Enter the ipv4 keyword followed by the ? command to see a complete list of possible sorting criteria.

ipv6

Includes or excludes one of the following IPv6 fields in the command output:

  • destination-address
  • flow-label
  • option-headers
  • source-address
  • protocol
  • tos
Note   

Enter the ipv6 keyword followed by the ? command to see a complete list of possible sorting criteria.

source-address

Includes or excludes IPV4 or IPV6 information for the source address in the command output.

destination-address

Includes or excludes IPV4 or IPV6 information for the destination address in the command output.

flow-label

Includes or excludes information about the IPv6 flow label in the command output. The flow label is the 20-bit flow label id present in every IPv6 packet header.

option-headers

Includes or excludes IPV6 information for the option headers in the command output. The option header is a bit mask that indicates which options headers are present in the IPv6 header.

tos

Includes or excludes IPV4 type of service information in the command output.

tc

Includes or excludes IPV6 traffic class information in the command output.

protocol

Includes or excludes IPV4 or IPV6 protocol information in the command output.

mpls

Includes or excludes one of the following MPLS fields in the command output:

  • label-2
  • label-3
  • label-4
  • label-5
  • label-6
  • top-label
Note   

Enter the mpls keyword followed by the ? command to see a complete list of possible sorting criteria.

label-2

Includes or excludes MPLS information for the second label in the MPLS label stack.

label-3

Includes or excludes MPLS information for the third label in the MPLS label stack.

label-4

Includes or excludes MPLS information for the fourth label in the MPLS label stack.

label-5

Includes or excludes MPLS information for the fifth label in the MPLS label stack.

label-6

Includes or excludes MPLS information for the sixth label in the MPLS label stack.

top-label

Includes or excludes MPLS information for the top label in the MPLS label stack.

layer4

Includes or excludes one of the following the following Layer 4 fields in the command output:

  • source-port-overloaded
  • destination-port-overloaded
Note   

Enter the layer4 keyword followed by the ? command to see a complete list of possible sorting criteria.

source-port-overloaded

Includes or excludes source port overload information in the command output.

destination-port-overloaded

Includes or excludes destination port overload information in the command output.

  • top —Displays top cache entries.
  • bottom —Displays bottom cache entries.
bgp

Includes or excludes the following BGP fields in the command output:

  • source-as
  • destination-as
Note   

Enter the bgp keyword followed by the ? command to see a complete list of possible sorting criteria.

source-as

Includes or excludes information about the BGP source address autonomous system number in the command output.

destination-as

Includes or excludes information about the BGP destination address autonomous system number in the command output.

timestamp

Includes or excludes information from the first or last time stamp in the command output. Enter the first keyword or the last keyword to include or exclude information about a specific time stamp.

Note   

Enter the timestamp keyword followed by the ? command to see a complete list of possible sorting criteria.

first

Includes or excludes information for the first time stamp in the command output.

last

Includes or excludes information for the first time stamp in the command output.

counters

Includes or excludes bytes or packets counters in the command output. Follow the counters keyword with the byte keyword or the packets keyword to include or exclude particular counters.

Note   

Enter the counters keyword followed by the ? command to see a complete list of possible sorting criteria.

bytes

Includes or excludes bytes counter information in the command output.

packets

Includes or excludes packets counter information in the command output.

misc

Includes or excludes information for miscellaneous fields in the command output. Follow the misc keyword with the forwarding-status keyword or the direction keyword to specify the field you want to include or exclude.

Note   

Enter the misc keyword followed by the ? command to see a complete list of possible sorting criteria.

forwarding-status

Includes or excludes forwarding status information in the command output.

direction

Includes or excludes information about the direction of the flow in the command output.

top

Includes or excludes top cache entries in the command output. Replace records with the number of records you want to display.

bottom

Includes or excludes bottom cache entries. Replace records with the number of records you want to display

entries

Number of records to display. Range is from 1 through 1000.

To display summarized flow record statistics:

monitor-name

Flow monitor map whose details you want to display.

cache

Displays details about the flow monitor cache.

summary

Displays summarized flow monitor information only.

monitor-name

Flow monitor map whose details you want to display.

cache

Displays details about the flow monitor cache.

brief

Abbreviates the show flow monitor command output.

To display flow record information for a particular node only:

monitor-name

Flow monitor map whose details you want to display.

cache

Displays details about the flow monitor cache.

location node-id

Identifies the node whose flow exporter statistics you want to clear, or whose flow exporter statistics collector you want to restart. The node-id argument is expressed in the rack/slot/module notation.

Note   

Enter the location keyword followed by the ? command to see a complete list of possible sorting criteria.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 4.0.0

Command was modified to add support for IPv6 and IPv6-aware MPLS fields. The interface keyword options were removed.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.


Note


To collect source and destination AS information, you must enable BGP on the relevant BGP AFI/SAFI. Unless this is done, all AS numbers in the flow records are displayed as 0.


Keep these information in mind when using the show flow monitor command:

  • The show flow monitor command can include combinations of these options:
    • format
    • match
    • include
    • exclude
    • sort
    • summary
    • location
  • We do not recommend including the summary option with the sort and format options.
  • The mutually exclusive options are summary, brief, include, and exclude.
  • To see a list of fields that can be included after a keyword, enter the ? command, as shown in this example:
    RP/0/0/CPU0:router# show flow monitor map1 cache summary ?
    
      brief     Show just the key fields
      exclude   Exclude field
      format    Display format
      include   Include field
      location  Specify a location
      match     Match criteria
      sort      Sorting criteria
    

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display flow monitor data for a specific monitor map cache in the location 0/0/CPU0 :

RP/0/0/CPU0:router# show flow monitor fmm2 cache loc 0/0/CPU0

Cache summary for Flow Monitor fmm2:
Cache size:                          65535
Current entries:                         4
High Watermark:                      62258
Flows added:                             4
Flows not added:                         0
Ager Polls:                             60
  - Active timeout                       0
  - Inactive timeout                     0
  - TCP FIN flag                         0
  - Watermark aged                       0
  - Emergency aged                       0
  - Counter wrap aged                    0
  - Total                                0
Periodic export:
  - Counter wrap                         0
  - TCP FIN flag                         0
Flows exported                           0
Matching entries:                        4

IPV4SrcAddr      IPV4DstAddr      L4SrcPort  L4DestPort BGPDstOrigAS BGPSrcOrigAS IPV4DstPrfxLen
IPV4SrcPrfxLen  IPV4Prot IPV4TOS  InputInterface  OutputInterface L4TCPFlags   ForwardStatus
ForwardReason FirstSwitched   LastSwitched    ByteCount    PacketCount  Dir Sampler ID
17.17.17.2       18.18.18.2       0          0          0            0            24              24        $
61       normal   HundredGigE /0/0/8       HundredGigE 0/0/0/12      0            Fwd           0             00
00:02:43:800 00 00:02:49:980 37200        620           In 0
18.18.18.2       17.17.17.2       0          0          0            0            24              24        $
61       normal   HundredGigE 0/0/0/12      HundredGigE 0/0/0/8       0            Fwd           0             00
00:02:43:791 00 00:02:49:980 37200        620           In 0
17.17.17.2       18.18.18.2       0          0          0            0            24              0         $
61       normal   HundredGigE 0/0/0/8       HundredGigE 0/0/0/12      0            Fwd           0             00   
00:02:43:798 00 00:02:49:980 34720        620          Out 0
18.18.18.2       17.17.17.2       0          0          0            0            24              0         $
61       normal   HundredGigE 0/0/0/12      HundredGigE 0/0/0/8       0            Fwd           0             00
00:02:43:797 00 00:02:49:980 34720        620          Out 0
L4SrcPort  L4DestPort BGPDstOrigAS BGPSrcOrigAS IPV4DstPrfxLen

This table describes the significant fields shown in the display.



Table 3 show flow monitor Field Descriptions

Field

Description

Cache summary for Flow Monitor fmm2

Displays general cache information for the specified flow monitor. The following information is displayed

  • Cache size for the specified flow monitor map
  • Current number of entries in the cache
  • High watermark for this cache
  • Number of flows added to the cache
  • Number of flows not added to the cache

Ager Polls

Displays the following ager statistics:

  • Active timeout
  • Inactive timeout
  • TCP FIN flag
  • Watermark aged
  • Emergency aged
  • Counter wrap aged
  • Total

Periodic export

  • Counter wrap
  • TCP FIN flag

Cache summary for Flow Monitor fmm2

Displays general cache information for the specified flow monitor. The following information is displayed

  • Cache size for the specified flow monitor map
  • Current number of entries in the cache
  • High watermark for this cache
  • Number of flows added to the cache
  • Number of flows not added to the cache

show flow monitor-map

To display flow monitor map data, enter the show flow monitor-map command in EXEC mode.

show flow monitor-map map-name

Syntax Description

map-name

Name of the monitor map whose data you want to display.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.4.1

The ipv4-raw record map name was replaced with ipv4.

Release 3.5.0

The show flow monitor-map command output was modified to include raw MPLS, and IPv4-aware MPLS information.

Release 4.0.0

The show flow monitor-map command output was modified to include IPv6 and IPv6-aware MPLS information

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display monitor-map data for a specific flow:

RP/0/0/CPU0:router# show flow monitor-map map1

Flow Monitor Map : map1
-------------------------------------------------
Id:                1
RecordMapName:     ipv4
ExportMapName:     NFC
CacheAgingMode:    Permanent
CacheMaxEntries:   10000
CacheActiveTout:   N/A
CacheInactiveTout: N/A
CacheUpdateTout:   60 seconds

This table describes the significant fields shown in the display.



Table 4 show flow monitor-map Field Descriptions

Field

Description

Flow Monitor Map

Name of the flow monitor map whose information is display in the show flow monitor-map command output.

Id

Number that identifies the flow monitor map.

RecordMapName

Name of the flow record map that is associated with this monitor map. The RecordMapName indicates the type of packets NetFlow captures as they leave the router.

ExportMapName

Name of the export map that is associated with this monitor map.

CacheAgingMode

Current aging mode configured on this cache.“Permanent” indicates that the removal of entries from the monitor map flow cache is disabled.

Note   

To configure the number of entries allowed in the monitor map flow cache, enter the cache entries command in flow monitor map configuration mode. To disable the removal of entries from the monitor map flow cache, enter the cache permanent command in flow monitor map configuration mode.

CacheMaxEntries

Number of flow entries currently allowed in the flow cache before the oldest entry is removed.

Note   

To modify the number of entries in the monitor map flow cache, enter the cache entries command in flow monitor map configuration mode

CacheActiveTout

Active flow timeout configured for this cache, in seconds.

Note   

To modify the configured active flow timeout, use the cache timeout command in flow monitor map configuration mode.

CacheInactiveTout

Inactive flow timeout configured for this cache, in seconds.

Note   

To modify the configured inactive flow timeout, use the cache timeout command in flow monitor map configuration mode.

CacheUpdateTout

Update timeout configured for this cache, in seconds.

Note   

To modify the configured update timeout, use the cache timeout command in flow monitor map configuration mode.

This example shows how to display monitor-map data for a specific IPv6 flow:

RP/0/0/CPU0:router# show flow monitor-map map2

Tue Jan 22 00:15:53.424 PST
Flow Monitor Map : map2
-------------------------------------------------
Id: 1
RecordMapName: ipv6-destination
CacheAgingMode: Normal
CacheMaxEntries: 65535
CacheActiveTout: 1800 seconds
CacheInactiveTout: 15 seconds
CacheUpdateTout: N/A

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor data  

flow monitor-map

Creates and configures a flow monitor map  

flow

Specifies a flow monitor map  

record ipv4

Activates an IPv4 flow record  

record ipv6

Configures the flow record map name for IPv6  

record mpls

Configures the flow record map name for MPLS  

show sampler-map

To display sampler map information, enter the show sampler-map command in EXEC mode.

show sampler-map [sampler-name]

Syntax Description

sampler-name

Identifies the sampler map whose information you want to display.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display sampler map information for a router:

RP/0/0/CPU0:router# show sampler-map map1

Sampler Map : map1
-------------------------------------------------
Id:      1
Mode:    Random (1 out of 100 Pkts)

This table describes the significant fields shown in the display.



Table 5 show sampler-map Field Descriptions

Field

Description

Id

Flow sampler map identifier.

Mode

Sampling interval in units of packet. “Random” mode is any mode that was configured with the flow monitor-map command.

Note   

Currently, Cisco IOS XR software supports “Random” mode only.

Related Commands

Command

Description

sampler-map

Enter sampler map configuration submode for a specific monitor map  

flow

Specifies a flow monitor map  

source (NetFlow)

To configure a source interface for the current collector, use the source command in flow exporter map configuration mode. To remove a configured source interface, use the no form of this command.

source type interface-path-id

no source type interface-path-id

Syntax Description

type

Interface type. For more information, use the question mark ( ? ) online help function.

interface-path-id

Physical interface or virtual interface.

Note   

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark ( ? ) online help function.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.4.0

This command was moved to the flow exporter map configuration mode.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

For the interface-path-id argument, use the following guidelines:

  • If specifying T1/E1/DS0 physical interfaces, the naming notation is rack/slot/module/port/t1-num:
  • channel-group-number. If specifying other physical interface types, the naming notation is rack/slot/module/port. The slash between values is required as part of the notation. An explanation of each component of the naming notation is as follows:
    • rack: Chassis number of the rack.
    • slot: Physical slot number of the modular services card or line card.
    • module: Module number. A physical layer interface module (PLIM) is always 0. Shared port adapters (SPAs) are referenced by their subslot number.
    • port: Physical port number of the T3 controller.
    • t1-num : T1 or E1 channel number. T1 channels range from 1 to 24; E1 channels range from 1 to 31.
    • channel-group-number : Time slot number. T1 time slots range from 1 to 24; E1 time slots range from 1 to 31. The channel-group-number is preceded by a colon and not a slash.
  • If specifying a virtual interface, the number range varies, depending on interface type.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure a physical interface as a source for the current collector:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow exporter-map map1
RP/0/0/CPU0:router(config-fem)# source GigabitEthernet 0/1/0/0

This example shows how to configure a virtual interface as a source for the current collector. In this example, the source is an Ethernet bundle:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow exporter-map map1
RP/0/0/CPU0:router(config-fem)# source Bundle-Ether 1

Related Commands

Command

Description

flow exporter-map

Creates a flow exporter map  

flow monitor-map

Creates and configures a flow monitor map  

show flow exporter

Displays flow exporter data  

show flow exporter-map

Displays flow exporter map information for a specific node.  

template (NetFlow)

To configure the export timeout value for the data and options templates, enter the template command in flow exporter map version configuration mode. To remove a configured template export timeout value, use the no form of this command.

template [ data | options ] timeout seconds

no template [ data | options ] timeout seconds

Syntax Description

data

(Optional) Specifies the data template.

options

(Optional) Specifies the options template.

timeout seconds

Configures the timeout value for the specified template, or for both the data and options templates. Replace seconds with the export timeout value. Range is from 1 through 604800 seconds.

Command Default

Default timeout value for data and options template is 1800 seconds.

Command Modes

Flow exporter map version configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the export timeout value for the data template to be 300 seconds:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow exporter-map fem1
RP/0/0/CPU0:router(config-fem)# version v9
RP/0/0/CPU0:router(config-fem-ver)# template data timeout 300

Related Commands

Command

Description

flow exporter-map

Creates a flow exporter map  

flow monitor-map

Creates and configures a flow monitor map  

show flow exporter

Displays flow exporter data  

show flow exporter-map

Displays flow exporter map information for a specific node.  

transport udp

To configure the destination port for User Datagram Protocol (UDP) packets, enter the transport udp command in flow exporter map configuration mode. To remove a configured destination port, use the no form of this command.

transport udp port_value

no transport udp port_value

Syntax Description

port_value

Destination port for UDP packets. Replace port with the destination port value. Range is from 1024 through 65535.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Release 3.4.0

This command was moved to the flow exporter map configuration mode.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the destination port for UDP packets:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow exporter-map map1
RP/0/0/CPU0:router(config-fem)# transport udp 1030

Related Commands

Command

Description

flow exporter-map

Creates a flow exporter map  

flow monitor-map

Creates and configures a flow monitor map  

show flow exporter

Displays flow exporter data  

show flow exporter-map

Displays flow exporter map information for a specific node.  

version v9

To enter flow exporter map version configuration submode so that you can configure export version parameters, enter the version v9 command in flow exporter map configuration mode. To remove the current export version configuration and return to the default configuration, use the no form of this command.

version v9

no version v9

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 3.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

When you issue the version v9 command, the CLI prompt changes to “config-fem-ver,” indicating that you have entered flow exporter map version configuration submode. In this sample output, the question mark ( ? ) online help function displays all the commands available under flow exporter map version configuration submode:

RP/0/0/CPU0:router(config-fem)# version v9
RP/0/0/CPU0:router(config-fem-ver)#?

  clear     Clear the uncommitted configuration
  commit    Commit the configuration changes to running
  describe  Describe a command without taking real actions
  do        Run an exec command
  exit      Exit from this submode
  no        Negate a command or set its defaults
  options   Specify export of options template
  pwd       Commands used to reach current submode
  root      Exit to the global configuration mode
  show      Show contents of configuration
  template  Specify template export parameters

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to enter flow exporter map version configuration submode:

RP/0/0/CPU0:router# configure
RP/0/0/CPU0:router(config)# flow exporter-map map1
RP/0/0/CPU0:router(config-fem)# version v9
RP/0/0/CPU0:router(config-fem-ver)# 

Related Commands

Command

Description

flow exporter-map

Creates a flow exporter map  

flow monitor-map

Creates and configures a flow monitor map  

show flow exporter

Displays flow exporter data  

show flow exporter-map

Displays flow exporter map information for a specific node.