Information About NetFlow
NetFlow allows you to evaluate IP and Ethernet traffic and understand how and where it flows. NetFlow gives you visibility into traffic that transits the virtual switch by characterizing traffic based on its source, destination, timing, and application information. You can use this information to assess network availability and performance, assist in meeting regulatory requirements (compliance), and help with troubleshooting. NetFlow gathers data that you can use for accounting, network monitoring, and network planning.
What is a Flow
A flow is a one-directional stream of packets that arrives on a source interface (or subinterface), matching a set of criteria. All packets with the same source/destination IP address, source/destination ports, protocol, interface, and class of service are grouped into a flow and then packets and bytes are tallied. This condenses a large amount of network information into a database called the NetFlow cache.
You create a flow using a flow record to define the criteria for your flow. All criteria must match for the packet to count in the given flow. Flows are stored in the NetFlow cache. Flow information tells you the following:
-
Source address tells you who is originating the traffic.
-
Destination address tells who is receiving the traffic
-
Ports characterize the application that uses the traffic
-
Class of service examines the priority of the traffic
-
The device interface tells how traffic is being used by the network device
-
Tallied packets and bytes show the amount of traffic
Flow Record Definition
A flow record defines the information that NetFlow gathers, such as the packets in the flow and the types of counters gathered per flow. You can define new flow records or use the predefined Cisco Nexus 1000V flow record.
Predefined flow records use 32-bit counters and are not recommended for data rates above 1 Gbps. For data rates that are higher than 1 Gbps, Cisco recommends that you manually configure the records to use 64-bit counters.
The following table describes the criteria defined in a flow record.
Flow Record Criteria | Description | ||
---|---|---|---|
Match |
Defines the information that is matched for collection in the flow record.
|
||
Collect |
Defines how the flow record collects information.
|
Predefined Flow Records
Cisco Nexus 1000V Predefined Flow Record—Netflow-Original
switch# show flow record netflow-original
Flow record netflow-original:
Description: Traditional IPv4 input NetFlow with origin ASs
No. of users: 0
Template ID: 0
Fields:
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
switch#
Note |
Although the following lines appear in the output of the show flow record command, the commands they are based on are not currently supported in the Cisco Nexus 1000V. The use of these commands does not affect on the configuration.
|
Cisco Nexus 1000V Predefined Flow Record—Netflow IPv4 Original-Input
switch# show flow record netflow ipv4 original-input
Flow record netflow ipv4 original-input:
Description: Traditional IPv4 input NetFlow
No. of users: 0
Template ID: 0
Fields:
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
switch#
Cisco Nexus 1000V Predefined Flow Record—Netflow IPv4 Original-Output
switch# show flow record netflow ipv4 original-output
Flow record netflow ipv4 original-output:
Description: Traditional IPv4 output NetFlow
No. of users: 0
Template ID: 0
Fields:
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
switch#
Cisco Nexus 1000V Predefined Flow Record—Netflow Protocol-Port
switch# show flow record netflow protocol-port
Flow record netflow protocol-port:
Description: Protocol and Ports aggregation scheme
No. of users: 0
Template ID: 0
Fields:
match ip protocol
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
switch#