Catalyst 6500 Release 12.2SY Software Configuration Guide
NetFlow Hardware Support
Downloads: This chapterpdf (PDF - 209.0KB) The complete bookPDF (PDF - 18.17MB) | Feedback

NetFlow Hardware Support

Table Of Contents

NetFlow Hardware Support

Prerequisites for NetFlow Hardware Support

Restrictions for NetFlow Hardware Support

Information About NetFlow Hardware Support

Default Settings for NetFlow Hardware Support

How to Configure NetFlow Hardware Support

Configuring Inactive Flow Aging

Configuring Fast Aging

Configuring Active Flow Aging

Verifying the NetFlow Table Aging Configuration


NetFlow Hardware Support


Prerequisites for NetFlow Hardware Support

Restrictions for NetFlow Hardware Support

Information About NetFlow Hardware Support

Default Settings for NetFlow Hardware Support

How to Configure NetFlow Hardware Support

Verifying the NetFlow Table Aging Configuration


Note In Cisco IOS Release 12.2SY, the Flexible NetFlow feature provides statistics collection and data export. See these publications:

http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/command/fnf-cr-book.html



Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum


Prerequisites for NetFlow Hardware Support

None.

Restrictions for NetFlow Hardware Support

Cisco IOS Release 12.2SY and later releases do not support NetFlow version 7 or NetFlow version 8. Flexible NetFlow has limited support for NetFlow version 5.

No statistics are available for flows that are forwarded when the NetFlow table is full.

If the NetFlow table utilization exceeds the recommended utilization levels, there is an increased probability that there will be insufficient room to store statistics. Table 49-1 lists the recommended maximum utilization levels.

Table 49-1 NetFlow Table Utilization

PFC Mode
Effective NetFlow Table Utilization
Total NetFlow Table Capacity

PFC4XL

506,184 ingress entries

506,184 egress entries

524,288 (512k) ingress entries

524,288 (512k) egress entries

PFC4

515,032 ingress+egress entries

524,288 (512k) ingress+egress entries


If a flow is destined to an address in the PBR range or is sourced from an address in the PBR range, the input and output interface will be the default route (if configured) or be null.

Information About NetFlow Hardware Support

The NetFlow table on the PFC and any DFCs captures data for flows forwarded in hardware. These are some of the features that use the NetFlow table:

Flexible NetFlow

Network address translation (NAT)

QoS microflow policing

Reflexive ACLS

WCCP

To limit NetFlow CPU usage, you can configure aging timers to identify stale flows that can be deleted from the table. NetFlow deletes the stale entries to clear table space for new entries.

Default Settings for NetFlow Hardware Support

Inactive Flow Aging: enabled (300 seconds)

Fast Aging: disabled

Active Flow Aging: enabled (1920 seconds)

How to Configure NetFlow Hardware Support

Configuring Inactive Flow Aging

Configuring Fast Aging

Configuring Active Flow Aging


NoteNetFlow table aging keeps the NetFlow table size below the recommended utilization. If the number of NetFlow table entries exceeds the recommended utilization (see the "Restrictions for NetFlow Hardware Support" section), only adjacency statistics might be available for some flows.

Network events (for example, routing changes or a link state change) can also purge NetFlow table entries.


Configuring Inactive Flow Aging

To configure inactive flow aging, perform this task:

Command
Purpose

Router(config)# flow platform cache timeout inactive seconds

Configures the aging time for NetFlow table entries that have been inactive longer than the configured time value.

Default: enabled; value: 300 seconds.

Range for the seconds value: 32-512.


This example displays how to configure the aging time for NetFlow table entries that have been inactive longer than the configured time value:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# flow platform cache timeout inactive 300 

Configuring Fast Aging

To configure fast aging, perform this task:

Command
Purpose

Router(config)# flow platform cache timeout fast [[time seconds] [threshold packets]]

Configures an aging time for NetFlow table entries that have been inactive longer than the configured time value and that have forwarded fewer packets than the configured threshold value.

Default: disabled.

Default if time seconds not entered: 32 seconds;
range for the seconds value: 60-4092.

Default if threshold packets not entered: 100 packets
range for the packets value: 1-4000.



Note If you enable fast aging, initially set the value to 128 seconds. If the size of the NetFlow table continues to grow over the recommended utilization, decrease the setting until the table size stays below the recommended utilization. If the table continues to grow over the recommended utilization, decrease the inactive NetFlow table aging time.


This example displays how to configure the NetFlow table aging time:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# flow platform cache timeout fast time 32 threshold 100 

Configuring Active Flow Aging

To configure active flow aging, perform this task:

Command
Purpose

Router(config)# flow platform cache timeout active seconds

Configures the aging time for NetFlow table entries regardless of packet activity, which can prevent counter wraparound and inaccurate statistics.

Default: enabled; value: 1920 seconds.

Range for the seconds value: 60-4092.


This example displays how to configure active flow aging:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# flow platform cache timeout active 1920 

Verifying the NetFlow Table Aging Configuration

To display the NetFlow table aging configuration, perform this task:

Command
Purpose

Router# show platform flow aging

Displays the NetFlow table aging configuration.


This example shows how to display the NetFlow table aging-time configuration:

Router# show platform flow aging 
Aging scheme   Enabled   Timeout   Packet threshold
--------------+---------+---------+------------------
       Fast        No         32           100
   Inactive       Yes        300           N/A
     Active       Yes       1920           N/A

Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum