Consolidated Platform Configuration Guide, Cisco IOS XE Release 3.3SE (Cisco WLC 5700 Series)
Configuring IPv6 NetFlow
Downloads: This chapterpdf (PDF - 1.39MB) The complete bookPDF (PDF - 23.06MB) | The complete bookePub (ePub - 5.56MB) | Feedback

Configuring IPv6 NetFlow

Configuring IPv6 NetFlow

Prerequisites For IPv6 Netflow

IPv6 Traffic

The networking device must be running a Cisco IOSd release that supports Cisco IOS Flexible NetFlow.
  • One of the following must be enabled on your router and on any interfaces on which you want to enable Flexible NetFlow:
    • Cisco Express Forwarding IPv6 or
    • Distributed Cisco Express Forwarding IPv6.

Restrictions For IPv6 Netflow

The following restrictions apply to IPv6 Netflow configurations:

  • Locally generated traffic (traffic that is generated by the router, Cisco WLC 5760, on which the Flexible NetFlow Output Accounting feature is configured) is not counted as flow traffic for the Output Flexible NetFlow Accounting feature.
  • The Flexible NetFlow Output Accounting feature counts CEF-switched packets only. Process switched transit packets are not counted.

Information About IPv6 Netflow

NetFlow is a monitoring feature used on customer applications for network monitoring, user monitoring and profiling, network planning, security analysis, billing and accounting, and data warehousing and mining. You can use Flexible NetFlow on uplink ports to monitor user-defined flows, collect flow statistics, and perform per-flow policing. It collects and exports flow statistics to a collector device.


Note


Not all of the Flexible NetFlow commands in the command reference are available on the controller. Unsupported commands are either not visible or generate an error message if entered.


Understanding Flexible Netflow

With Flexible NetFlow, traffic is processed and packets are classified into flows. New flows are inserted in the NetFlow table, and statistics are automatically updated. You must configure both ingress and egress NetFlow monitoring. The network services module supports one monitor per interface per direction.

Flexible NetFlow consists of the following components:

  • Records— These are combinations of key and non-key fields assigned to monitor Flexible NetFlow monitors to define the cache used to store data.
  • Flow monitors— These are applied to interfaces to perform network traffic monitoring. A flow monitor includes a user-defined record, an optional flow exporter, and a cache that is automatically created when the monitor is applied to the first interface. The switch supports normal caches that age out according to settings.
  • Flow exporters— These export the data in the flow monitor cache to a remote system, such as a server running NetFlow collector.
  • Flow samplers— These reduce the load that Flexible NetFlow puts on the networking device to monitor traffic by limiting the number of packets that are analyzed.

You can configure unidirectional flow (destination or source-address based flows), and flow aging. The following features are supported on the network services module:

  • Configuring collection statistics for Layer 2-switched (non-routing) traffic, Layer 3 (CAPWAP) IPv4 and IPv6 traffic, and Layer 4 TCP, IGMP, and ICMP traffic.
  • NetFlow counting, maintenance, troubleshooting (debugging commands).
  • NetFlow analysis is performed on traffic crossing the physical interfaces on the network services module. The controller processes egress (outbound) traffic after forwarding decisions are performed. Locally switched or routed traffic is forced through service module ports by configuring private VLANs or protected ports.

The following NetFlow characteristics are not supported:

  • Netflow-5 protocol
  • Predefined flow records
  • ISL
  • Policy-based NetFlow
  • Cisco TrustSec monitoring

Though other modules that can be installed in the controller have 1-Gigabit and 10-Gigabit uplink interfaces, NetFlow is supported only on the network services module.

IPv6 Netflow

Flexible Netflow (FNF) allows the user to define a flow record (a particular set of key, non-key, counter and time-stamp fields of interest) that is optimal for a particular application by selecting the fields from a big collection of pre-defined fields, using CLI configuration commands.

The collection of the pre-defined fields includes the following fields:

  • Data-link layer (L2) header fields
  • IPv6 header fields
  • Transport layer (L4) header fields
  • Application layer (L5) header fields
  • Routing attributes (generic, IPv4, IPv6)
  • Interface fields
  • Counter fields
  • Timestamp fields

How To Configure IPv6 Netflow

Configuring a Customized Flow Record

You can match the following fields for the flow record:

  • IPv4 or IPv6 destination address
  • Datalink fields, to identify Layer 2 source and destination address and VLAN for traffic entering or leaving the interfaces, providing the MAC address of the directly connected host. Class of Service (CoS) and Ethertype datalink header fields are also available.
  • Transport field source and destination ports, to identify the type of application: ICMP, IGMP, or TCP traffic.

You can collect the following fields for the flow record:

  • The total number of bytes, flows or packets sent by the exporter (exporter) or the number of bytes or packets in a 64-bit counter (long). The timestamp based on system uptime from the time the first packet was sent or from the time the most recent (last) packet was seen.
  • The SNMP index of the input or output interface. The interface for traffic entering or leaving the service module is based on the switch forwarding cache. This field is typically used in conjunction with datalink, IPv4, and IPv6 addresses, and provides the actual first-hop interface for directly connected hosts.
    • A value of 0 means that interface information is not available in the cache.
    • Some NetFlow collectors require this information in the flow record.

The following steps configure the customized flow record:

SUMMARY STEPS

    1.    configure terminal

    2.    flow record recordname

    3.    description description

    4.    match{ipv4 | ipv6}{destination | hop-limit | protocol | source | traffic-class| version} address

    5.    match datalink [dot1q | ethertype | mac | vlan]

    6.    match transport [destination-port | icmp | source-port]

    7.    match interface [input |output]

    8.    match flow direction

    9.    collect counter {bytes [ layer2 | long] | packets [ long]}

    10.    collect timestamp absolute [first | last]

    11.    collect interface [input | output]

    12.    collect transport tcp flags {ack | cwr | ece | fin | psh | rst | syn | urg}

    13.    end


DETAILED STEPS
      Command or Action Purpose
    Step 1 configure terminal


    Example:
    Controller# configure terminal
     

    Enters global configuration mode.

     
    Step 2 flow record recordname


    Example:
    Controller(config)# flow record TestRecordName
    
     

    Creates a flow record and enters Flexible NetFlow flow record configuration mode. This command can also modify an existing flow record.

     
    Step 3 description description


    Example:
    Controller(config-flow-record)# description SampleNetflowDescription
    
     

    (Optional) Creates a description for the flow record.

     
    Step 4 match{ipv4 | ipv6}{destination | hop-limit | protocol | source | traffic-class| version} address


    Example:
    Controller(config-flow-record)# match ipv6 destination address
    
     

    Configures key ipv4 and ipv6 fields for the flow record.

     
    Step 5 match datalink [dot1q | ethertype | mac | vlan]


    Example:
    Controller(config-flow-record)# match datalink [dot1q | ethertype | mac | vlan]
     

    Configures key datalink (layer 2) fields for the flow record.

     
    Step 6 match transport [destination-port | icmp | source-port]


    Example:
    Controller(config-flow-record)# match transport [destination-port | icmp | source-port]
     

    Configures key transport layer fields for the flow record.

     
    Step 7 match interface [input |output]


    Example:
    Controller(config-flow-record)# match interface input
     

    Configures key interface fields for the flow record.

     
    Step 8 match flow direction


    Example:
    Controller(config-flow-record)# match flow direction
     

    Configures key flow identity fields for the flow record.

     
    Step 9 collect counter {bytes [ layer2 | long] | packets [ long]}


    Example:
    Controller(config-flow-record)#collect counter bytes layer2 long
    
     

    Configures the counter key field for the flow record.

     
    Step 10 collect timestamp absolute [first | last]


    Example:
    Controller(config-flow-record)# collect timestamp absolute [first | last ]
     

    Configures the timestamp key field for the flow record.

     
    Step 11 collect interface [input | output]


    Example:
    Controller(config-flow-record)# collect interface [input | output]
     

    Configures the interface key field for the flow record.

     
    Step 12 collect transport tcp flags {ack | cwr | ece | fin | psh | rst | syn | urg}


    Example:
    Controller(config-flow-record)# collect transport tcp flags ack 
     

    Configures transports tcp flag fields for the flow record.

     
    Step 13 end


    Example:
    Controller(config)# end
     

    Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

     
    Controller(config)# flow record
    Controller(config-flow-record)# description record to monitor network traffic
    Controller(config-flow-record)# match ipv6 destination address
    Controller(config-flow-record)# match datalink [dot1q | ethertype | mac | vlan]
    Controller(config-flow-record)# match transport [destination-port | icmp |igmp | source-port]
    Controller(config-flow-record)# match interface input
    Controller(config-flow-record)# match flow direction
    Controller(config-flow-record)#collect counter bytes layer2 long
    Controller(config-flow-record)# collect timestamp absolute first 
    Controller(config-flow-record)# collect interface [input | output]
    Controller(config-flow-record)# collect transport tcp flags ack
    Controller(config-flow-record)# end
    Related Concepts

    Configuring the Flow Exporters

    The following steps are used to configure the NetFlow exporter.


    Note


    The optional export-protocol flow exporter configuration command specifies the NetFlow export protocol used by the exporter. The switch supports only netflow-v9. Though visible in the CLI help, netflow-5 is not supported.
    SUMMARY STEPS

      1.    configure terminal

      2.    flow exporter exporter-name

      3.    description description

      4.    destination {hostname | ip-address} vrf vrf-name

      5.    dscp <0-63>

      6.    source interface-id

      7.    option {exporter-stats | interface-table | sampler-table} timeout seconds]

      8.    export-protocolnetflow-v9

      9.    template data timeout seconds

      10.    transport udp udp-port

      11.    ttl seconds

      12.    end


    DETAILED STEPS
        Command or Action Purpose
      Step 1 configure terminal


      Example:
      Controller# configure terminal
       

      Enters global configuration mode.

       
      Step 2 flow exporter exporter-name


      Example:
      Controller(config)# flow exporter TestNetFlowExporterName
      
       

      Creates the flow exporter and enters Flexible NetFlow flow exporter configuration mode. This command can also modify an existing flow exporter.

       
      Step 3 description description


      Example:
      Controller(config-flow-exporter)# description SampleNetFlowExporterDescription
      
       

      (Optional) Configures a description for the exporter that appears in the configuration and in the display of the show flow exporter command.

       
      Step 4 destination {hostname | ip-address} vrf vrf-name


      Example:
      Controller(config-flow-exporter)# destination 198.51.100.120 vrf SampleVrfName
      
       

      (Optional) Configures the flow exports destination.

       
      Step 5 dscp <0-63>


      Example:
      Controller(config-flow-exporter)# dscp 23
       

      (Optional) Configures differentiated services code point (DSCP) parameters for datagrams sent by the exporter. The DSCP range is from 0 to 63. The default is 0.

       
      Step 6 source interface-id


      Example:
      Controller(config-flow-exporter)# source { Auto-Template|Capwap|GigabitEthernet|GroupVI|InternalInterface|Loopback|Null|Port-channel|TenGigabitEthernet|Tunnel|Vlan}
       

      (Optional) Specifies the local interface from which the exporter uses the IP address as the source IP address for exported datagrams.

       
      Step 7 option {exporter-stats | interface-table | sampler-table} timeout seconds]


      Example:
      Controller(config-flow-exporter)# option exporter-stats timeout 600
      
       

      (Optional) Configures options data parameters for the exporter. You can configure all three options concurrently. The range for the timeout is 1 to 86400 seconds. The default is 600.

       
      Step 8 export-protocolnetflow-v9


      Example:
      Controller(config-flow-exporter)# export-protocol netflow-v9
      
       

      Configures export-protocol parameters for the exporter.

       
      Step 9 template data timeout seconds


      Example:
      Controller(config-flow-exporter)# template data timeout 600
      Controller(config-flow-exporter)#
       

      (Optional) Configures re-sending of templates based on a timeout. The range is 1 to 86400 seconds (86400 seconds equals 24 hours). The default is 600.

       
      Step 10 transport udp udp-port


      Example:
      Controller(config-flow-exporter)# transport udp 67
      
       

      Specifies the UDP port on which the destination system is listening for exported datagrams. The range for udp-port is from 1 to 65536.

       
      Step 11 ttl seconds


      Example:
      Controller(config-flow-exporter)# ttl 100
      
       

      (Optional) Configures the time-to-live (TTL) value for datagrams sent by the exporter. The range is from 1 to 255 seconds. The default is 255.

       
      Step 12 end


      Example:
      Controller(config)# end
       

      Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

       
      Controller(config)# flow exporter QoS-Collector
      Controller(config-flow-exporter)# description QoS Collector Bldg 19
      Controller(config-flow-exporter)# destination 172.20.244.28
      Controller(config-flow-exporter)# source vlan 1
      Controller(config-flow-exporter)# dscp 3
      Controller(config-flow-exporter)# transport udp 2055
      Controller(config-flow-exporter)# end

      What to Do Next

      Configuring a Customized Flow Monitor.

      Related Concepts

      Configuring a Customized Flow Monitor

      The following steps are used to configure a NetFlow monitor.

      SUMMARY STEPS

        1.    configure terminal

        2.    flow monitor monitor -name

        3.    description description

        4.    record {TestNetflowRecordName|TestRecord}

        5.    cache {timeout [active| inactive|update] (seconds) | type (normal)}

        6.    cache {timeout [active| inactive|update] (seconds) | type (normal)}

        7.    exporter TestNetFlowExporterName

        8.    cache {timeout [active| inactive|update] (seconds) | type (normal)}

        9.    end


      DETAILED STEPS
          Command or Action Purpose
        Step 1 configure terminal


        Example:
        Controller# configure terminal
         

        Enters global configuration mode.

         
        Step 2 flow monitor monitor -name


        Example:
        Controller(config)# flow monitor SampleMonitorName
        
         

        Creates a flow monitor and enters Flexible NetFlow flow monitor configuration mode. You can also use this command to modify an existing flow monitor.

         
        Step 3 description description


        Example:
        Controller(config-flow-monitor)# Description SampleNetFlowMonitorName
        
         

        (Optional) Configures a description for the flow monitor.

         
        Step 4 record {TestNetflowRecordName|TestRecord}


        Example:
        Controller(config-flow-monitor)#record TestNetflowRecordName
        
         

        Specifies the record for the flow monitor.

         
        Step 5 cache {timeout [active| inactive|update] (seconds) | type (normal)}


        Example:
        Controller(config-flow-monitor)# cache type normal
        
         

        (Optional) Modifies the flow monitor cache parameters such as timeout values, number of cache entries, and the cache type.

        • timeout active seconds—Configures the active flow timeout. This defines the granularity of the traffic analysis. The range is from 1 to 604800 seconds. The default is 1800. Typical values are 60 or 300 seconds. See the Configuring Data Export for Cisco IOS Flexible NetFlow with Flow Exporters document for recommended values.
        • type normal—Configures normal flow removal from the flow cache.
        Note    Although visible in the command line help, the entries keyword and inactive and update timeouts are not supported.
         
        Step 6 cache {timeout [active| inactive|update] (seconds) | type (normal)}


        Example:
        Controller(config-flow-monitor)# cache type normal
         

        Repeat step 5 to configure additional cache parameters for the flow monitor.

         
        Step 7 exporter TestNetFlowExporterName


        Example:
        Controller(config-flow-monitor)# exporter TestNetFlowExporterName
        
         

        (Optional) Specifies the name of an exporter that was created previously.

         
        Step 8 cache {timeout [active| inactive|update] (seconds) | type (normal)}


        Example:
        Controller(config-flow-monitor)# cache type normal
         

        Repeat step 5 to configure additional cache parameters for the flow monitor.

         
        Step 9 end


        Example:
        Controller(config)# end
         

        Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

         
        Controller(config)# flow monitor FLOW-MONITOR-1
        Controller(config-flow-monitor)# Used for ipv6 traffic analysis
        Controller(config-flow-monitor)# record FLOW-RECORD-1
        Controller(config-flow-monitor)# cache timeout active 300
        Controller(config-flow-monitor)# cache type normal
        Controller(config-flow-monitor)# exporter EXPORTER-1
        Controller(config-flow-monitor)# exit
        What to Do Next

        Apply a flow monitor to an interface

        Related Concepts

        Applying a Flow Monitor to an Interface

        The following are used to configure a NetFlow monitor to an interface.

        SUMMARY STEPS

          1.    configure terminal

          2.    interface interface-id

          3.    wlan ssid

          4.    [ ip | ipv6 | datalink] flow monitor monitor -name sampler [sampler | input | output]

          5.    exit

          6.    Repeat steps 2 and 3

          7.    end


        DETAILED STEPS
            Command or Action Purpose
          Step 1 configure terminal


          Example:
          Controller# configure terminal
           

          Enters global configuration mode.

           
          Step 2 interface interface-id


          Example:
          Controller(config)# interface  tengigabitEthernet 1/0/1
          
           

          Identifies an interface and enters interface configuration mode. Flexible Net Flow is supported only on the service module 1-Gigabit or 10-Gigabit Ethernet interfaces.

          Note    You cannot attach a NetFlow monitor to a port channel interface. If both service module interfaces are part of an EtherChannel, you should attach the monitor to both physical interfaces.
           
          Step 3 wlan ssid


          Example:
          Controller (config)# wlan test 1 test
           

          Configures the flow monitor on WLAN.

           
          Step 4 [ ip | ipv6 | datalink] flow monitor monitor -name sampler [sampler | input | output]


          Example:
          Controller(config-if)# ipv6 flow monitor SampleMonitorName input
          
           

          Activates a previously created flow monitor by assigning it to the interface to analyze incoming or outgoing traffic.

          • ip—Enters record matching IPv4 IP addresses.
          • ipv6—Enters record matching IPv6 IP addresses.
            Note    This keyword is visible only when the dual IPv4 and IPv6 Switch Database Management (SDM) template is configured on the switch.
          • input—Applies the flow monitor on input traffic.
          • output—Applies the flow monitor on output traffic.
          • sampler—(Optional) Applies the flow monitor sampler.
           
          Step 5 exit


          Example:
          Controller(config-if)# exit
          Controller(config)#
           

          Returns to global configuration mode.

           
          Step 6 Repeat steps 2 and 3

          Example: 

          Configures additional cache parameters for the flow monitor.

           
          Step 7 end


          Example:
          Controller(config)# end
           

          Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

           
          Controller(config)# interface tengigabitethernet 1/0/1
          Controller(config-if)# ip flow monitor FLOW-MONITOR-1 input
          Controller(config-if)# ip flow monitor FLOW-MONITOR-2 output
          Controller(config-if)# end
          Related Concepts

          Configuring and Enabling Flow Sampling

          The following steps are used to configure and enable flow sampling.

          SUMMARY STEPS

            1.    configure terminal

            2.    sampler sampler -name

            3.    description description

            4.    mode {deterministic|random} (<1-1> )out-of <2-1024>

            5.    end

            6.    interface interface-id

            7.    wlan ssid

            8.    {ip | ipv6 | datalink] flow monitor monitor-name sampler sampler-name {input | output}

            9.    end


          DETAILED STEPS
              Command or Action Purpose
            Step 1 configure terminal


            Example:
            Controller# configure terminal
             

            Enters global configuration mode.

             
            Step 2 sampler sampler -name


            Example:
            Controller(config)# sampler SampleNameForSAMPLER
            
             

            Creates a flow monitor and enters Flexible NetFlow sampler configuration mode. You can also use this command to modify an existing sampler.

             
            Step 3 description description


            Example:
            Controller(config-sampler)#description SamplerName_1
            
             

            (Optional) Configures a description for the sampler.

             
            Step 4 mode {deterministic|random} (<1-1> )out-of <2-1024>


            Example:
            Controller(config-sampler)#mode random 1 out-of 2
            
             

            Specifies the mode and window size from which to select packets. The window size range is from 2 to 1024.

            Note    Although visible in the CLI help, the mode deterministic keyword is not supported.
             
            Step 5 end


            Example:
            Controller(config-sampler)# end
            
             

            Returns to global configuration mode.

             
            Step 6 interface interface-id


            Example:
            Controller(config)# interface tengigabitethernet 1/0/1
            
             

            Identifies an interface and enters interface configuration mode.

             
            Step 7 wlan ssid


            Example:
            Controller(config)# wlan test 1 test 
             

            Configures to apply flow sampler on WLAN.

             
            Step 8 {ip | ipv6 | datalink] flow monitor monitor-name sampler sampler-name {input | output}


            Example:
            Controller(config-if)# ip flow monitor FLOW-MONITOR-1 sampler SAMPLE-1 input
            
             

            Activates a previously created IPv4 or IPv6 flow monitor by assigning it to the interface to analyze traffic.

             
            Step 9 end


            Example:
            Controller(config)# end
             

            Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

             
            Controller(config)# sampler SAMPLER-1 
            Controller(config-sampler)# description Sample at 50
            Controller(config-sampler)# mode random 1 out-of 2
            Controller(config-sampler)# exit
            Controller(config)# interface tengigabitethernet 1/0/1
            Controller(config)# wlan test 1 test
            Controller(config-if)# ip flow monitor FLOW-MONITOR-1 sampler SAMPLE-1 input
            What to Do Next

            How to configure netflow v9 for IPv6.

            Related Concepts

            Verifying IPv6 Netflow

            This section describes the Netflow related show commands for IPv6. The following commands can be used to verify Netflow on the controller.

            Command
            Purpose

            show flow record

            Displays the status of the flow records.

            show flow ssid <ssid_name>

            Displays SSID interface information.

            show flow monitor {monitor name} {cache|provisioning|statistics}

            Displays the flow monitor information.

            show flow exporter exporter-name

            Displays the status of a flow exporter.

            show flow monitor monitor -name

            Displays the current status of a flow monitor.

            show flow interface interface-id

            Verifies that the Flexible NetFlow is configured on the interface.

            show flow monitor monitor -name cache format [csv | record | table}

            Displays data in the flow monitor cache.

            show sampler sampler -name

            Displays the current status of a flow sampler.

            Monitoring IPv6 Netflow

            This section describes the Netflow commands for IPv6.The following commands can be used to monitor Netflow on the controller.
            Command Purpose

            show running-config flow record

            Displays the configured flow records.

            show running-config flow exporter exporter-name

            Verifies the configured flow exporter.

            show running-config flow monitor monitor -name

            Verifies the flow monitor configuration.

            Additional References

            Related Documents

            Related Topic Document Title
            IPv6 command reference IPv6 Command Reference (Cisco WLC 5700 Series)
            Flexible NetFlow command reference Flexible NetFlow Command Reference (Cisco WLC 5700 Series)
            Flexible NetFlow configuration Flexible NetFlow Configuration Guide (Cisco WLC 5700 Series)

            Error Message Decoder

            Description Link

            To help you research and resolve system error messages in this release, use the Error Message Decoder tool.

            https:/​/​www.cisco.com/​cgi-bin/​Support/​Errordecoder/​index.cgi

            MIBs

            MIB MIBs Link
            All supported MIBs for this release.

            To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

            http:/​/​www.cisco.com/​go/​mibs

            Technical Assistance

            Description Link

            The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

            To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

            Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

            http:/​/​www.cisco.com/​support

            Feature Information for IPv6 NetFlow

            This table lists the features in this module and provides links to specific configuration information:

            Feature

            Release

            Modification

            IPv6 NetFlow Functionality

            Cisco IOS XE 3.2SE

            This feature was introduced.