To configure a flow cache parameter for a Flexible NetFlow flow monitor, use the cache command in Flexible NetFlow flow monitor configuration mode. To remove a flow cache parameter for a Flexible NetFlow flow monitor, use the no form of this command.

Syntax Description

Command Default

The default Flexible NetFlow flow monitor flow cache parameters are used.

The following flow cache parameters for a Flexible NetFlow flow monitor are enabled:

• Cache type: normal
• Maximum number of entries in the flow monitor cache: 4096
• Active flow timeout: 1800 seconds
• Inactive flow timeout: 15 seconds
• Update timeout for a permanent flow cache: 1800 seconds

Command Modes

Flexible NetFlow flow monitor configuration (config-flow-monitor)

Command History

Usage Guidelines

Each flow monitor has a cache that it uses to store all the flows it monitors. Each cache has various configurable elements, such as the number of entries and the time that a flow is allowed to remain in it. When a flow times out, it is removed from the cache and sent to any exporters that are configured for the corresponding flow monitor.

If a cache is already active (that is, you have applied the flow monitor to at least one interface in the router), your changes to the record, cache type, and cache size parameters will not take effect until you either reboot the router or remove the flow monitor from every interface and then reapply it. Therefore whenever possible you should customize the record, cache type, and cache size parameters for the cache before you apply the flow monitor to an interface. You can modify the timers, flow exporters, and statistics parameters for a cache while the cache is active.

cache entries

This command controls the size of the cache. Cache size should be based on a number of factors, including the number of flows expected, the time the flows are expected to last (based on the configured key fields and the traffic), and the timeout values configured for the cache. The size should be large enough to minimize emergency expiry.

Emergency expiry is caused by the Flexible NetFlow cache becoming full. When the Flexible NetFlow cache becomes full, the router performs "emergency expiry" where a number of flows are immediately aged, expired from the Flexible NetFlow cache, and exported in order to free up space for more flows.

For a permanent cache (flows never expire), the number of entries should be large enough to accommodate the number of flows expected for the entire duration of the cache entries. If more flows occur than there are cache entries, the excess flows are not recorded in the cache.

For an immediate cache (flows expire immediately), the number of entries simply controls the amount of history that is available for previously seen packets.

cache timeout active

This command controls the aging behavior of the normal type of cache. If a flow has been active for a long time, it is usually desirable to age it out (starting a new flow for any subsequent packets in the flow). This age out process allows the monitoring application that is receiving the exports to remain up to date. By default this timeout is 1800 seconds (30 minutes), but it can be adjusted according to system requirements. A larger value ensures that long-lived flows are accounted for in a single flow record; a smaller value results in a shorter delay between starting a new long-lived flow and exporting some data for it.

cache timeout inactive

This command controls the aging behavior of the normal type of cache. If a flow has not seen any activity for a specified amount of time, that flow will be aged out. By default, this timeout is 15 seconds, but this value can be adjusted depending on the type of traffic expected.

If a large number of short-lived flows is consuming many cache entries, reducing the inactive timeout can reduce this overhead. If a large number of flows frequently get aged out before they have finished collecting their data, increasing this timeout can result in better flow correlation.

cache timeout update

This command controls the periodic updates sent by the permanent type of cache. This behavior is similar to the active timeout, except that it does not result in the removal of the cache entry from the cache. By default this timer value is 1800 seconds (30 minutes).

cache timeou t event transaction-end

To use this command, you must configure the matchconnectiontransactionid command and the matchapplicationname command for the flow record. This command causes the record to be generated and exported in the NetFlow cache at the end of a transaction. A transaction is a set of logical exchanges between endpoints. There is normally one transaction within a flow.

cache type immediate

This command specifies the immediate cache type. This type of cache will age out every record as soon as it is created, with the result that every flow contains just one packet. The commands that display the cache contents will provide a history of the packets seen.

The use of this cache type is appropriate when very small flows are expected and a minimum amount of latency between analyzing a packet and exporting a report is desired. We recommend using this command when you are sampling packet chunks because the number of packets per flow is typically very low.

Caution

This command may result in a large amount of export data that can overload low speed links and overwhelm any systems to which you are exporting. We recommended that you configure sampling to reduce the number of packets seen.

Note	The timeout settings have no effect for the immediate cache type.

cache type normal

This command specifies the normal cache type. This is the default cache type. The entries in the cache will be aged out according to the timeoutactiveseconds and timeoutinactiveseconds settings. When a cache entry is aged out, it is removed from the cache and exported via any exporters configured for the monitor associated with the cache.

cache type permanent

This command specifies the permanent cache type. This type of cache never ages out any flows. This cache type is useful when the number of flows you expect to see has a limit and there is a need to keep long-term statistics on the router. For example, if the only key field is IP TOS, a limit of 256 flows can be seen, so to monitor the long-term usage of the IP TOS field, a permanent cache can be used. Update messages are exported via any exporters configured for the monitor associated with this cache in accordance with the timeoutupdateseconds setting.

Note	When a cache becomes full, new flows will not be monitored. If this occurs, a "Flows not added" statistic will appear in the cache statistics.

Note	A permanent cache uses update counters rather than delta counters. This means that when a flow is exported, the counters represent the totals seen for the full lifetime of the flow and not the additional packets and bytes seen since the last export was sent.

Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# cache entries 16

Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# cache timeout active 4800

Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# cache timeout inactive 3000

Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# cache timeout update 5000

Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# cache type normal

Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# cache type permanent

Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# cache type immediate

Related Commands

To clear the statistics for a Flexible NetFlow flow exporter, use the clearflowexporter command in privileged EXEC mode.

Syntax Description

Command Modes

Privileged EXEC (#)

Command History

Router# clear flow exporter statistics

Router# clear flow exporter name 
FLOW-EXPORTER-1
 statistics

Related Commands

To clear a Flexible NetFlow flow monitor, flow monitor cache, or flow monitor statistics and to force the export of the data in the flow monitor cache, use the clearflowmonitorcommand in privileged EXEC mode.

Syntax Description

Command Modes

Privileged EXEC (#)

Command History

Usage Guidelines

cache

This keyword removes all entries from the flow monitor cache. These entries will not be exported and the data gathered in the cache will be lost.

Note	The statistics for the cleared cache entries are maintained.

force-export

This keyword removes all entries from the flow monitor cache and exports them via all flow exporters assigned to the flow monitor. This action can result in a short-term increase in CPU usage. Use with caution.

Note	The statistics for the cleared cache entries are maintained.

statistics

This keyword clears the statistics for this flow monitor.

Note	The "Current entries" statistic will not be cleared because this is an indicator of how many entries are in the cache and the cache is not cleared with this command.

Router# clear flow monitor name 
FLOW-MONITOR-1

Router# clear flow monitor name 
FLOW-MONITOR-1
 force-export

Router# clear flow monitor name 
FLOW-MONITOR-1
 cache force-export

Router# clear flow monitor name 
FLOW-MONITOR-1
 statistics

Related Commands

To clear the statistics for a Flexible NetFlow flow sampler, use the clearsampler command in privileged EXEC mode.

Syntax Description

Command Modes

Privileged EXEC (#)

Command History

Router# clear sampler

Router# clear sampler name 
SAMPLER-1

Related Commands

To configure the use of the application name as a nonkey field for a flow record, use the collect application name command in flow record configuration mode. To disable the use of the application name as a nonkey field for a flow record, use the no form of this command.

Syntax Description

This command has no arguments or keywords.

Command Default

The application name is not configured as a non-key field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect application name

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect application name

Related Commands

To configure various connection information fields as a nonkey field for a flow record, use the collect connection command in flow record configuration mode. To disable the use of the connection information fields as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

Connection information fields are not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The initiator keyword provides the following information about the direction of the flow.

• 0x00=undefined
• 0x01=initiator - the flow source is initiator of the connection.
• 0x02=reverseInitiator - the flow destination is the initiator of the connection.

For the new-translations and sum-duration keywords, the observation period can be specified by the start and end timestamps for the flow.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect connections initiator

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect connections initiator

Related Commands

To configure the number of bytes or packets in a flow as a nonkey field for a flow record, use the collect counter command in flow record configuration mode. To disable the use of the number of bytes or packets in a flow (counters) as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The number of bytes or packets in a flow is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode. For Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode. Here we refer to them both as flow record configuration mode.

The Flexible NetFlow and Performance Monitor collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

The rate and droppedkeywords were added and the replicated and squaredlongkeywords are not available. You must first enter theflowrecordtypeperformance-monitor command.

collect counter bytes

This command configures a 32-bit counter for the number of bytes seen in a flow.

collect counter packets

This command configures a 32-bit counter that is incremented for each packet seen in the flow. For extremely long flows it is possible for this counter to restart at 0 (wrap) when it reaches the limit of approximately 4 billion packets. On detection of a situation that would cause this counter to restart at 0, a flow monitor with a normal cache type exports the flow and starts a new flow.

collect counter packets long

This command configures a 64-bit counter that will be incremented for each packet seen in the flow. It is unlikely that a 64-bit counter will ever restart at 0.

collect counter bytes squared long

This counter can be used in conjunction with the byte and packet counters in order to calculate the variance of the packet sizes. Its value is derived from squaring each of the packet sizes in the flow and adding the results. This value can be used as part of a standard variance function.

The variance and standard deviation of the packet sizes for the flow can be calculated with the following formulas:

cbs: value from the counterbytessquared field

pkts: value from the counterpackets field

bytes: value from the counterbytes field

Variance = (cbs/pkts) - (bytes/pkts)2

Standard deviation = square root of Variance

Example 1:

Packet sizes of the flow: 100, 100, 100, 100

Counter packets: 4

Counter bytes: 400, mean packet size = 100

Counter bytes squared: 40,000

Variance = (40,000/4) - (400/4)2 = 0

Standard Deviation = 0

Size = 100 +/- 0

Example 2:

Packet sizes of the flow: 50, 150, 50, 150

Counter packets: 4

Counter bytes: 400, mean packet size = 100

Counter bytes squared: 50,000

Variance = (50,000/4) - (400/4)2 = 2500

Standard deviation = 50

Size = 100 +/- 50

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect counter bytes

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect counter bytes long

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect counter bytes squared long

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect counter packets

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect counter packets long

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect counter packets long

Related Commands

To configure the 802.1Q (dot1q) VLAN ID as a non-key field for a Flexible NetFlow flow record, use the collectdatalinkdot1qvlan command in Flexible NetFlow flow record configuration mode. To disable the use of the 802.1Q VLAN ID value as a nonkey field for a Flexible NetFlow flow record, use the no form of this command.

Syntax Description

Command Default

The 802.1Q VLAN ID is not configured as a nonkey field.

Command Modes

Flexible NetFlow flow record configuration (config-flow-record)

Command History

Usage Guidelines

The input and output keywords of the collectdatalinkdot1qvlan command are used to specify the observation point that is used by the collectdatalinkdot1qvlan command to capture the 802.1q VLAN IDs from network traffic. For example, when you configure a flow record with the collectdatalinkdot1qvlaninput command to monitor the simulated denial of service (DoS) attack in the figure below and apply the flow monitor to which the flow record is assigned in either input (ingress) mode on interface Ethernet 0/0.1 on R3 or output (egress) mode on interface Ethernet 1/0.1 on R3, the observation point is always Ethernet 0/0.1 on R3. The 802.1q VLAN ID that is collected is 5.

The observation point of collect commands that do not have the input and/or output keywords is always the interface to which the flow monitor that contains the flow record with the collect commands is applied.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect datalink dot1q vlan input

Related Commands

To configure the use of MAC addresses as a nonkey field for a Flexible NetFlow flow record, use the collectdatalinkmac command in Flexible NetFlow flow record configuration mode. To disable the use of Layer 2 MAC addresses as a non-key field for a Flexible NetFlow flow record, use the no form of this command.

Syntax Description

Command Default

MAC addresses are not configured as a nonkey field.

Command Modes

Flexible NetFlow flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitorcommand before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

The input and output keywords of the collectdatalinkmac command are used to specify the observation point that is used by the collectdatalinkmac command to capture the MAC addressees from network traffic. For example, when you configure a flow record with the collectdatalinkmacdestinationaddressinputcommand to monitor the simulated denial of service (DoS) attack in the figure below and apply the flow monitor to which the flow record is assigned in either input (ingress) mode on interface Ethernet 0/0.1 on R3 or output (egress) mode on interface Ethernet 1/0.1 on R3, the observation point is always Ethernet 0/0.1 on R3. The destination MAC address that is collected is aaaa.bbbb.cc04.

When the destination output mac address is configured, the value is the destination mac address of the output packet, even if the monitor the flow record is applied to is input only.

When the destination input mac address is configured, the value is the destination mac address of the input packet, even if the monitor the flow record is applied to is output only.

When the source output mac address is configured, the value is the source mac address of the output packet, even if the monitor the flow record is applied to is input only.

When the source input mac address is configured, the value is the source mac address of the input packet, even if the monitor the flow record is applied to is output only.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect datalink mac destination address input

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect datalink mac source address output

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect datalink mac source address output

Related Commands

To configure the flow direction, the flow sampler ID number, or reason why the flow ended as a nonkey field for a flow record, use the collect flow command in flow record configuration mode. To disable the use of the flow direction and the flow sampler ID number as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The flow direction and the flow sampler ID number are not configured as nonkey fields.

Command Modes

flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode. For Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode. Here we refer to them both as flow record configuration mode.

The Flexible NetFlow and Performance Monitor collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

collect flow direction

This field indicates the direction of the flow. This is of most use when a single flow monitor is configured for input and output flows. It can be used to find and eliminate flows that are being monitored twice, once on input and once on output. This field may also be used to match up pairs of flows in the exported data when the two flows are flowing in opposite directions.

collect flow sampler

This field contains the ID of the flow sampler used to monitor the flow. This is useful when more than one flow sampler is being used with different sampling rates. The flow exporter option sampler-table command exports options records with mappings of the flow sampler ID to sampling rate so the collector can calculate the scaled counters for each flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect flow sampler

Router(config)# flow record type performance-monitor FLOW-RECORD-1
Router(config-flow-record)# collect flow direction

Related Commands

To configure the input and output interface as a nonkey field for a flow record, use the collect interface command in flow record configuration mode. To disable the use of the input and output interface as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The input and output interface is not configured as a nonkey field.

Command Modes

flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode. For Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode. Here we refer to them both as flow record configuration mode.

The Flexible NetFlow and Performance Monitor collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

You must first enter theflowrecordtypeperformance-monitor command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect interface inpu

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect interface output

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect interface input

Related Commands

To configure one or more of the IPv4 fields as a nonkey field for a flow record, use the collectipv4 command in flow record configuration mode. To disable the use of one or more of the IPv4 fields as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv4 fields are not configured as a nonkey field.

Command Modes

flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode. For Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode. Here we refer to them both as flow record configuration mode.

The Flexible NetFlow and Performance Monitor collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Note

Some of the keywords of the collectipv4 command are documented as separate commands. All of the keywords for the collectipv4 command that are documented separately start with collectipv4. For example, for information about configuring the IPv4 time-to-live (TTL) field as a nonkey field and collecting its value for a flow record, refer to the collectipv4ttl command.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

Only the the dscp keyword is available. You must first enter theflowrecordtypeperformance-monitor command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 dscp

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv4 dscp

Related Commands

To configure the IPv4 destination address as a nonkey field for a flow record, use the collectipv4destination command in flow record configuration mode. To disable the use of an IPv4 destination address field as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv4 destination address is not configured as a nonkey field.

Command Modes

flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode. For Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode. Here we refer to them both as flow record configuration mode.

The Flexible NetFlow and Performance Monitor collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

Only the maskandminimum-maskkeywords are available. You must first enter theflowrecordtypeperformance-monitor command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 destination prefix minimum-mask 16

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv4 destination prefix minimum-mask 16

Related Commands

To configure the IPv4 fragmentation flags and the IPv4 fragmentation offset as a nonkey field for a flow record, use the collect ipv4 fragmentation command in flow record configuration mode. To disable the use of the IPv4 fragmentation flags and the IPv4 fragmentation offset as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv4 fragmentation flags and the IPv4 fragmentation offset are not configured as nonkey fields.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

collect ipv4 fragmentation flags

This field collects the "don't fragment" and "more fragments" flags.

Bit 0: reserved, must be zero.

Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment

Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments

Bits 3-7: (DC) Don't Care, value is irrelevant

        0   1   2   3   4   5   6   7
      +---+---+---+---+---+---+---+---+
      |   | D | M | D | D | D | D | D |
      | 0 | F | F | C | C | C | C | C |
      +---+---+---+---+---+---+---+---+

For more information on IPv4 fragmentation flags, see RFC 791 Internet Protocol at the following URL: http://www.ietf.org/rfc/rfc791.txt .

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 fragmentation flags

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv4 fragmentation flags

Related Commands

To configure a section of an IPv4 packet as a nonkey field for a flow record, use the collect ipv4 section command in flow record configuration mode. To disable the use of a section of an IPv4 packet as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

A section of an IPv4 packet is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

It is recommended that you configure both header size and payload size so that you know how much data is going to be captured.

collect ipv4 section header

This command causes the first IPv4 header to be copied into the flow record for this flow. Only the configured size in bytes will be copied and part of the payload will also be captured if the configured size is larger than the size of the header.

Note	This command can result in large records which use a lot of router memory and export bandwidth.

collect ipv4 section payload

This command results in a copy of the first IPv4 payload being put into the flow record for this flow. Only the configured size in bytes will be copied and may end in a series of 0's if the configured size is greater than the size of the payload.

Note	This command can result in large records which use a lot of router memory and export bandwidth.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 section header size 8

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 section payload size 16

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv4 section payload size 16

Related Commands

To configure the IPv4 source address as a nonkey field for a flow record, use the collectipv4source command in flow record configuration mode. To disable the use of the IPv4 source address field as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv4 source address is not configured as a nonkey field.

Command Modes

flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode. For Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode. Here we refer to them both as flow record configuration mode.

The Flexible NetFlow and Performance Monitor collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

Only the maskandminimum-maskkeywords are available. You must first enter theflowrecordtypeperformance-monitor command.

collect ipv4 source prefix minimum-mask

The source address prefix is the network part of an IPv4 source address. The optional minimum mask allows more information to be gathered about large networks.

collect ipv4 source mask minimum-mask

The source address mask is the number of bits that make up the network part of the source address. The optional minimum mask allows a minimum value to be configured. This command is useful when there is a minimum mask configured for the source prefix field and the mask is to be used with the prefix. In this case, the values configured for the minimum mask should be the same for the prefix and mask fields.

Alternatively, if the collector is aware of the minimum mask configuration of the prefix field, the mask field can be configured without a minimum mask so that the true mask and prefix can be calculated.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 source prefix minimum-mask 16

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv4 source prefix minimum-mask 16

Related Commands

To configure the IPv4 total-length field as a nonkey field for a flow record, use the collect ipv4 total-length command in flow record configuration mode. To disable the use of the IPv4 total-length field as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv4 total-length field is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

collect ipv4 total-length [minimum | maximum]

This command is used to collect the lowest and highest IPv4 total length values seen in the lifetime of the flow. Configuring this command results in more processing than is needed to simply collect the first total length value seen using the collect ipv4 total-length command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 total-length

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 total-length minimum

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv4 total-length minimum

Related Commands

To configure the IPv4 time-to-live (TTL) field as a nonkey field for a flow record, use the collectipv4ttl command in flow record configuration mode. To disable the use of the IPv4 TTL field as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv4 time-to-live (TTL) field is not configured as a nonkey field.

Command Modes

flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode. For Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode. Here we refer to them both as flow record configuration mode.

The Flexible NetFlow and Performance Monitor collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

You must first enter theflowrecordtypeperformance-monitor command.

collect ipv4 ttl [minimum | maximum]

This command is used to collect the lowest and highest IPv4 TTL values seen in the lifetime of the flow. Configuring this command results in more processing than is needed to simply collect the first TTL value seen using the collectipv4ttl command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 ttl maximum

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv4 ttl minimum

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv4 ttl minimum

Related Commands

To configure one or more of the IPv6 fields as a nonkey field for a flow record, use the collect ipv6 command in flow record configuration mode. To disable the use of one or more of the IPv6 fields as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv6 fields are not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Note

Some of the keywords for the collect ipv6 command are documented as separate commands. All of the keywords for the collect ipv6 command that are documented separately start with collect ipv6. For example, for information about configuring the IPv6 hop limit field as a nonkey field and collecting its value for a flow record, refer to the collect ipv6 hop-limit command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 dscp

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv6 dscp

Related Commands

To configure the IPv6 destination address as a nonkey field for a flow record, use the collect ipv6 destination command in flow record configuration mode. To disable the use of an IPv6 destination address field as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

TheIPv6 destination address is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 destination prefix minimum-mask 16

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv6 destination prefix minimum-mask 16

Related Commands

To configure the bitmap of the IPv6 extension header map as a nonkey field for a flow record, use the collect ipv6 extension map command in flow record configuration mode. To disable the use of the IPv6 bitmap of IPv6 extension header map as a nonkey field for a flow record, use the no form of this command.

Syntax Description

This command has no arguments or keywords.

Command Default

The use of the bitmap of the IPv6 extension header map is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Bitmap of the IPv6 Extension Header Map

The bitmap of IPv6 extension header map is made up of 32 bits.

    0     1     2     3     4     5     6     7
+-----+-----+-----+-----+-----+-----+-----+-----+
| Res | FRA1| RH  | FRA0| UNK | Res | HOP | DST |
+-----+-----+-----+-----+-----+-----+-----+-----+
    8     9    10    11    12    13    14    15
+-----+-----+-----+-----+-----+-----+-----+-----+
| PAY | AH  | ESP |         Reserved            |
+-----+-----+-----+-----+-----+-----+-----+-----+
   16    17    18    19    20    21    22    23
+-----+-----+-----+-----+-----+-----+-----+-----+
|                  Reserved                     |
+-----+-----+-----+-----+-----+-----+-----+-----+
   24    25    26    27    28    29    30    31
+-----+-----+-----+-----+-----+-----+-----+-----+
|                  Reserved                     |
+-----+-----+-----+-----+-----+-----+-----+-----+
0  Res  Reserved
1  FRA1 Fragmentation header - not first fragment
2  RH   Routing header
3  FRA0 Fragment header - first fragment
4  UNK  Unknown Layer 4 header
        (compressed, encrypted, not supported)
5  Res  Reserved
6  HOP  Hop-by-hop option header
7  DST  Destination option header
8  PAY Payload compression header
9  AH  Authentication Header
10 ESP Encrypted security payload
11 to 31 Reserved

For more information on IPv6 headers, refer to RFC 2460 Internet Protocol, Version 6 (IPv6) at the following URL: http://www.ietf.org/rfc/rfc2460.txt .

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 extension map

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv6 extension map

Related Commands

To configure one or more of the IPv6 fragmentation fields as a nonkey field for a flow record, use the collect ipv6 fragmentation command in flow record configuration mode. To disable the use one or more of the IPv6 fragmentation fields as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The use of one or more of the IPv6 fragmentation fields is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 fragmentation flags

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv6 fragmentation flags

Related Commands

To configure the IPv6 hop limit as a nonkey field for a flow record, use the collect ipv6 hop-limit command in flow record configuration mode. To disable the use of the IPv6 hop limit field as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv6 hop limit is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

collect ipv6 hop-limit [minimum | maximum]

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

This command is used to collect the lowest and highest IPv6 hop limit values seen in the lifetime of the flow. Configuring this command results in more processing than is needed to simply collect the first hop limit value seen using the collect ipv6 hop-limit command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 hop-limit maximum

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv6 hop-limit maximum

Related Commands

To configure one or more of the IPv6 length fields as a nonkey field for a flow record, use the collect ipv6 lengthcommand in flow record configuration mode. To disable the use of one or more of the IPv6 length fields as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv6 length fields are not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

collect ipv6 length [minimum | maximum]

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

This command is used to collect the lowest and highest IPv6 length values seen in the lifetime of the flow. Configuring this command results in more processing than is needed to simply collect the length value seen using the collect ipv6 length command.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 length header

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv6 length header

Related Commands

To configure a section of an IPv6 packet as a nonkey field for a flow record, use the collect ipv6 section command in flow record configuration mode. To disable the use of a section of an IPv6 packet as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

A section of an IPv6 packet is not configured as a non-key field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

It is recommended that you configure both header size and payload size so that you know how much data is going to be captured.

Note	The IPv6 payload data is captured only if the first packet in the flow is an IPv6 packet. If the first packet in the flow is not an IPv6 packet, information from other packets in the flow such as packet and byte counters, is still captured.

collect ipv6 section header

This command causes a copy of the first IPv6 header to be put into the flow record for this flow. Only the configured size in bytes will be copied, and part of the payload will also be captured if the configured size is larger than the size of the header.

Note	Configuring this command can result in large records that use a lot of router memory and export bandwidth.

collect ipv6 section payload

This command causes a copy of the first IPv6 payload to be put into the flow record for this flow. Only the configured size in bytes will be copied, and it may end in a series of zeros if the configured size is smaller than the size of the payload.

Note	Configuring this command can result in large records that use a lot of router memory and export bandwidth.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 section header size 8

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 section payload size 16

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv6 section payload size 16

Related Commands

To configure the IPv6 source address as a nonkey field for a flow record, use the collect ipv6 source command in flow record configuration mode. To disable the use of the IPv6 source address field as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The IPv6 source address is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

collect IPv6 source prefix minimum mask

The source address prefix field is the network part of the source address. The optional minimum mask allows more information to be gathered about large networks.

collect IPv6 source mask minimum mask

The source address mask is the number of bits that make up the network part of the source address. The optional minimum mask allows a minimum value to be configured. This command is useful when there is a minimum mask configured for the source prefix field and the mask is to be used with the prefix. In this case, the values configured for the minimum mask should be the same for the prefix and mask fields.

Alternatively, if the collector is aware of the minimum mask configuration of the prefix field, the mask field can be configured without a minimum mask so that the true mask and prefix can be calculated.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect ipv6 source prefix minimum-mask 16

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect ipv6 source prefix minimum-mask 16

Related Commands

To configure one or more of the routing attributes as a nonkey field for a flow record, use the collectroutingcommand in flow record configuration mode. To disable the use of one or more of the routing attributes as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The routing attributes are not configured as a nonkey field.

Command Modes

flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode. For Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode. Here we refer to them both as flow record configuration mode.

The Flexible NetFlow and Performance Monitor collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

The reason keywordwas added and only the forwarding-statuskeyword is available. You must first enter theflowrecordtypeperformance-monitor command.

collect routing source as [peer]

This command collects the 16-bit autonomous system number based on a lookup of the router's routing table using the source IP address. The optional peer keyword provides the expected next network, as opposed to the originating network.

collect routing source as 4-octet [peer 4-octet]

This command collects the 32-bit autonomous system number based on a lookup of the router's routing table using the source IP address. The optional peer keyword provides the expected next network, as opposed to the originating network.

collect routing destination as [peer]

This command collects the 16-bit autonomous system number based on a lookup of the router's routing table using the destination IP address. The optional peer keyword provides the expected next network as opposed to the destination network.

collect routing destination as 4-octet [peer 4-octet]

This command collects the 32-bit autonomous system number based on a lookup of the router's routing table using the destination IP address. The peer keyword will provide the expected next network as opposed to the destination network.

collect routing destination traffic-index

This command collects the traffic-index field based on the destination autonomous system for this flow. The traffic-index field is a value propagated through BGP.

This command is not supported for IPv6.

collect routing source traffic-index

This command collects the traffic-index field based on the source autonomous system for this flow. The traffic-index field is a value propagated through BGP.

This command is not supported for IPv6.

collect routing forwarding-status

This command collects a field to indicate if the packets were successfully forwarded. The field is in two parts and may be up to 4 bytes in length. For the releases specified in the Command History table, only the status field is used:

    +-+-+-+-+-+-+-+-+
    | S | Reason    |
    | t | codes     |
    | a | or        |
    | t | flags     |
    | u |           |
    | s |           |
    +-+-+-+-+-+-+-+-+
     0 1 2 3 4 5 6 7
  Status:
  00b=Unknown, 01b = Forwarded, 10b = Dropped, 11b = Consumed

collect routing vrf input

This command collects the VRF ID from incoming packets on a router. In the case where VRFs are associated with an interface via methods such as VRF Selection Using Policy Based Routing/Source IP Address, a VRF ID of 0 will be recorded. If a packet arrives on an interface that does not belong to a VRF, a VRF ID of 0 is recorded.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect routing source as 

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect routing destination as 

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect routing source traffic-index

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect routing forwarding-status

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect routing vrf input

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect routing forwarding-status reason

Related Commands

To configure the use of the is-multicast field (indicating that the IPv4 traffic is multicast traffic) as a nonkey field, use the collect routing is-multicastcommand in flow record configuration mode. To disable the use of the is-multicast field as a nonkey field for a flow record, use the no form of this command.

Syntax Description

This command has no arguments or keywords

Command Default

The is-multicast field is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect routing is-multicast

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect routing is-multicast

Related Commands

To configure the multicast replication factor value for IPv4 traffic as a nonkey field for a flow record, use the collect routing multicast replication-factorcommand in flow record configuration mode. To disable the use of the multicast replication factor value as a nonkey field for a flow record, use the no form of this command.

Syntax Description

This command has no arguments or keywords.

Command Default

The multicast replication factor value is not configured as a nonkey field.

Command Modes

Fow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

When the replication-factor field is used in a flow record, it will only have a non-zero value in the cache for ingress multicast traffic that is forwarded by the router. If the flow record is used with a flow monitor in output (egress) mode or to monitor unicast traffic or both, the cache data for the replication factor field is set to 0.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect routing multicast replication-factor

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect routing multicast replication-factor

Related Commands

To configure the system uptime of the first seen or last seen packet in a flow as a nonkey field for a flow record, use the collect timestamp sys-uptime command in flow record configuration mode. To disable the use of the first seen or last seen packet in a flow as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The system uptime field is not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect timestamp sys-uptime first

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect timestamp sys-uptime last

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect timestamp sys-uptime last

Related Commands

To configure one or more of the transport layer fields as a nonkey field for a flow record, use the collect transport command in flow record configuration mode. To disable the use of one or more of the transport layer fields as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The transport layer fields are not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport destination-port

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport source-port

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect transport source-port

Related Commands

To configure the internet control message protocol (ICMP) IPv4 type field and the code field as nonkey fields for a flow record, use the collect transport icmp ipv4 command in flow record configuration mode. To disable the use of the ICMP IPv4 type field and code field as nonkey fields for a flow record, use the no form of this command.

Syntax Description

Command Default

The ICMP IPv4 type field and the code field are not configured as nonkey fields.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport icmp ipv4 code

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport icmp ipv4 type

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect transport icmp ipv4 type

Related Commands

To configure the Internet Control Message Protocol (ICMP) IPv6 type field and code field as nonkey fields for a flow record, use the collect transport icmp ipv6 command in flow record configuration mode. To disable the use of the ICMP IPv6 type field and code field as nonkey fields for a flow record, use the no form of this command.

Syntax Description

Command Default

The ICMP IPv6 type field and code field are not configured as nonkey fields.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The Flexible NetFlow collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport icmp ipv6 code

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport icmp ipv6 type

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect transport icmp ipv6 type

Related Commands

To configure one or more of the TCP fields as a nonkey field for a flow record, use the collect transport tcp command in flow record configuration mode. To disable the use of one or more of the TCP fields as a nonkey field for a flow record, use the no form of this command.

Syntax Description

Command Default

The TCP fields are not configured as a nonkey field.

Command Modes

Flow record configuration (config-flow-record)

Command History

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

The collect commands are used to configure nonkey fields for the flow monitor record and to enable capturing the values in the fields for the flow created with the record. The values in nonkey fields are added to flows to provide additional information about the traffic in the flows. A change in the value of a nonkey field does not create a new flow. In most cases the values for nonkey fields are taken from only the first packet in the flow.

collect transport tcp flags ece

For more information about ECN echo, refer to RFC 3168 The Addition of Explicit Congestion Notification (ECN) to IP , at the following URL: http://www.ietf.org/rfc/rfc3168.txt .

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport tcp acknowledgement-number

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport tcp source-port

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport tcp flags ack

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport tcp flags fin

Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# collect transport tcp flags rst

Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# collect transport tcp flags rst

Related Commands