Downloads |
Table Of Contents
Autonomous System Aggregation Scheme
Destination Prefix Aggregation Scheme
Protocol Port Aggregation Scheme
Source Prefix Aggregation Scheme
Aggregation Scheme Fields and Key Fields
New Version 8 NetFlow Data Export Support
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Configuring an Aggregation Cache
Verifying Aggregation Cache Configuration and Data Export
Monitoring and Maintaining NetFlow Aggregation Schemes
Autonomous System Configuration
Destination Prefix Configuration
show ip cache flow aggregation
NetFlow Aggregation
This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to a NetFlow data collection system, such as the Cisco NetFlow FlowCollector. See the following sections for additional information:
•
Supported Standards, MIBs, and RFCs
•
Feature Overview
By maintaining one or more extra flow caches, called aggregation caches, the NetFlow Aggregation feature allows limited aggregation of NetFlow data export streams to be done on a router.
Aggregation Cache Schemes
The aggregation cache schemes are described in the following sections:
•
•
•
•
The user may configure each aggregation cache with its individual cache size, cache ager timeout parameter, export destination IP address, and export destination UDP port. As data flows expire in the main NetFlow cache, the flows are added to each enabled aggregation cache. Each aggregation cache contains different field combinations that determine which data flows are grouped. The default aggregation cache size is 4096.
Note
lists definitions for the data export record terms used in each aggregation scheme.
Table 1 Data Export Record Terms and Definitions
Autonomous System Aggregation Scheme
The autonomous system aggregation scheme provides significant NetFlow export data volume reduction and generates autonomous system-to-autonomous system traffic flow data. The scheme groups data flows with the same source Border Gateway Protocol (BGP) autonomous system, destination BGP autonomous system, input interface, and output interface. See .
The aggregated NetFlow data export records report the following:
•
•
•
•
•
•
Figure 1 Autonomous System Aggregation Data Export Format
Destination Prefix Aggregation Scheme
The Destination Prefix aggregation scheme generates data so that you can examine the destinations of network traffic passing through a NetFlow-enabled device. The scheme groups data flows with the same destination prefix, destination prefix mask, destination BGP autonomous system, and output interface. See .
The aggregated NetFlow data export records report the following:
•
•
•
•
•
•
•
•
Figure 2 Destination Prefix Aggregation Data Export Record Format
Prefix Aggregation Scheme
The Prefix aggregation scheme generates data so that you can examine the sources and destinations of network traffic passing through a NetFlow-enabled device. The scheme groups data flows with the same source prefix, destination prefix, source prefix mask, destination prefix mask, source BGP autonomous system, destination BGP autonomous system, input interface, and output interface. See .
The aggregated NetFlow data export records report the following:
•
•
•
•
•
•
•
•
Figure 3 Prefix Aggregation Data Export Record Format
Protocol Port Aggregation Scheme
The Protocol Port aggregation scheme generates data so that you can examine network usage by traffic type. The scheme groups data flows with the same IP protocol, source port number, and destination port number when applicable. See .
The aggregated NetFlow data export records report the following:
•
•
•
•
•
•
Figure 4 Protocol Port Aggregation Data Export Record Format
Source Prefix Aggregation Scheme
The Source Prefix aggregation scheme generates data so that you can examine the sources of network traffic passing through a NetFlow-enabled device. The scheme groups data flows with the same source prefix, source prefix mask, source BGP autonomous system, and input interface. The aggregated NetFlow data export records report the following:
•
•
•
•
•
•
•
Figure 5 Source Prefix Aggregation Data Export Record Format
Aggregation Scheme Fields and Key Fields
To coordinate flow aggregation on your router, determine the fields from which you want to collect data. shows which fields are valid for the different aggregation schemes and which fields are part of the keys. Key fields define a unique flow.
New Version 8 NetFlow Data Export Support
NetFlow exports flow information in UDP datagrams in one of several formats. Version 8, a new data export version, has been added to support data exports from aggregation caches. Version 8 allows for export datagrams to contain a subset of the usual version 5 export data, which is valid for a particular aggregations scheme type.
shows the version 8 header with the version and timestamp information. lists definitions for terms used in the version 8 header.
Figure 6 Version 8 Header Format
Table 3 Terms and Definitions for Version 8 Headers
Benefits
Reduced Bandwidth Requirements
NetFlow aggregation caches reduce the bandwidth required between routers and NetFlow management workstations.
Reduced NetFlow Workstation Requirements
NetFlow aggregation caches reduce the number of NetFlow management workstations required.
Improved Router Scalability
NetFlow aggregation caches improve the scalability of high-flow-per-second routers, such as the 7500 series.
Restrictions
To collect NetFlow version 8 data export records, use NetFlow FlowCollector version 3.0. Version 2.0 and earlier versions do not support version 8 data export record formats.
Related Features and Technologies
•
Related Documents
•
•
•
•
•
Supported Platforms
This feature is supported on these platforms:
•
•
•
•
•
•
•
•
•
•
•
•
Supported Standards, MIBs, and RFCs
MIBs
•
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
None
Standards
None
Prerequisites
You must take these prerequisties into consideration before configuring the NetFlow Aggregation feature:
•
•
For information on IP routing configuration, refer to the Cisco IOS Release 12.0 Network Protocols Configurtion Guide, Part 1.
•
For information on CEF configuration, refer to the Cisco IOS Release 12.0 Switching Services Configuration Guide.
•
For information on NetFlow configuration, refer to the Cisco IOS Release 12.0 Switching Services Configuration Guide and the
•
•
Configuration Tasks
See the following sections for configuration tasks for the Cisco IOS NetFlow Aggregation feature:
•
•
Configuring an Aggregation Cache
To configure an aggregation cache, you must enter aggregation cache configuration mode, and you must decide which type of aggregation scheme you would like to configure: autonomous system, Destination Prefix, Prefix, Protocol Prefix, or Source Prefix aggregation cache. Once you define the aggregation scheme, define the operational parameters for that scheme.
Verifying Aggregation Cache Configuration and Data Export
To verify that the configuration is correct, use the show ip cache flow aggregation command.
To confirm data export, use the show ip flow export command.
Monitoring and Maintaining NetFlow Aggregation Schemes
To monitor and maintain aggregation schemes, use the show ip cache flow aggregation command.
To monitor and maintain aggregation schemes data export, use the show ip flow export command.
Configuration Examples
This section provides the following basic configuration examples:
•
•
Autonomous System Configuration
The following example shows how to configure an autonomous system aggregation cache with a cache size of 2046, an inactive timeout of 200 seconds, a cache active timeout of 45 minutes, an export destination IP address of 10.42.42.1, and a destination port of 9992.
Router(config)# ip flow-aggregation cache asRouter(config-flow-cache)# cache entries 2046Router(config-flow-cache)# cache timeout inactive 200Router(config-flow-cache)# cache timeout active 45Router(config-flow-cache)# export destination 10.42.42.1 9992Router(config-flow-cache)# enabledDestination Prefix Configuration
The following example shows how to configure a Destination Prefix aggregation cache with a cache size of 2046, an inactive timeout of 200 seconds, a cache active timeout of 45 minutes, an export destination IP address of 10.42.42.1, and a destination port of 9992.
Router(config)# ip flow-aggregation cache destination-prefixRouter(config-flow-cache)# cache entries 2046Router(config-flow-cache)# cache timeout inactive 200Router(config-flow-cache)# cache timeout active 45Router(config-flow-cache)# export destination 10.42.42.1 9992Router(config-flow-cache)# enabledPrefix Configuration
The following example shows how to configure a Prefix aggregation cache with a cache size of 2046, an inactive timeout of 200 seconds, a cache active timeout of 45 minutes, an export destination IP address of 10.42.42.1, and a destination port of 9992.
Router(config)# ip flow-aggregation cache prefixRouter(config-flow-cache)# cache entries 2046Router(config-flow-cache)# cache timeout inactive 200Router(config-flow-cache)# cache timeout active 45Router(config-flow-cache)# export destination 10.42.42.1 9992Router(config-flow-cache)# enabledProtocol Port Configuration
The following example shows how to configure a Protocol Port aggregation cache with a cache size of 2046, an inactive timeout of 200 seconds, a cache active timeout of 45 minutes, an export destination IP address of 10.42.42.1, and a destination port of 9992.
Router(config)# ip flow-aggregation cache protocol-portRouter(config-flow-cache)# cache entries 2046Router(config-flow-cache)# cache timeout inactive 200Router(config-flow-cache)# cache timeout active 45Router(config-flow-cache)# export destination 10.42.42.1 9992Router(config-flow-cache)# enabledSource Prefix Configuration
The following example shows how to configure a Source Prefix aggregation cache with a cache size of 2046, an inactive timeout of 200 seconds, a cache active timeout of 45 minutes, an export destination IP address of 10.42.42.1, and a destination port of 9992.
Router(config)# ip flow-aggregation cache source-prefixRouter(config-flow-cache)# cache entries 2046Router(config-flow-cache)# cache timeout inactive 200Router(config-flow-cache)# cache timeout active 45Router(config-flow-cache)# export destination 10.42.42.1 9992Router(config-flow-cache)# enabledCommand Reference
This section documents new commands you can use to configure the Cisco IOS NetFlow Aggregation feature. All other commands used with this feature are documented in the Cisco IOS Release 12.0 Switching Services command reference publication.
•
•
In Cisco IOS Release 12.0(1)T or later, you can search and filter the output for show and more commands. This functionality is useful when you need to sort through large amounts of output, or if you want to exclude output that you do not need to see.
To use this functionality, enter a show or more command followed by the "pipe" character (|), one of the keywords begin, include, or exclude, and an expression that you want to search or filter on:
command | {begin | include | exclude} regular-expression
Following is an example of the show atm vc command in which you want the command output to begin with the first line where the expression "PeakRate" appears:
show atm vc | begin PeakRate
For more information on the search and filter functionality, refer to the Cisco IOS Release 12.0(1)T feature module titled CLI String Search.
cache
To configure aggregation cache operational parameters, use the cache aggregation cache configuration command.
To disable the operational parameters, use the no form of this command.
cache {entries number | timeout [active minutes | inactive seconds]}
no cache {entries number | timeout [active minutes | inactive seconds]}Syntax Description
Defaults
The default for cache entries is 4096.
The default for active cache entries is 30 minutes.
The default for inactive cache entries is 15 seconds.
Command Modes
Aggregation cache configuration
Command History
Examples
The following example shows how to set the aggregation cache entry limits:
cache entries 2046cache timeout inactive 199Related Commands
Enables an aggregation cache.
Enables aggregation cache export.
Enables aggregation cache configuration mode.
Displays aggregation cache contents.
Displays data export statistics.
default
To enable a default aggregation cache, use the default interface configuration command.
default [cache | enabled | export]
Syntax Description
cache
Configure NetFlow cache parameters.
enabled
Enable the aggreation cache.
export
Specify host/port to send flow statistics.
Defaults
No default behavior or values.
Command Modes
Aggregation cache configuration
Command History
Examples
The following example shows how to use the default command:
ip flow-aggregation cache asdefault enabledRelated Commands
enabled
To enable an aggregation cache, use the enabled interface configuration command.
enabled
Syntax Description
This command has no keywords and arguments.
Defaults
No default behavior or values.
Command Modes
Aggregation cache configuration
Command History
Examples
The following example shows how to use the enabled command:
enabledRelated Commands
Configures aggregation cache operational parameters.
Enables aggregation cache export.
Enables aggregation cache configuration mode.
Displays data export statistics
exit
To leave aggregation cache mode, use the exit aggregation cache configuration command.
exit
Syntax Description
This command has no keywords and arguments.
Defaults
No default behavior or values.
Command Modes
Aggregation cache configuration
Command History
Examples
The following example shows how to use the exit command:
exitRelated Commands
export destination
To enable the exporting of information from NetFlow aggregation caches, use the export destination aggregation cache configuration command.
To disable the exporting of NetFlow aggregation cache information, use the no form of this command.
export destination ip-address port
no export destination ip-address portSyntax Description
Defaults
An export destination is not set.
Command Modes
Aggregation cache configuration
Command History
Usage Guidelines
For version 8 data exports, the maximum number of aggregated flow records and the maximum byte size of each UDP datagram are as follows:
Examples
The following example shows how to configure an export destination for an aggregation cache:
export destination 10.41.41.1 9992Related Commands
ip flow-aggregation cache
To enable aggregation cache configuration mode, use the ip flow-aggregation cache global configuration command.
To disable aggregation cache configuration mode, use the no form of this command.
ip flow-aggregation cache {as | destination-prefix | prefix | protocol-port | source-prefix}
no ip flow-aggregation cache {as | destination-prefix | prefix | protocol-port | source-prefix}Syntax Description
Defaults
This command is not enabled by default.
Command Modes
Global configuration
Command History
Examples
The following example shows how to enable an autonomous system aggregation scheme:
ip flow-aggregation cache asenableRelated Commands
Configures aggregation cache operational parameters.
Enables an aggregation cache.
Enables aggregation cache export.
Displays aggregation cache contents.
show ip cache flow aggregation
To display the aggregation cache configuration, use the show ip cache flow aggregation EXEC command.
show ip cache flow aggregation type
Syntax Description
type
Displays a particular aggregation cache's configuration: autonomous system, destination prefix, prefix, protocol-port, or source prefix.
Defaults
No default behavior or values.
Command Modes
EXEC
Command History
Usage Guidelines
Examples
The following example shows how to use the show ip cache flow aggregation command:
show ip cache flow aggregation asIP Flow Switching Cache, 278544 bytes2 active, 4094 inactive, 13 added178 ager polls, 0 flow alloc failuresSrc If Src AS Dst If Dst AS Flows Pkts B/Pk ActiveFa1/0 0 Null 0 1 2 49 10.2Fa1/0 0 Se2/0 20 1 5 100 0.0Related Commands
show ip flow export
To display the statistics for the data export including the main cache and all other enabled caches, use the show ip flow export EXEC command.
show ip flow export
Syntax Description
This command has no keywords and arguments.
Defaults
No default behavior or values.
Command Modes
EXEC
Command History
Examples
The following example shows how to use the show ip flow export command:
show ip flow exportFlow export is enabledExporting flows to 203.20.40.1 (9991)Version 5 flow records, peer-as1136 flows exported in 917 udp datagrams0 flows exported in 0 udp datagrams0 flows failed due to lack of export packet0 export packets were sent up to process level0 export packets were dropped due to no fib0 export packets were dropped due to adjacency issues0 export packets were dropped enqueuing for the RP0 export packets were dropped due to IPC rate limitingRelated Commands
Configures aggregation cache operational parameters.
Enables aggregation cache export.
Enables aggregation cache configuration mode.
