Downloads |
Table Of Contents
Prerequisites for NetFlow Egress Support
Restrictions for NetFlow Egress Support
Information About NetFlow Egress Support
Benefits of NetFlow Egress Support
How to Configure NetFlow Egress Support
Configuring NetFlow Egress Support
Configuration Examples for NetFlow Egress Support
NetFlow Egress Support Configuration: Example
Verifying NetFlow Egress Support Configuration: Example
ip flow-egress input-interface
Egress NetFlow Accounting
NetFlow is a technology that provides highly granular per-flow statistics on traffic in a Cisco router. The NetFlow Egress Support feature allows NetFlow accounting to be implemented for egress (outgoing) traffic on an interface or subinterface.
Feature History for the NetFlow Egress Support Feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Prerequisites for NetFlow Egress Support
•
•
•
•
Prerequisites for NetFlow Egress Support
On of the following switching features must be enabled before the NetFlow Egress Support feature can be implemented:
•
or•
or•
Restrictions for NetFlow Egress Support
Locally generated traffic (traffic that is generated by the router on which the NetFlow Egress Support feature is configured) will not be counted as flow traffic for the NetFlow Egress Support feature.
The NetFlow Egress Support feature captures NetFlow statistics for IP traffic only. MPLS statistics are not captured. The MPLS Egress NetFlow Accounting feature can be used on a provider edge (PE) router to capture IP traffic flow information for egress IP packets that arrived at the router as an MPLS packet and underwent label disposition.
Information About NetFlow Egress Support
To configure the NetFlow Egress Support feature, you should understand the following concepts:
•
NetFlow Egress Support
NetFlow is a technology that collects traffic flow statistics on routing devices. NetFlow has been used for a variety of applications, including traffic engineering, usage-based billing, and denial of service (DoS) attack monitoring.
Previous versions of NetFlow allow statistics to be gathered only on traffic that is entering the router, or ingress traffic. The NetFlow Egress Support feature allows NetFlow statistics to be gathered on traffic that is exiting the router, or egress traffic.
Benefits of NetFlow Egress Support
The NetFlow Egress Support feature greatly simplifies NetFlow configuration for some accounting scenarios. The following example shows such a scenario.
In Figure 1 and Figure 2, both incoming and outgoing (ingress and egress) flow statistics are required for the server. The server is attached to Router B. The "cloud" in the figure represents the core of the network and includes Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs).
All traffic denoted by the arrows must be accounted for. The solid arrows represent IP traffic and the dotted arrows represent MPLS VPNs.
Figure 1 shows how the flow traffic would have to be tracked before the introduction of the NetFlow Egress Support feature. Since only ingress flows could be tracked before the NetFlow Egress Support feature was introduced, the following NetFlow configurations would have to be implemented to track both ingress and egress flows from Router B:
•
•
•
•
Figure 1 Ingress-Only NetFlow Example
A configuration such as the one used in Figure 1 requires that NetFlow statistics from three separate routers be added together to obtain the flow statistics for the server.
In comparison, the example in Figure 2 utilizes NetFlow, the NetFlow Egress Support feature and the MPLS Egress NetFlow Accounting feature to capture ingress and egress flow statistics for Router B, thus obtaining the required flow statistics for the server.
In Figure 2, the following NetFlow configurations would be applied to Router B:
•
•
•
•
After the NetFlow configurations have been entered for Router B, all NetFlow statistics for the server can be captured by entering the show ip cache flow command or the show ip cache verbose flow command for Router B.
Figure 2 NetFlow Egress Support Example
How to Configure NetFlow Egress Support
This section contains the following procedure:
•
Configuring NetFlow Egress Support
The NetFlow Egress Support feature must be configured before you can start gathering egress flow statistics for the router.
SUMMARY STEPS
1.
2.
3.
or
ip cef distributed
or
interface type [number | slot/port]
ip route-cache4.
5.
or
flow-sampler sampler-map-name egress
DETAILED STEPS
Configuration Examples for NetFlow Egress Support
This section provides the following configuration examples:
•
•
NetFlow Egress Support Configuration: Example
The following example shows a sample configuration for the NetFlow Egress Support feature.
enableconfigure terminalinterface Ethernet0/0ip flow egressexitexitexitVerifying NetFlow Egress Support Configuration: Example
The following example displays the output of the show ip cache flow command.
Router# show ip cache flowIP packet size distribution (35 total packets):1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480.000 .000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000IP Flow Switching Cache, 278544 bytes0 active, 4096 inactive, 3 added52 ager polls, 0 flow alloc failuresActive flows timeout in 30 minutesInactive flows timeout in 15 secondsIP Sub Flow Cache, 17416 bytes0 active, 1024 inactive, 3 added, 3 added to flow0 alloc failures, 0 force free1 chunk, 2 chunks addedlast clearing of statistics neverProtocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow /FlowICMP 3 0.0 11 100 0.0 1.6 15.5Total: 3 0.0 11 100 0.0 1.6 15.5SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP PktsEt0/0 10.0.0.1 Et0/0* 10.0.1.1 01 0000 0000 5Et0/1 10.0.0.2 Et0/1 10.0.1.2 01 0000 0000 5The asterisk (*) immediately following the "DstIf" field indicates that the flow being shown is an egress flow.
Note
For more information on the output fields, refer to the documentation for the show ip cache flow command.
Additional References
The following sections provide references related to NetFlow Egress Support.
Related Documents
General NetFlow Overview
NetFlow Overview section of the Cisco IOS Switching Configuration Guide, Release 12.3
MPLS-Aware NetFlow feature
MPLS-Aware NetFlow feature module
MPLS Egress NetFlow Accounting feature
MPLS Egress NetFlow Accounting feature module
Standards
MIBs
RFCs
Technical Assistance
Command Reference
This section documents new and modified commands only.
•
flow-sampler
To enable a flow sampler, use the flow-sampler command in interface configuration mode. To disable a flow sampler, use the no form of this command.
flow-sampler sampler-map-name
no flow-sampler sampler-map-name
Syntax Description
Defaults
Flow samplers are disabled.
Command Modes
Interface configuration
Command History
12.3(2)T
This command was introduced.
12.0(26)S
This command was integrated into Cisco IOS Release 12.0(26)S.
Usage Guidelines
You must disable full NetFlow before enabling Statistical Sampling NetFlow Export.
Disabling Statistical Sampling NetFlow Export on an interface does not enable full NetFlow. This restriction prevents the transition to full NetFlow from overwhelming the interface. You must explicitly enable full NetFlow if desired.
Examples
The following example shows how to enable a flow sampler. In this example, a flow sampler map named mysampler1 is applied to Ethernet interface 1:
Router(config)# interface ethernet 1Router(config-if)# flow-sampler mysampler1Related Commands
ip flow egress
To configure egress support for NetFlow on an interface or subinterface, use the ip flow egress command in interface configuration mode or subinterface configuration mode. To disable egress support for NetFlow on an interface or subinterface, use the no form of this command.
ip flow egress
no ip flow egress
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Interface configuration
Subinterface configurationCommand History
Usage Guidelines
Use this command to configure egress support for NetFlow on an interface or subinterface.
Examples
The following example shows how to configure NetFlow on a Fast Ethernet subinterface 6/3.0:
Router(config)# interface FastEthernet6/3.0Router(config-subif)# ip flow egressRelated Commands
ip flow-egress input-interface
To remove the flow key that specifies an output interface and to add a flow key that specifies an input interface for NetFlow egress statistics, use the ip flow-egress input-interface command in interface configuration mode or subinterface configuration mode. To change the flow key back from an input interface to an output interface for NetFlow egress statistics, use the no form of this command.
ip flow-egress input-interface
no ip flow-egress input-interface
Syntax Description
This command has no arguments or keywords.
Defaults
NetFlow egress statistics use the output interface as part of the flow key by default.
Command Modes
Global configuration
Command History
Usage Guidelines
When the NetFlow Egress Support feature is configured, by default it uses the output interface as part of the flow key. The ip flow-egress input-interface command changes the key for egress flows so that the ingress interface is used instead of the output interface. This command is used to create a new flow for each input interface.
Examples
In the following example, the following action is performed:
•
Router> enableRouter# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# ip flow-egress input-interfaceRelated Commands
ip flow egress
Configures egress support for NetFlow on an interface or subinterface.
show ip flow interface
Displays NetFlow configuration on interfaces.
match (NetFlow)
To specify match criteria for the NetFlow MIB and Top Talkers feature, use the match command in NetFlow top talkers configuration mode. To remove match criteria for the NetFlow MIB and Top Talkers feature, use the no form of this command.
match [[source address | destination address | nexthop address] [ip-address] [mask | /nn]] [[source port | destination port] [port-number | min port | max port | min port max port]] [[source as | destination as] as-number] [[input-interface | output-interface] interface] [tos [tos-value | dscp dscp-value | precedence precedence-value]] [protocol [protocol-number | tcp | udp]] [flow-sampler flow-sampler-name] [class-map class] [packet-range | byte-range [[min-range-number max-range-number] [min minimum-range | max maximum-range | min minimum-range max maximum-range] [direction [ingress | egress]]]
no match [[[source address | destination address | nexthop address]] [ip-address] [mask | /nn]] [[[source port | destination port]] [port-number | min port | max port | min port max port]] [[[source as | destination as]] as-number] [[[input-interface | output-interface]] interface] [[tos] [tos-value | [dscp] dscp-value | [precedence] precedence-value]] [[protocol] [protocol-number | [tcp | udp]]] [[flow-sampler] flow-sampler-name] [[class-map] class] [[packet-range | byte-range] [[min-range-number max-range-number] [min minimum-range | max maximum-range | min minimum-range max maximum-range] [direction [ingress | egress]]]
Syntax Description
Defaults
No matching criteria are specified by default. All top talkers will be displayed.
Command Modes
NetFlow top talkers configuration
Command History
12.2(25)S
This command was introduced.
12.3(11)T
This command was integrated into Cisco IOS Release 12.3(11)T. The direction, ingress, and egress keywords were added.
Usage Guidelines
Use this command to specify match criteria for the NetFlow MIB and Top Talkers feature. Using matching criteria is useful to restrict the list of top talkers.
If you are using a MIB and using simple network management protocol (SNMP) commands to configure this feature, refer to the following table for a mapping of the command-line interface (CLI) commands to the MIB SNMP commands:
Table 1 Router CLI Commands and Equivalent SNMP Commands
match source address [ip-address] [mask | /nn]
cnfTopFlowsMatchSrcAddress ip-address
cnfTopFlowsMatchSrcAddressType type1
cnfTopFlowsMatchSrcAddressMask mask
match destination address [ip-address] [mask | /nn]
cnfTopFlowsMatchDstAddress ip-address
cnfTopFlowsMatchDstAddressType type1
cnfTopFlowsMatchDstAddressMask mask
match nexthop address] [ip-address] [mask | /nn]]
cnfTopFlowsMatchNhAddress ip-address
cnfTopFlowsMatchNhAddressType type1
cnfTopFlowsMatchNhAddressMask mask
match source port min port
cnfTopFlowsMatchSrcPortLo port
match source port max port
cnfTopFlowsMatchSrcPortHi port
match destination port min port
cnfTopFlowsMatchDstPortLo port
match destination port max port
cnfTopFlowsMatchDstPortHi port
match source as as-number
cnfTopFlowsMatchSrcAS as-number
match destination as as-number
cnfTopFlowsMatchDstAS as-number
match input-interface interface
cnfTopFlowsMatchInputIf interface
match output-interface interface
cnfTopFlowsMatchOutputIf interface
match tos [tos-value | dscp dscp-value | precedence precedence-value]
cnfTopFlowsMatchTOSByte tos-value2
match protocol [protocol-number | tcp | udp]
cnfTopFlowsMatchProtocol protocol-number
match flow-sampler flow-sampler-name
cnfTopFlowsMatchSampler flow-sampler-name
match class-map class
cnfTopFlowsMatchClass class
match packet-range min minimum-range
cnfTopFlowsMatchMinPackets minimum-range
match packet-range max maximum-range
cnfTopFlowsMatchMaxPackets maximum-range
match byte-range min minimum-range
cnfTopFlowsMatchMinBytes minimum-range
match byte-range max maximum-range
cnfTopFlowsMatchMaxPackets maximum-range
direction [ingress | egress]
cnfTopFlowsMatchDirection [flowDirNone(0) | flowDirIngress(1) | flowDirEgress(2)]
1 The only IP version type that is currently supported is IPv4 (type 1).
2 The tos-value argument consists of 6 bits for DSCP, 3 bits for precedence, and 8 bits (one byte) for ToS.
Examples
The following example enters NetFlow top talkers configuration mode and specifies that the top talkers will contain the following characteristics:
•
•
Router(config)# ip flow-top-talkersRouter(config-flow-top-talkers)# match source address 10.1.1.1/28Router(config-flow-top-talkers)# match destination as 64512Related Commands
show ip cache flow
To display a summary of the NetFlow switching statistics, use the show ip cache flow command in user EXEC or privileged EXEC mode.
show ip cache flow
Syntax Description
This command has no keywords or arguments.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Some of the content in the display of the show ip cache flow command uses multi-line headings and multi-line data fields. Figure 4 shows how to associate the headings with the correct data fields when there are two lines of headings and two lines of data fields. The first line of the headings is associated with the first line of data fields. The second line of the headings is associated with the second line of data fields.
When other features such as IP Multicast are configured the number of lines in the headings and data fields will increase. The method for associating the headings with the correct data fields remains the same.
Figure 3 How to use the multi-line headings and multi-line data fields in the display output of the show ip cache flow command
Displaying Detailed NetFlow Cache Information on Platforms Running Distributed Cisco Express Forwarding (dCEF)
On platforms running Distributed Cisco Express Forwarding (dCEF), NetFlow cache information is maintained on each line card or Versatile Interface Processor. To display this information on a distributed platform by use of the show ip cache flow command, you must enter the command at a line card prompt.
Cisco 7500 Series Platform
To display NetFlow cache information using the show ip cache flow command on a Cisco 7500 series router that is running dCEF, enter the following sequence of commands:
Router# if-con slot-numberLC-slot-number# show ip cache flowFor Cisco IOS Releases 12.3(4)T, 12.3(6), and 12.2(20)S and later, enter the following command to display NetFlow cache information:
Router# execute-on slot-number show ip cache flowCisco 12000 Series Platform
To display NetFlow cache information using the show ip cache flow command on a Cisco 12000 Series Internet router, enter the following sequence of commands:
Router# attach slot-numberLC-slot-number# show ip cache flowFor Cisco IOS Releases 12.3(4)T, 12.3(6), and 12.2(20)S and later, enter the following command to display NetFlow cache information:
Router# execute-on slot-number show ip cache flowExamples
The following is a sample display of a main cache using the show ip cache flow command:
Router# show ip cache flowIP packet size distribution (230151 total packets):1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480.999 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000The preceding output shows the percentage distribution of packets by size range. In this display, 99.9 percent of the packets fall in the size range from 1 to 32 bytes.
IP Flow Switching Cache, 4456448 bytes65509 active, 27 inactive, 820628747 added955454490 ager polls, 0 flow alloc failuresExporting flows to 1.1.15.1 (2057)820563238 flows exported in 34485239 udp datagrams, 0 failedlast clearing of statistics 00:00:03Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow /FlowTCP-BGP 71 0.0 1 49 0.0 2.5 15.8UDP-other 17 0.0 1 328 0.0 0.0 15.7ICMP 18966 6.7 10 28 72.9 0.1 22.9Total: 19054 6.7 10 28 72.9 0.1 22.9SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveEt1/1 52.52.52.1 Fd4/0 42.42.42.1 01 55 10 37480000 /8 50 0000 /8 40 202.120.130.2 28 17.8Et1/2 52.52.52.1 Fd4/0 42.42.42.1 01 CC 10 35680000 /8 50 0000 /8 40 202.120.130.2 28 17.8Et1/2 10.1.3.2 Fd4/0 42.42.42.1 01 C0 10 11240000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 11.1.3.2 Fd4/0 42.42.42.1 01 C0 10 11570000 /0 0 0000 /8 40 202.120.130.2 28 17.7Et1/2 14.1.3.2 Fd4/0 42.42.42.1 01 C0 10 11490000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 15.1.3.2 Fd4/0 42.42.42.1 01 C0 10 11270000 /0 0 0000 /8 40 202.120.130.2 28 17.7Et1/2 12.1.3.2 Fd4/0 42.42.42.1 01 C0 10 12040000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 13.1.3.2 Fd4/0 42.42.42.1 01 C0 10 11590000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 18.1.3.2 Fd4/0 42.42.42.1 01 C0 10 12230000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 19.1.3.2 Fd4/0 42.42.42.1 01 C0 10 12640000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 16.1.3.2 Fd4/0 42.42.42.1 01 C0 10 11700000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 17.1.3.2 Fd4/0 42.42.42.1 01 C0 10 11670000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 22.1.3.2 Fd4/0 42.42.42.1 01 C0 10 11930000 /0 0 0000 /8 40 202.120.130.2 28 17.8Et1/2 23.1.3.2 Fd4/0 42.42.42.1 01 C0 10 12120000 /0 0 0000 /8 40 202.120.130.2 28 17.7Et1/1 50.50.50.1 Local 31.31.31.1 06 C0 18 200B3 /32 0 2AF8 /32 0 0.0.0.0 49 10.1Et1/0 8.8.8.8 Et0/0* 9.9.9.9 01 00 10 30000 /8 302 0800 /8 300 3.3.3.3 100 0.1
Note
Table 2 describes the significant fields shown in the flow switching cache lines of the display.
Table 3 describes the significant fields shown in the activity by protocol lines of the display.
Table 4 describes the significant fields in the NetFlow record lines of the display.
Related Commands
show ip cache verbose flow
To display a detailed summary of NetFlow statistics, use the show ip cache verbose flow command in privileged EXEC mode.
show ip cache verbose flow
Syntax Description
This command has no keywords or arguments.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use the show ip cache verbose flow command to display flow record fields in the NetFlow cache in addition to the fields that are displayed with the show ip cache flow command. The values in the additional fields that are shown depend on the NetFlow features that are enabled and the flags that are set in the flow.
Note
Some of the content in the display of the show ip cache verbose flow command uses multi-line headings and multi-line data fields. Figure 4 shows how to associate the headings with the correct data fields when there are two lines of headings and two lines of data fields. The first line of the headings is associated with the first line of data fields. The second line of the headings is associated with the second line of data fields.
When other features such as IP Multicast are configured the number of lines in the headings and data fields will increase. The method for associating the headings with the correct data fields remains the same.
Figure 4 How to use the multi-line headings and multi-line data fields in the display output of the show ip cache verbose flow command
When the NetFlow Multicast Support feature is enabled, this command displays the number of replicated packets and the packet byte count for NetFlow multicast accounting. When you configure the NetFlow Version 9 Export Format feature, this command displays additional NetFlow fields in the header.
When you configure the MPLS-aware NetFlow feature, you can use the show ip cache verbose flow command to display both IP and MPLS portions of MPLS flows in the NetFlow cache on a router line card. To display only the IP portion of the flow record in the NetFlow cache when MPLS-aware NetFlow is configured, use the show ip cache flow command.
Displaying Detailed NetFlow Cache Information on Platforms Running Distributed Cisco Express Forwarding (dCEF)
On platforms running Distributed Cisco Express Forwarding (dCEF), NetFlow cache information is maintained on each line card or Versatile Interface Processor. To display this information on a distributed platform by use of the show ip cache verbose flow command, you must enter the command at a line card prompt.
Cisco 7500 Series Platform
To display detailed NetFlow cache information on a Cisco 7500 series router that is running distributed Cisco Express Forwarding (dCEF), enter the following sequence of commands:
Router# if-con slot-numberLC-slot-number# show ip cache verbose flowFor Cisco IOS Releases 12.3(4)T, 12.3(6), and 12.2(20)S and later, enter the following command to display detailed NetFlow cache information:
Router# execute-on slot-number show ip cache verbose flowCisco 12000 Series Platform
To display detailed NetFlow cache information on a Cisco 12000 series Internet router, enter the following sequence of commands:
Router# attach slot-numberLC-slot-number# show ip cache verbose flowFor Cisco IOS Releases 12.3(4)T, 12.3(6), and 12.2(20)S and later, enter the following command to display detailed NetFlow cache information:
Router# execute-on slot-number show ip cache verbose flowExamples
The following example shows output from the show ip cache verbose flow command:
Router# show ip cache verbose flowIP packet size distribution (6 total packets):1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480.000 .833 .166 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000The preceding output shows the percentage distribution of packets by size. In this display, 83.3 percent of the packets fall in the 64-byte size range and 16.6 percent fall in the 96-byte range.
The next section of the output can be divided into three sections. The section and the table corresponding to each are as follows:
•
•
•
IP Flow Switching Cache, 278544 bytes1 active, 4095 inactive, 2 added25 ager polls, 0 flow alloc failuresActive flows timeout in 30 minutesInactive flows timeout in 15 secondsIP Sub Flow Cache, 17096 bytes1 active, 1023 inactive, 2 added, 2 added to flow0 alloc failures, 0 force free1 chunk, 1 chunk addedlast clearing of statistics neverProtocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow /FlowTCP-BGP 1 0.0 4 57 0.0 0.3 15.4Total: 1 0.0 4 57 0.0 0.3 15.4SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveBGP: BGP NextHopEt0/0 3.3.3.3 Local 3.3.3.4 06 C0 18 22AF8 /24 0 00B3 /24 0 0.0.0.0 49 0.2BGP: 0.0.0.0Table 5 describes the significant fields shown in the NetFlow cache lines of the display.
Table 6 describes the significant fields shown in the activity by protocol lines of the display.
Table 6 show ip cache verbose flow Field Descriptions in Activity by Protocol Display
Protocol
IP protocol and the well-known port number. (Refer to http://www.iana.org, Protocol Assignment Number Services, for the latest RFC values.)
Note
Total Flows
Number of flows for this protocol since the last time statistics were cleared.
Flows/Sec
Average number of flows for this protocol per second; equal to the total flows divided by the number of seconds for this summary period.
Packets/Flow
Average number of packets for the flows for this protocol; equal to the total packets for this protocol divided by the number of flows for this protocol for this summary period.
Bytes/Pkt
Average number of bytes for the packets for this protocol; equal to the total bytes for this protocol divided by the total number of packets for this protocol for this summary period.
Packets/Sec
Average number of packets for this protocol per second; equal to the total packets for this protocol divided by the total number of seconds for this summary period.
Active(Sec)/Flow
Number of seconds from the first packet to the last packet of an expired flow (for example, TCP connection close request [FIN], timeout, and so on) divided by the total flows for this protocol for this summary period.
Idle(Sec)/Flow
Number of seconds observed from the last packet in each nonexpired flow for this protocol until the time at which this command was entered divided by the total flows for this protocol for this summary period.
Table 7 describes the significant fields in the NetFlow record lines of the display.
Table 7 show ip cache verbose flow Field Descriptions in NetFlow Record Display
SrcIf
Interface on which the packet was received.
Port Msk AS
Source port number (displayed in hexadecimal format), IP address mask, and autonomous system number. This is always set to 0 in MPLS flows.
SrcIPaddress
IP address of the device that transmitted the packet.
DstIf
Note
Port Msk AS
Destination port number (displayed in hexadecimal format), IP address mask, and autonomous system. This is always set to 0 in MPLS flows.
DstIPaddress
IP address of the destination device.
NextHop
The BGP next-hop address. This is always set to 0 in MPLS flows.
Pr
IP protocol "well-known" port number, displayed in hexadecimal format. (Refer to http://www.iana.org, Protocol Assignment Number Services, for the latest RFC values.)
TOS
Type of Service, displayed in hexadecimal format.
B/Pk
Average number of bytes observed for the packets seen for this protocol.
Flgs
TCP flags, shown in hexadecimal format (result of bitwise OR of TCP flags from all packets in the flow).
Pkts
Number of packets in this flow.
Active
Time the flow has been active.
The following example shows the NetFlow output of the show ip cache verbose cache flow command in which the sampler, class-id, and general flags are set. What is displayed for a flow depends on what flags are set in the flow. If the flow was captured by a sampler, the output shows the sampler ID. If the flow was marked by Modular QoS CLI (MQC), the display includes the class ID. If any general flags are set, the output includes the flags.
...SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveBGP: BGP NextHopEt1/0 8.8.8.8 Et0/0* 9.9.9.9 01 00 10 30000 /8 302 0800 /8 300 3.3.3.3 100 0.1BGP: 2.2.2.2 Sampler: 1 Class: 1 FFlags: 01Table 8 describes the significant fields shown in the NetFlow output for a sampler, for an MQC policy class, and for general flags.
The following example shows the NetFlow output for the show ip cache verbose flow command when NetFlow BGP next-hop accounting is enabled:
Router# show ip cache verbose flow...SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveMUL:M_Opaks M_Obytes BGP:BGP_NextHopEt0/0/2 12.0.0.2 Et0/0/4 13.0.0.5 01 00 10 200000 /8 0 0800 /8 0 11.0.0.6 100 0.0BGP:26.0.0.6Et0/0/2 12.0.0.2 Et0/0/4 15.0.0.7 01 00 10 200000 /8 0 0800 /8 0 11.0.0.6 100 0.0BGP:26.0.0.6Et0/0/2 12.0.0.2 Et0/0/4 15.0.0.7 01 00 10 200000 /8 0 0000 /8 0 11.0.0.6 100 0.0BGP:26.0.0.6Table 9 describes the significant fields shown in the NetFlow BGP next-hop accounting lines of the display.
The following example shows the NetFlow output for the show ip cache verbose flow command when NetFlow multicast accounting is configured:
Router# show ip cache verbose flow...SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveIPM:OPkts OBytesIPM: 0 0Et1/1/1 11.0.0.1 Null 227.1.1.1 01 55 10 1000000 /8 0 0000 /0 0 0.0.0.0 28 0.0IPM: 100 2800Et1/1/1 11.0.0.1 Se2/1/1.16 227.1.1.1 01 55 10 1000000 /8 0 0000 /0 0 0.0.0.0 28 0.0IPM: 0 0Et1/1/2 12.0.0.1 Et1/1/4 227.2.2.2 01 55 10 1000000 /8 0 0000 /0 0 0.0.0.0 28 0.1Et1/1/2 12.0.0.1 Null 227.2.2.2 01 55 10 1000000 /8 0 0000 /0 0 0.0.0.0 28 0.1IPM: 100 2800Table 10 describes the significant fields shown in the NetFlow multicast accounting lines of the display.
The following example shows the output for both the IP and MPLS portions of the flow record in the NetFlow cache when MPLS-aware NetFlow is enabled:
Router# show ip cache verbose flow...SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActivePO3/0 10.1.1.1 PO5/1 10.2.1.1 01 00 10 90100 /0 0 0200 /0 0 0.0.0.0 100 0.0Pos:Lbl-Exp-S 1:12305-6-0 (LDP/10.10.10.10) 2:12312-6-1Table 11 describes the significant fields shown in the display.
Related Commands
show ip flow interface
To display NetFlow configuration on interfaces, use the show ip flow interface command in privileged EXEC mode.
show ip flow interface
Syntax Description
This command has no keywords or arguments.
Command Modes
Privileged EXEC
Command History
12.3(7)T
This command was introduced.
12.3(11)T
Support for egress NetFlow accounting was added.
Usage Guidelines
Use this command to display the type of NetFlow configuration that is used on the router interfaces.
Examples
The following example shows that the following interface configurations have been applied:
•
•
•
•
Router# show ip flow interfaceEthernet0/0ip flow egressflow-sampler my_medium_samplingEthernet1/0ip route-cache flownetflow-sampler my_high_samplingRelated Commands
CCSP, the Cisco Square Bridge logo, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0406R)
