Networking Software (IOS & NX-OS)

Table Of Contents

Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Finding Feature Information

Contents

Prerequisites for NetFlow BGP Next Hop Support

Restrictions for NetFlow BGP Next Hop Support

Information About NetFlow BGP Next Hop Support

NetFlow BGP Next Hop Support Benefits

NetFlow BGP Next Hop Support and NetFlow Aggregation

How to Configure NetFlow BGP Next Hop Support

Configuring NetFlow BGP Next Hop Accounting

Troubleshooting Tips

Verifying the Configuration

Configuration Examples for NetFlow BGP Next Hop Support

Example: Configuring NetFlow BGP Next Hop Accounting

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for NetFlow BGP Next Hop Support

Glossary

Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

---

First Published: June 19, 2006

Last Updated: April 15, 2011

This document provides information about and instructions for configuring NetFlow Border Gateway Protocol (BGP) next hop support. This feature lets you measure network traffic on a per BGP next hop basis. NetFlow is a Cisco IOS application that provides statistics on packets flowing through the router. It is emerging as a primary network accounting and security technology.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for NetFlow BGP Next Hop Support" section.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

•Prerequisites for NetFlow BGP Next Hop Support

•Restrictions for NetFlow BGP Next Hop Support

•Information About NetFlow BGP Next Hop Support

•How to Configure NetFlow BGP Next Hop Support

•Configuration Examples for NetFlow BGP Next Hop Support

•Additional References

•Feature Information for NetFlow BGP Next Hop Support

•Glossary

Prerequisites for NetFlow BGP Next Hop Support

Before you can configure the NetFlow BGP Next Hop Support feature, you must:

•Configure the router for IP routing

•Configure Cisco Express Forwarding (formerly known as CEF) switching or distributed Cisco Express Forwarding (formerly known as dCEF) switching on the router and on the interfaces that you want to enable NetFlow on (fast switching is not supported)

•Configure NetFlow v9 (Version 9) data export (if only Version 5 is configured, then BGP next hop data is visible in the caches, but is not exported)

•Configure BGP

Restrictions for NetFlow BGP Next Hop Support

Cisco IOS Releases 12.2(14)S, 12.0(22)S, or 12.2(15)T

If your router is running a version of Cisco IOS prior to releases 12.2(14)S, 12.0(22)S, or 12.2(15)T the ip route-cache flow command is used to enable NetFlow on an interface.

If your router is running Cisco IOS Release 12.2(14)S, 12.0(22)S, 12.2(15)T, or later releases the ip flow ingress command is used to enable NetFlow on an interface.

Recursive Load Sharing

The NetFlow cache does not capture the BGP next hop when the route to that BGP next hop is recursively load-shared via several IGP links. Instead, the NetFlow cache captures (as the BGP next hop) the effective simple next hop from among a random selection of the load-shared routes to which the BGP route recurses.

Memory Impact

For BGP-controlled routes, the NetFlow BGP Next Hop Support feature adds 16 bytes to each NetFlow flow record. This increases memory requirements by 16 bytes times the number of flow cache entries that have BGP-controlled prefixes.

Performance Impact

Because the BGP next hop is fetched from the Cisco Express Forwarding path only once per flow, the performance impact of the NetFlow BGP Next Hop Support feature is minimal.

IPv6 and BGP Next Hop

When connected at Layer 3 using an IPv6 address, BGP installs a link-local next hop and a null BGP next hop in Cisco Express Forwarding. NetFlow uses the IPv6 predefined record "netflow ipv6 bgp-nexhop" or a user-defined record containing the match field "routing next-hop address ipv6 bgp" and matches the link-local next hop and a null BGP next hop with the switching software installed on the router.

Information About NetFlow BGP Next Hop Support

•NetFlow BGP Next Hop Support Benefits

•NetFlow BGP Next Hop Support and NetFlow Aggregation

NetFlow BGP Next Hop Support Benefits

Without the NetFlow BGP Next Hop Support feature, NetFlow exports only IP next hop information (which provides information for only the next router). This feature adds BGP next hop information to the data export.

The NetFlow BGP Next Hop Support feature lets you find out through which service provider the traffic is going. This functionality is useful if you have arrangements with several other service providers for fault-protected delivery of traffic. The feature lets you charge customers more per packet when traffic has a more costly destination—you can pass on some of the cost associated with expensive transoceanic links or charge more when traffic is sent to another ISP with which you have an expensive charge agreement.

This feature requires the NetFlow Version 9 export format for its data export.

NetFlow BGP Next Hop Support and NetFlow Aggregation

The Cisco IOS NetFlow Aggregation feature summarizes NetFlow export data on a router before the data is exported to the NetFlow Collection Engine (formerly called the NetFlow FlowCollector). The NetFlow BGP Next Hop Support feature provides the BGP next hop and its related aggregation scheme and provides BGP next hop information within each NetFlow record.

How to Configure NetFlow BGP Next Hop Support

•Configuring NetFlow BGP Next Hop Accounting (required)

•Verifying the Configuration (optional)

Configuring NetFlow BGP Next Hop Accounting

Perform this task to configure NetFlow BGP next hop accounting for the main cache and aggregation caches. You can enable the export of origin autonomous system (AS) information or peer AS information, but not both.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip flow-export version 9 [origin-as | peer-as] bgp-nexthop

4. ip flow-aggregation cache bgp-nexthop-tos

5. enabled

6. exit

7. interface interface-type interface-number

8. ip flow {ingress | egress}

9. exit

10. Repeat Steps 7 through 9 to enable NetFlow on other interfaces

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip flow-export version 9 [origin-as | peer-as] bgp-nexthop Example: Router(config)# ip flow-export version 9 origin-as bgp-nexthop	Enables the export of information in NetFlow cache entries. •version 9—Specifies that the export packet uses the Version 9 format. •origin-as—Includes the origin autonomous system (AS) for the source and destination in the export statistics. •peer-as—Includes the peer AS for the source and destination in the export statistics. •bgp-nexthop—Includes BGP next hop-related information in the export statistics. This command enables the export of origin AS information and BGP next hop information from the NetFlow main cache. Caution Entering this command on a Cisco 12000 Series Internet Router causes packet forwarding to stop for a few seconds while NetFlow reloads the route processor and line card Cisco Express Forwarding tables. To avoid interruption of service to a live network, apply this command during a change window, or include it in the startup-config file to be executed during a router reboot.
Step 4	ip flow-aggregation cache bgp-nexthop-tos Example: Router(config)# ip flow-aggregation cache bgp-nexthop-tos	(Optional) Enables NetFlow aggregation cache schemes and enters aggregation cache configuration mode. •bgp-nexthop-tos—Configures the BGP next hop type of service (ToS) aggregation cache scheme.
Step 5	enabled Example: Router(config-flow-cache)# enabled	Enables the aggregation cache.
Step 6	exit Example: Router(config)# exit	Exits aggregation cache configuration mode and returns to global configuration mode. Note You only need to use this command if you want to enable NetFlow on an interface.
Step 7	interface interface-type interface-number Example: Router(config)# interface ethernet 0/0	Specifies the interface on which you want to enable NetFlow and enters interface configuration mode.
Step 8	ip flow {ingress | egress} Example: Router(config-if)# ip flow ingress	Enables NetFlow on the interface. •ingress—Captures traffic that is being received by the interface. •egress—Captures traffic that is being transmitted by the interface.
Step 9	exit Example: Router(config-if)# exit	(Optional) Exits interface configuration mode and returns to global configuration mode. Note You only need to use this command if you want to enable NetFlow on another interface.
Step 10	Repeat Steps 7 through 9 to enable NetFlow on other interfaces.	(Optional) —

Troubleshooting Tips

If there are no BGP-specific flow records in the NetFlow cache, make sure that Cisco Express Forwarding or distributed Cisco Express Forwarding switching is enabled and that the destination for NetFlow data export is configured. Check the routing table for BGP routes also.

Verifying the Configuration

Perform this task to verify the configuration of NetFlow BGP next hop accounting.

SUMMARY STEPS

1. enable

2. show ip cache verbose flow

3. show ip cache flow aggregation bgp-nexthop-tos

4. exit

DETAILED STEPS

---

Step 1 enable

Use this command to enable privileged EXEC mode. Enter your password if required. For example:

Router> enable

Router#

Step 2 show ip cache verbose flow

Use this command to verify successful configuration of NetFlow BGP next hop accounting. For example:

Router# show ip cache verbose flow

IP packet size distribution (120 total packets):

   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480

   .000 .000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608

   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 17826816 bytes

  8 active, 262136 inactive, 8 added

  26 ager polls, 0 flow alloc failures

  Active flows timeout in 30 minutes

  Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 1081480 bytes

  8 active, 65528 inactive, 8 added, 8 added to flow

  0 alloc failures, 0 force free

  1 chunk, 1 chunk added

  last clearing of statistics never

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

SrcIf          SrcIPaddress    DstIf          DstIPaddress    Pr TOS Flgs Pkts

Port Msk AS                    Port Msk AS    NextHop              B/Pk   Active

MUL:M_Opaks  M_Obytes BGP:BGP_NextHop

Et0/0/2        12.0.0.2        Et0/0/4        13.0.0.5        01 00  10   20

0000 /8  0                     0800 /8  0     11.0.0.6              100   0.0

BGP:26.0.0.6

Et0/0/2        12.0.0.2        Et0/0/4        15.0.0.7        01 00  10   20

0000 /8  0                     0800 /8  0     11.0.0.6              100   0.0

BGP:26.0.0.6

Et0/0/2        12.0.0.2        Et0/0/4        15.0.0.7        01 00  10   20

0000 /8  0                     0000 /8  0     11.0.0.6              100   0.0

BGP:26.0.0.6

This command displays a detailed summary of NetFlow statistics (including additional NetFlow fields in the header when NetFlow Version 9 data export is configured).

Step 3 show ip cache flow aggregation bgp-nexthop-tos

Use this command to verify the configuration of a BGP next hop ToS aggregation cache. For example:

Router# show ip cache flow aggregation bgp-nexthop-tos

IP Flow Switching Cache, 278544 bytes

  1 active, 4095 inactive, 1 added

  8 ager polls, 0 flow alloc failures

  Active flows timeout in 30 minutes

  Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 17224 bytes

  1 active, 1023 inactive, 1 added, 1 added to flow

  0 alloc failures, 0 force free

  1 chunk, 1 chunk added

Src If         Src AS  Dst If         Dst AS  TOS Flows   Pkts  B/Pk

Active

BGP NextHop

Et0/0/2        0       Et0/0/4           0     00    9     36     40

8.2

BGP:26.0.0.6

Step 4 exit

Return to user EXEC mode. For example:

Router# exit

Router> 

---

Configuration Examples for NetFlow BGP Next Hop Support

•Example: Configuring NetFlow BGP Next Hop Accounting

Example: Configuring NetFlow BGP Next Hop Accounting

The following example shows how to configure NetFlow BGP next hop accounting with origin AS and BGP next hop statistics for the main cache:

configure terminal

!

ip flow-export version 9 origin-as bgp-nexthop

ip flow-export destination 172.16.10.2 991

!

interface ethernet 0/0

 ip flow ingress

!

end

The following example shows how to configure a NetFlow BGP next hop ToS aggregation cache scheme:

configure terminal

!

 ip flow-aggregation cache bgp-nexthop-tos

 export destination 172.16.10.2 991

 enabled 

!

interface ethernet 0/0

 ip flow ingress

!

 end

Additional References

Related Documents

Related Topic	Document Title
Cisco IOS commands	Cisco IOS Master Commands List, All Releases
NetFlow commands	Cisco IOS NetFlow Command Reference
Overview of Cisco IOS NetFlow	Cisco IOS NetFlow Overview
Configuring NetFlow and NetFlow Data Export	Configuring NetFlow and NetFlow Data Export

Standards

Standard	Title
None	—

MIBs

MIB	MIBs Link
None	To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFC	Title
None	—

Technical Assistance

Description	Link
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.	http://www.cisco.com/cisco/web/support/index.html

Feature Information for NetFlow BGP Next Hop Support

Table 1 lists the release history for this feature.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

---

Note Table 1 lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

---

Table 1 Feature Information for NetFlow BGP Next Hop Support 

Feature Name	Software	Feature Configuration Information
NetFlow BGP Next Hop Support	12.0(26)S 12.2(18)S 12.2(27)SBC 12.3(1) 15.0(1)S	The NetFlow Border Gateway Protocol (BGP) Next Hop Support feature lets you measure network traffic on a per BGP next hop basis. Without the NetFlow BGP Next Hop Support feature, NetFlow exports only IP next hop information (which provides only the address of the next router). This feature adds BGP next hop information to the data export. The following sections provide information about this feature: •Information About NetFlow BGP Next Hop Support •Configuring NetFlow BGP Next Hop Accounting The following commands were introduced or modified: ip flow-aggregation cache, ip flow-export, show ip cache flow aggregation, show ip cache verbose flow.

Glossary

BGP—Border Gateway Protocol. Interdomain routing protocol that replaces Exterior Gateway Protocol (EGP). BGP exchanges reachability information with other BGP systems. It is defined by RFC 1163.

BGP next hop—IP address of the next hop to be used to reach a specific destination.

CEF—Cisco Express Forwarding. A Layer 3 IP switching technology that optimizes network performance and scalability for networks with large and dynamic traffic patterns.

dCEF—distributed Cisco Express Forwarding. A type of CEF switching in which line cards (such as Versatile Interface Processor (VIP) line cards) maintain identical copies of the forwarding information base (FIB) and adjacency tables. The line cards perform the express forwarding between port adapters; this relieves the Route Switch Processor of involvement in the switching operation.

fast switching—Cisco feature in which a route cache expedites packet switching through a router.

FIB—forwarding information base. A table containing the information needed to forward IP datagrams. At a minimum, this table contains the interface identifier and next hop information for each reachable destination network prefix. The FIB is distinct from the routing table (also called the routing information base), which holds all routing information received from routing peers.

flow—(NetFlow) A set of packets with the same source IP address, destination IP address, source and destination ports, and type of service, and the same interface on which flow is monitored. Ingress flows are associated with the input interface, and egress flows are associated with the output interface.

NetFlow—A Cisco IOS application that provides statistics on packets flowing through the router. It is emerging as a primary network accounting and security technology.

NetFlow Aggregation—A NetFlow feature that lets you summarize NetFlow export data on an IOS router before the data is exported to a NetFlow data collection system such as the NetFlow Collection Engine. This feature lowers bandwidth requirements for NetFlow export data and reduces platform requirements for NetFlow data collection devices.

NetFlow Collection Engine (formerly NetFlow FlowCollector)—Cisco application that is used with NetFlow on Cisco routers and Catalyst series switches. The NetFlow Collection Engine collects packets from the router that is running NetFlow and decodes, aggregates, and stores them. You can generate reports on various aggregations that can be set up on the NetFlow Collection Engine.

NetFlow v9—NetFlow export format Version 9. A flexible and extensible means for carrying NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.

ToS—type of service byte. Second byte in the IP header that indicates the desired quality of service for a particular datagram.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2006-2011 Cisco Systems, Inc. All rights reserved.