Cisco IOS NetFlow Configuration Guide, Release 12.2SR
Configuring NetFlow BGP Next Hop Support for Accounting and Analysis
Download this chapter
Configuring NetFlow BGP Next Hop Support for Accounting and AnalysisConfiguring NetFlow BGP Next Hop Support for Accounting and Analysis
Download the complete book
Cisco IOS NetFlow Configuration Guide, Release 12.2SRCisco IOS NetFlow Configuration Guide, Release 12.2SR (PDF - 5 MB)
give_us_feedback

Table Of Contents

Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Finding Feature Information

Contents

Prerequisites for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Restrictions for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Information About Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

NetFlow BGP Next Hop Support Benefits

NetFlow BGP Next Hop Support and NetFlow Aggregation

How to Configure NetFlow BGP Next Hop Support for Accounting and Analysis

Configuring NetFlow BGP Next Hop Accounting

Troubleshooting Tips

Verifying the Configuration

Configuration Examples for NetFlow BGP Next Hop Support for Accounting and Analysis

Configuring NetFlow BGP Next Hop Accounting: Examples

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Glossary


Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

First Published: June 19, 2006
Last Updated: June 19, 2006

This document provides information about and instructions for configuring NetFlow Border Gateway Protocol (BGP) next hop support. This feature lets you measure network traffic on a per BGP next hop basis.

NetFlow is a Cisco IOS application that provides statistics on packets flowing through the router. It is emerging as a primary network accounting and security technology.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

This document includes the following sections:

Prerequisites for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Restrictions for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Information About Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

How to Configure NetFlow BGP Next Hop Support for Accounting and Analysis

Configuration Examples for NetFlow BGP Next Hop Support for Accounting and Analysis

Additional References

Feature Information for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Glossary

Prerequisites for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Before you can configure the NetFlow BGP Next Hop Support feature, you must:

Configure the router for IP routing

Configure Cisco Express Forwarding (CEF) switching or distributed CEF (dCEF) switching on the router and on the interfaces that you want to enable NetFlow on (fast switching is not supported)

Configure NetFlow v9 (Version 9) data export (if only Version 5 is configured, then BGP next hop data is visible in the caches, but is not exported)

Configure BGP

Restrictions for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Cisco IOS Releases 12.2(14)S, 12.0(22)S, or 12.2(15)T

If your router is running a version of Cisco IOS prior to releases 12.2(14)S, 12.0(22)S, or 12.2(15)T the ip route-cache flow command is used to enable NetFlow on an interface.

If your router is running Cisco IOS release 12.2(14)S, 12.0(22)S, 12.2(15)T, or later the ip flow ingress command is used to enable NetFlow on an interface.

Recursive Load Sharing

The NetFlow cache does not capture the BGP next hop when the route to that BGP next hop is recursively load-shared via several IGP links. Instead, the NetFlow cache captures (as the BGP next hop) the effective simple next hop from among a random selection of the load-shared routes to which the BGP route recurses.

Memory Impact

For BGP-controlled routes, the NetFlow BGP Next Hop Support feature adds 16 bytes to each NetFlow flow record. This increases memory requirements by 16 bytes times the number of flow cache entries that have BGP-controlled prefixes.

Performance Impact

Because the BGP next hop is fetched from the CEF path only once per flow, the performance impact of the NetFlow BGP Next Hop Support feature is minimal.

Information About Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

To configure the NetFlow BGP Next Hop Support feature, you must understand the following concepts:

NetFlow BGP Next Hop Support Benefits

NetFlow BGP Next Hop Support and NetFlow Aggregation

NetFlow BGP Next Hop Support Benefits

Without the NetFlow BGP Next Hop Support feature, NetFlow exports only IP next hop information (which provides information for only the next router). This feature adds BGP next hop information to the data export.

The NetFlow BGP Next Hop Support feature lets you find out through which service provider the traffic is going. This functionality is useful if you have arrangements with several other service providers for fault-protected delivery of traffic. The feature lets you charge customers more per packet when traffic has a more costly destination—you can pass on some of the cost associated with expensive trans-oceanic links or charge more when traffic is sent to another ISP with which you have an expensive charge agreement.

This feature requires the NetFlow Version 9 export format for its data export.

NetFlow BGP Next Hop Support and NetFlow Aggregation

The Cisco IOS NetFlow Aggregation feature summarizes NetFlow export data on a router before the data is exported to the NetFlow Collection Engine (formerly called the NetFlow FlowCollector). The NetFlow BGP Next Hop Support feature provides the BGP next hop and its related aggregation scheme and provides BGP next hop information within each NetFlow record.

How to Configure NetFlow BGP Next Hop Support for Accounting and Analysis

See the following sections for configuration tasks for the NetFlow BGP Next Hop Support feature. Each task in the list is identified as either required or optional.

Configuring NetFlow BGP Next Hop Accounting (required)

Verifying the Configuration (optional)

Configuring NetFlow BGP Next Hop Accounting

Perform the steps in this required task to configure NetFlow BGP next hop accounting.

This section shows how to configure NetFlow BGP next hop accounting for the main cache and aggregation caches. You can enable the export of origin AS information or peer AS information, but not both.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip flow-export version 9 [origin-as | peer-as] bgp-nexthop

4. ip flow-aggregation cache bgp-nexthop-tos

5. enabled

6. exit

7. interface interface-type interface-number

8. ip flow {ingress | egress}

9. exit

10. Repeat Steps 7 through 9 to enable NetFlow on other interfaces

11. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

(Required) Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

(Required) Enters global configuration mode.

Step 3 

ip flow-export version 9 [origin-as | peer-as] bgp-nexthop

Example:

Router(config)# ip flow-export version 9 origin-as bgp-nexthop

(Required) Enables the export of information in NetFlow cache entries.

The version 9 keyword specifies that the export packet uses the Version 9 format.

The origin-as keyword specifies that export statistics include the origin autonomous system (AS) for the source and destination.

The peer-as keyword specifies that export statistics include the peer AS for the source and destination.

The bgp-nexthop keyword specifies that export statistics include BGP next hop related information.

This command enables the export of origin AS information as well as BGP next hop information from the NetFlow main cache.

Caution Entering this command on a Cisco 12000 Series Internet Router causes packet forwarding to stop for a few seconds while NetFlow reloads the route processor and line card CEF tables. To avoid interruption of service to a live network, apply this command during a change window, or include it in the startup-config file to be executed during a router reboot.

Step 4 

ip flow-aggregation cache bgp-nexthop-tos

Example:

Router(config)# ip flow-aggregation cache bgp-nexthop-tos

(Optional) Enables NetFlow aggregation cache schemes and enters aggregation cache configuration mode.

The bgp-nexthop-tos keyword configures the BGP next hop ToS aggregation cache scheme.

This command specifies the BGP next hop ToS aggregation cache scheme.

Step 5 

enabled

Example:

Router(config-flow-cache)# enabled

(Required) Enables the aggregation cache.

Step 6 

exit

Example:

Router(config-if)# exit

(Required) Exits aggregation cache configuration mode and returns to global configuration mode.

Note You only need to use this command if you want to enable NetFlow on another interface.

Step 7 

interface interface-type interface-number

Example:

Router(config)# interface ethernet 0/0

(Required) Specifies the interface that you want to enable NetFlow on and enters interface configuration mode.

Step 8 

ip flow {ingress | egress}

Example:

Router(config-if)# ip flow ingress

or

Example:

Router(config-if)# ip flow egress

(Required) Enables NetFlow on the interface.

ingress—captures traffic that is being received by the interface

egress—captures traffic that is being transmitted by the interface

Step 9 

exit

Example:

Router(config-if)# exit

(Optional) Exits interface configuration mode and returns to global configuration mode.

Note You only need to use this command if you want to enable NetFlow on another interface.

Step 10 

Repeat Steps 7 through 9 to enable NetFlow on other interfaces

(Optional) —

Step 11 

end

Example:

Router(config-if)# end

(Required) Exits the current configuration mode and returns to privileged EXEC mode.

Troubleshooting Tips

If there are no BGP-specific flow records in the NetFlow cache, make sure that CEF or dCEF switching is enabled and that the destination for NetFlow data export is configured. Also check the routing table for BGP routes.

Verifying the Configuration

Perform the steps in this optional task to verify successful configuration of NetFlow BGP next hop accounting.

SUMMARY STEPS

1. enable

2. show ip cache verbose flow

3. show ip cache flow aggregation bgp-nexthop-tos

4. exit

DETAILED STEPS

Step 1 enable

Use this command to enable privileged EXEC mode. Enter your password if required. For example: 

Router> enable

Router#

Step 2 show ip cache verbose flow

Use this command to verify successful configuration of NetFlow BGP next hop accounting. For example: 

Router# show ip cache verbose flow


IP packet size distribution (120 total packets):

   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480

   .000 .000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000


    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608

   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000


IP Flow Switching Cache, 17826816 bytes

  8 active, 262136 inactive, 8 added

  26 ager polls, 0 flow alloc failures

  Active flows timeout in 30 minutes

  Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 1081480 bytes

  8 active, 65528 inactive, 8 added, 8 added to flow

  0 alloc failures, 0 force free

  1 chunk, 1 chunk added

  last clearing of statistics never

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow


SrcIf          SrcIPaddress    DstIf          DstIPaddress    Pr TOS Flgs Pkts

Port Msk AS                    Port Msk AS    NextHop              B/Pk   Active

MUL:M_Opaks  M_Obytes BGP:BGP_NextHop

Et0/0/2        12.0.0.2        Et0/0/4        13.0.0.5        01 00  10   20

0000 /8  0                     0800 /8  0     11.0.0.6              100   0.0

BGP:26.0.0.6

Et0/0/2        12.0.0.2        Et0/0/4        15.0.0.7        01 00  10   20

0000 /8  0                     0800 /8  0     11.0.0.6              100   0.0

BGP:26.0.0.6

Et0/0/2        12.0.0.2        Et0/0/4        15.0.0.7        01 00  10   20

0000 /8  0                     0000 /8  0     11.0.0.6              100   0.0

BGP:26.0.0.6

This command displays a detailed summary of NetFlow statistics (including additional NetFlow fields in the header when NetFlow Version 9 data export is configured).

Step 3 show ip cache flow aggregation bgp-nexthop-tos

Use this command to verify the configuration of a BGP next hop type of service (ToS) aggregation cache. For example: 

Router# show ip cache flow aggregation bgp-nexthop-tos


IP Flow Switching Cache, 278544 bytes

  1 active, 4095 inactive, 1 added

  8 ager polls, 0 flow alloc failures

  Active flows timeout in 30 minutes

  Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 17224 bytes

  1 active, 1023 inactive, 1 added, 1 added to flow

  0 alloc failures, 0 force free

  1 chunk, 1 chunk added


Src If         Src AS  Dst If         Dst AS  TOS Flows   Pkts  B/Pk

Active

BGP NextHop

Et0/0/2        0       Et0/0/4           0     00    9     36     40

8.2

BGP:26.0.0.6

Step 4 exit

Use this command to exit to user EXEC mode. For example: 

Router# exit

Router>

Configuration Examples for NetFlow BGP Next Hop Support for Accounting and Analysis

This section provides the following configuration example: Configuring NetFlow BGP Next Hop Accounting: Examples

Configuring NetFlow BGP Next Hop Accounting: Examples

The following example shows how to configure NetFlow BGP next hop accounting with origin AS and BGP next hop statistics for the main cache: 

configure terminal

!

ip flow-export version 9 origin-as bgp-nexthop

ip flow-export destination 172.16.10.2 991

!

interface ethernet 0/0

 ip flow ingress

!


end

The following example shows how to configure a NetFlow BGP next hop ToS aggregation cache scheme:

configure terminal

! 

 ip flow-aggregation cache bgp-nexthop-tos

 export destination 172.16.10.2 991

 enabled 


!

interface ethernet 0/0

 ip flow ingress

!

 end

Additional References

For additional information related to NetFlow BGP next hop support for accounting and analysis, see the following references.

Related Documents

Related Topic
Document Title

Overview of Cisco IOS NetFlow

Cisco IOS NetFlow Overview

List of the features documented in the Cisco IOS NetFlow Configuration Guide configuration guide

Cisco IOS NetFlow Features Roadmap

The minimum information about and tasks required for configuring NetFlow and NetFlow Data Export

Getting Started with Configuring NetFlow and NetFlow Data Export

Tasks for configuring NetFlow to capture and export network traffic data

Configuring NetFlow and NetFlow Data Export

Tasks for configuring Configuring MPLS Aware NetFlow

Configuring MPLS Aware NetFlow

Tasks for configuring MPLS egress NetFlow accounting

Configuring MPLS Egress NetFlow Accounting and Analysis

Tasks for configuring NetFlow input filters

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

Tasks for configuring Random Sampled NetFlow

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

Tasks for configuring NetFlow aggregation caches

Configuring NetFlow Aggregation Caches

Tasks for configuring NetFlow multicast support

Configuring NetFlow Multicast Accounting

Tasks for detecting and analyzing network threats with NetFlow

Detecting and Analyzing Network Threats With NetFlow

Tasks for configuring NetFlow Reliable Export With SCTP

NetFlow Reliable Export With SCTP

Tasks for configuring NetFlow Layer 2 and Security Monitoring Exports

NetFlow Layer 2 and Security Monitoring Exports

Tasks for configuring the SNMP NetFlow MIB

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Tasks for configuring the NetFlow MIB and Top Talkers feature

Configuring NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands

Information for installing, starting, and configuring the CNS NetFlow Collection Engine

Cisco CNS NetFlow Collection Engine Documentation


Standards

Standards
Title

None


MIBs

MIBs
MIBs Link

None


RFCs

RFCs
Title

None


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Feature Information for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(1) or 12.0(3)S or a later release appear in the table.

Not all commands may be available in your Cisco IOS software release. For details on when support for a specific command was introduced, see the command reference documentation.

For information on a feature in this technology that is not documented here, see the "Cisco IOS NetFlow Features Roadmap" module.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 1 Feature Information for Configuring NetFlow BGP Next Hop Support for Accounting and Analysis 

Feature Name
Software
Feature Configuration Information

NetFlow BGP Next Hop Support

12.3(1), 12.2(18)S, 12.0(26)S, 12.2(27)SBC

The NetFlow Border Gateway Protocol (BGP) Next Hop Support feature lets you measure network traffic on a per BGP next hop basis. Without the NetFlow BGP Next Hop Support feature, NetFlow exports only IP next hop information (which provides only the address of the next router); this feature adds BGP next hop information to the data export.

The following sections provide information about this feature:

NetFlow BGP Next Hop Support Benefits

NetFlow BGP Next Hop Support and NetFlow Aggregation

Configuring NetFlow BGP Next Hop Accounting

Verifying the Configuration

The following commands were modified by this feature: ip flow-aggregation cache, ip flow-export, show ip cache flow aggregation, and show ip cache verbose flow.


Glossary

BGP—Border Gateway Protocol. Interdomain routing protocol that replaces Exterior Gateway Protocol (EGP). BGP exchanges reachability information with other BGP systems. It is defined by RFC 1163.

BGP next hop—IP address of the next hop to be used to reach a specific destination.

CEF—Cisco Express Forwarding. A Layer 3 IP switching technology that optimizes network performance and scalability for networks with large and dynamic traffic patterns.

dCEF—distributed Cisco Express Forwarding. A type of CEF switching in which line cards (such as Versatile Interface Processor (VIP) line cards) maintain identical copies of the forwarding information base (FIB) and adjacency tables. The line cards perform the express forwarding between port adapters; this relieves the Route Switch Processor of involvement in the switching operation.

fast switching—Cisco feature in which a route cache expedites packet switching through a router.

FIB—forwarding information base. A table containing the information needed to forward IP datagrams. At a minimum, this table contains the interface identifier and next hop information for each reachable destination network prefix. The FIB is distinct from the routing table (also called the routing information base), which holds all routing information received from routing peers.

flow—(NetFlow) A set of packets with the same source IP address, destination IP address, source and destination ports, and type of service, and the same interface on which flow is monitored. Ingress flows are associated with the input interface, and egress flows are associated with the output interface.

NetFlow—A Cisco IOS application that provides statistics on packets flowing through the router. It is emerging as a primary network accounting and security technology.

NetFlow Aggregation—A NetFlow feature that lets you summarize NetFlow export data on an IOS router before the data is exported to a NetFlow data collection system such as the NetFlow Collection Engine. This feature lowers bandwidth requirements for NetFlow export data and reduces platform requirements for NetFlow data collection devices.

NetFlow Collection Engine (formerly NetFlow FlowCollector)—Cisco application that is used with NetFlow on Cisco routers and Catalyst series switches. The NetFlow Collection Engine collects packets from the router that is running NetFlow and decodes, aggregates, and stores them. You can generate reports on various aggregations that can be set up on the NetFlow Collection Engine.

NetFlow v9—NetFlow export format Version 9. A flexible and extensible means for carrying NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.

ToS—type of service byte. Second byte in the IP header that indicates the desired quality of service for a particular datagram.

CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2008 Cisco Systems, Inc. All rights reserved.