Table Of Contents
Release Notes for Cisco NetFlow Collector, Release 6.0
September 2007, OL-11397-01
These release notes provide information about new features in the Cisco NetFlow Collector 6.0 release. The NetFlow Collector (NFC) application is used with the NetFlow services data export feature on Cisco routers and Catalyst 5000 and 6000 series switches. NetFlow Collector provides fast, scalable, and economical data collection from multiple export devices exporting NetFlow data records.
In previous releases, this product was referred to as Cisco NetFlow Collection Engine.
This release note contains the following sections:
Cisco NetFlow Collector, Release 6.0 introduces a tiered netflow collection architecture that provides increased scalability and performance. The role of the first tier (Tier 1) maps to the NFC functionality of Cisco NetFlow Collector 5.0.3 with the addition of new features described in these Release Notes.
NetFlow services consist of high-performance IP switching features that capture a rich set of traffic statistics exported from routers and switches while they perform their switching function. Cisco NetFlow Collector provides fast, scalable, and economical data collection from multiple export devices exporting NetFlow data records.
Cisco NetFlow Collector, Release 6.0 supports new Cisco NetFlow Collector Tier 2 functionality, also referred to as Multi NetFlow Collector. The Multi NetFlow Collector runs on separate server hardware and provides an aggregation layer that correlates data from several Tier 1 instances. For details on Multi NetFlow Collector features and functionality, see the Release Notes for Cisco Multi NetFlow Collector, Release 6.0 and the Cisco Multi NetFlow Collector User Guide:
New Features in This Release
Cisco NetFlow Collector, Release 6.0 includes the following features:
•Flow-through (NetFlow packet replication to multiple destinations)
•Flexible NetFlow (phase 1) support
•Report criteria UI enhancement
•Time window for scheduled reports
•NetFlow over Stream Control Transmission Protocol (SCTP)
•Enhanced protocol name resolution
•Rate value support in reporting
•Custom report template
The following sections describe the Cisco NetFlow Collector, Release 6.0 requirements.
The following requirements are new for Cisco NetFlow Collector, Release 6.0:
•NFC is licensed per host. To obtain licenses for the NFC image, provide a list of collector host IP addresses to the NFC product manager. Refer to the "NFC Licensing" section.
Note For licensing to function properly, the /etc/hosts file must contain separate entries for the loopback and host name address (by default, Red Hat Enterprise Linux configures only a loopback entry in /etc/hosts that is also associated with the hostname).
•The amount of system swap space must be greater than the amount of memory specified for the collection process in the file /opt/CSCOnfc/config/nfcmem. The configured amount of memory is now allocated at startup; sufficient swap space must now be available for creating child processes when the collection process starts.
Cisco NetFlow Collector, Release 6.0 has the following hardware requirements:
•Minimum: 2 GB RAM, 73 GB disk, dual processor on an entry-level server.
•Recommended: 4 to 8 GB RAM, two or more 15K SAS 146 GB or greater disks, dual 3 GHz dual-core (5160) processor entry-level server.
Supported Operating Systems and Platforms
Cisco NetFlow Collector, Release 6.0 supports the following operating systems and platforms:
•Solaris 8, Solaris 9, or Solaris 10 on an entry-level server with dual 1 GHz or greater SPARC processors such as a Sun Fire V240.
•Red Hat Enterprise Linux 2.1, 3.0, or 4.0 (ES and AS) on an entry-level server, such as an IBM x3550 or x3650 with dual 2.8 GHz or greater Intel Xeon single-core processor or dual 3 GHz dual-core (5160) processors.
Note that the CPU, RAM, and disk space recommendations above are suggested, and that actual requirements are determined by your configuration and by the volume and uniqueness of NetFlow data that is received. Actual resource usage can vary greatly depending on these factors.
Note To prevent NetFlow data export packet loss, the workstation should be dedicated to the NetFlow Collector and should not be running other applications.
Cisco NetFlow Collector generates output files containing aggregated data. The exact amount of disk space the output files require depends on the flow arrival rate, collection interval, number of aggregation schemes specified, use of compression or not, and data file retention policies.
For more information on planning and managing disk space usage, see the section "Memory Usage" in the Cisco NetFlow Collector User Guide.
Cisco NetFlow Collector, Release 6 supports the Stream Control Transmission Protocol (SCTP) as a message transport service. To use SCTP, you must be running NFC on either the Red Hat Enterprise Linux release 4 (Update3 or greater) or Solaris 10 platforms.
The NetFlow Collector, Release 6.0 web-based user interface is compatible with Microsoft Internet Explorer 6 and Mozilla Firefox 1.5 or greater on Windows or UNIX. The web-based UI requires that the browser support a Java virtual machine (JVM) to run applets.
Note The Sun JVM must be used; the JVM version must be 1.5 or higher. You can download Sun JVM 1.5 from the website http://java.sun.com/javase/downloads/index.jsp.
A license file is required for each host running Cisco NetFlow Collector, Release 6. The license is specific to the IP address of the host. You can obtain a permanent license at:
Note The licensing URL referenced in error logs in the nfc.log file is incorrect. In order to obtain a license, you must use http://www.cisco.com/go/license.
In both cases you must have the IP address of the host on which NetFlow Collector will run. To obtain a permanent license, you must also have the PAK you received after purchasing NetFlow Collector. After you enter the information, a license file is emailed to you. Copy the license file or its contents with no alterations to /opt/CSCOnfc/config/nfc.lic.
The first line of the license file contains either the demo expiration date or the word permanent for a permanent license, and the IP address of the host to which NetFlow Collector is licensed.
If the host running NetFlow Collector has more than one network card and IP address, specify the IP address associated with the hostname when licensing the product.
Note By default, Red Hat Enterprise Linux associates the system hostname with the loopback address 127.0.0.1 in /etc/hosts. However, for licensing to work, the hostname must be associated with the host's IP address. Edit /etc/hosts, remove the hostname from the loopback address entry, and add an entry for the licensed IP address.
The file /etc/nsswitch.conf is normally configured so that hostname lookups are first obtained from files (/etc/hosts).
Note If you are reinstalling Cisco NetFlow Collector, Release 6; the previous license file is not retained in its original directory. The previous license file is saved in the file /opt/CSCOnfc/config/old/nfc.lic.
Daylight Saving Time Updates for NFC
NetFlow Collector's time zone data is include in the bundled Java Runtime Environment (JRE). By default, the NFC 6.0 JRE contains Olson time zone data tzdata2006k.
Time zone data should be updated using the TZupdater tool when NFC is installed and whenever local Daylight Saving Time rules change. For details on updating the JRE Time zone data, see the chapter "Configuring the Cisco NetFlow Collector" in the Cisco NetFlow Collector Installation and Configuration Guide:
Table 1 lists the problems that were resolved in Cisco NetFlow Collector, Release 6.0.
Known Limitations and Problems
This section contains information about the limitations and problems known to exist in the Cisco NetFlow Collector, Release 6.0 product.
CSCsd98816—A reporting error is displayed after an aggregation scheme is updated.
Description: Changing the aggregation scheme definition changes the type and/or number of columns in NFC output files. Reporting code reports an error when a change in type and/or number of output file columns is detected.
Workaround: Remove or move previous output files after updating an aggregation scheme so that columns in NFC output files for the report are consistent.
CSCse59846—Unpredictable UI behavior when adding or editing ranges for key builder definitions.
Description: Web UI inconsistencies are seen when editing key ranges.
Workaround: If you experience this problem, add or edit ranges by editing the /opt/CSCOnfc/config/nfc-config.xml file.
CSCse93615—Threshold expression for protocol-map-key does not work. Filter expression for protocol-map-key does not work.
Description: If a string key for a threshold or a filter is configured, an error popup is displayed.
Workaround: None. String keys for thresholds and filters are not supported in this release.
CSCsf06068—Configure for NDE v9 over SCTP will show missed packets.
Description: When V9 over SCTP is configured, NFC reports missed and out-of-sequence packets even though all packets are received.
Workaround: The received packet count is still correct in this case. Ignore the missed and out-of-sequence numbers reported for V9 over SCTP.
CSCsf07812—Modifying a BGP remote peer IP address results in a new BGP peer being created.
Description: The user interface does not distinguish between adding and editing a BGP peer.
Workaround: Do not modify the BGP peer entry using the web UI to change the IP address. Delete the existing peer then create a new one, or edit the /opt/CSCOnfc/config/nfcbgp.xml file.
CSCsf09442—When editing a BGP key builder and the attribute type is changed, the following error message is displayed: error: operation did not succeed - no such object: [name].
Description: An error is reported by the web UI when modifying a BGP key attribute.
Workaround: Create a new BGP key instead of editing the original BGP key; or first delete the original BGP key and then recreate it.
CSCsf09633—Error not flagged when incorrect parameter is entered for bgp-post-agg-key.
Description: Validation of key dependencies is not performed when the aggregation scheme containing a BGP post-aggregation key is edited.
Workaround: When editing a BGP post-aggregation key that is referenced by an aggregation scheme, verify that the key builders referenced by the BGP key are contained in aggregation scheme.
CSCsh72814—Scheduled reports can be created in the NFC web UI but do not run.
Description: Scheduled reports can be created in the NFC web UI even though "re" is not configured to run in the process watcher.
Workaround: Edit the file /opt/CSCOnfc/config/nfcpw.xml after installing NFC 6.0. Change the <autostart> element for <managed-process id="re"> to true.
CSCsi07979—If /opt/CSCOnfc is symbolically linked from another location, the uninstall.sh script removes only the link but the content remains in the original location.
Description: The uninstall script removes /opt/CSCOnfc. When /opt/CSCOnfc is a link, only the link is removed.
Workaround: Remove the directory that /opt/CSCOnfc is linked to after running the uninstall script.
CSCsi36119—The cleanup period DAYS_TO_KEEP and TZ override settings are not retained when migrating from previous versions.
Description: Optional NFC configuration parameters are kept in files in /opt/CSCOnfc/bin, such as the cleanup period and TZ override setting. Files in the bin directory are not retained across upgrades.
Workaround: If you have changed the DAYS_TO_KEEP setting in /opt/CSCOnfc/bin/nfc_clean_up_job.sh from the default of 7 days, or have added a TZ override setting in /opt/CSCOnfc/bin/nfcenv.sh, you must migrate these changes yourself after upgrading to NFC Release 6.
CSCsi84104—An error popup is displayed when a custom report is run.
Description: An error occurred when accessing the custom report Report: [reportid]: java.lang.Exception: Error: com.cisco.nfc.report.ReportException: Unexpected error
The following error is logged in the nfcrd.log file:[2007-05-03 00:35:37 BST] ERROR com.cisco.nfc.report.ReportBuilder - An unexpected error occurred.java.lang.IllegalArgumentException: cannot interpret value of field [fieldname]:at com.cisco.nfc.report.ReportFieldInterpreter$IntegerFieldInterpreter.getAggField(Report FieldInterpreter.java:48)...[2007-05-03 00:35:37 BST] ERROR com.cisco.nfc.report.ReportDaemon - ReportGenerator: error, id=Report: [reportid]: com.cisco.nfc.report.ReportException: Unexpected error...Caused by: java.lang.IllegalArgumentException: cannot interpret value of field [field]:at com.cisco.nfc.report.ReportFieldInterpreter$IntegerFieldInterpreter.getAggField(Report FieldInterpreter.java:48)...
Workaround: One or more integer key builders referenced by the aggregation scheme have the is-null-allowed attribute set to true and some integer columns in NFC output files contains an empty string as a result. Do not choose an integer key for reporting that contain null values in output. Note that address and string keys still work in this case.
CSCsj16525—expose device-name-format in UI, save on updates
Description: Devices are reported in NFC files as IP addresses but customer wants to display the DNS name when possible.
Workaround: In the file /opt/CSCOnfc/config/nfc-types.xsd locate the entry:
xs:attribute name="device-name-format" type="device-name-format-type" default="address" use="optional"
Change the default from address to name. Note that this change is not propagated across upgrades.
Use these Release Notes with the Cisco NetFlow Collector Installation and Configuration Guide, Part Number OL-11398-01 and the Cisco NetFlow Collector User Guide, Part Number OL-11399-01. These documents are available online through Cisco Connection Online at the following URL:
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
This document is to be used in conjunction with the documents listed in the Related Documentation section.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.