Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.1(13)EW
Configuring NetFlow Statistics Collection
Download this chapter
Configuring NetFlow Statistics CollectionConfiguring NetFlow Statistics Collection
Download the complete book
Book-length PDF: Cisco IOS Software Configuration Guide for the Catalyst 4500 Series Switch, 12.1(13)EWBook-length PDF: Cisco IOS Software Configuration Guide for the Catalyst 4500 Series Switch, 12.1(13)EW (PDF - 5 MB)
give_us_feedback

Table Of Contents

Configuring NetFlow Statistics Collection

Overview of NetFlow Statistics Collection

Implementing NetFlow Statistics Collection

Configuring NetFlow Statistics Collection

Enabling NetFlow Statistics Collection

Exporting NetFlow Statistics

Managing NetFlow Statistics Collection

Configuring NetFlow Aging Parameters

NetFlow Statistics Collection Configuration Example


Configuring NetFlow Statistics Collection

This chapter describes how to configure NetFlow statistics on the Catalyst 4500 series switches. It also provides guidelines, procedures, and configuration examples.

Note This feature is only available if the NetFlow Services Card is present.

The following topics are included:

Overview of NetFlow Statistics Collection

Implementing NetFlow Statistics Collection

Configuring NetFlow Statistics Collection

Configuring NetFlow Aging Parameters

NetFlow Statistics Collection Configuration Example

Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm

Overview of NetFlow Statistics Collection

NetFlow statistics is a global traffic monitoring feature that allows flow-level monitoring of all IPv4-routed traffic through the switch. Flow is defined as an IP SA, IP DA, IP Protocol, L4 Src Port
(0, if not TCP/UDP), and L4 Dst Port (0, if not TCP/UDP).

Collected statistics can be exported to an external device (NetFlow Collector/Analyzer) through the NetFlow Data Export (NDE). Network planners can selectively enable NetFlow statistics (and NDE) on a per-device basis to gain traffic performance, control, or accounting benefits in specific network locations. Traffic monitoring does not need to be operating on each device in the network.

Note NetFlow consumes additional memory and CPU resources; therefore, you should understand the resources required on your switch before enabling NetFlow.

Implementing NetFlow Statistics Collection

The Catalyst 4500 series switches require WS-F4531 daughter cards and the Catalyst 4500 Supervisor Engine IV to support NetFlow statistics collection. To ensure that the necessary hardware is enabled, issue the show module command, as follows: 

Switch#show module


Mod  Ports Card Type                              Model             Serial No.

----+-----+--------------------------------------+-----------------+-----------

 1      2  1000BaseX (GBIC) Supervisor(active)    WS-X4515          JAB0627065L

 2     34  10/100BaseTX (RJ45), 1000BaseX (GBIC)  WS-X4232-GB-RJ    JAE0432036M

 3      6  1000BaseX (GBIC)                       WS-X4306          JAB03120095

 5     48  10/100BaseTX (RJ45)V                   WS-X4648-PWR      JAB0424093Z


 M MAC addresses                    Hw  Fw           Sw               Status

--+--------------------------------+---+------------+----------------+---------

 1 0009.e899.7d00 to 0009.e899.7d01 1.1 12.1(12r)EW  12.1(13)EW(0.16) Ok

 2 0002.4ba0.a4da to 0002.4ba0.a4fb 2.3                               Ok

 3 0010.7bfa.93de to 0010.7bfa.93e3 2.0                               Ok

 5 0001.96ba.bf00 to 0001.96ba.bf2f 0.1                               Ok


Mod  Submodule     Model             Serial No.   Hw   Status

----+-------------+-----------------+------------+----+---------

 1   NFFC          WS-F4531          JAB062209EZ  0.2  Ok


Switch#

Note Enabling this feature does not impact the forwarding performance of the switch.

The effective size of the hardware flow "cache" table is 64K. If more than 64K flows are active simultaneously, statistics will be lost for some of the flows.

The effective size of the software flow table is 256K. The NetFlow software manages the consistency between the hardware and software tables - keeping the hardware table open by purging inactive hardware flows to the software table.

User-configured timeout settings dictate when the flows are purged and exported through NDE from the software cache. Hardware flow management ensures consistency between hardware flow purging and the user-configured timeout settings.

Software-forwarded flows are also monitored. Moreover, statistics will overflow if any flow receives traffic at a sustained rate higher than 2 Gbit/sec. Generally, this situation should not occur because a port cannot transmit at a rate higher than 1 Gbit/sec.

Note By design, even if the timeout settings are high, flows will automatically "age out" as they approach their statistics limit.

Configuring NetFlow Statistics Collection

To configure NetFlow Switching, complete the tasks in these sections:

Enabling NetFlow Statistics Collection (Required)

Exporting NetFlow Statistics (Optional)

Managing NetFlow Statistics Collection (Optional)

Enabling NetFlow Statistics Collection

To enable NetFlow switching, first configure the switch for IP routing as described in the IP configuration chapters in the Cisco IOS IP and IP Routing Configuration Guide. After you configure IP routing, perform this task:

 
Command
Purpose
 

Switch(config)#ip route-cache flow

Enables Netflow switching for IP routing.

Exporting NetFlow Statistics

NetFlow statistics information can also be exported to network management applications. To configure the switch to export NetFlow statistics to a workstation when a flow expires, perform one of these tasks:

Command
Purpose

Switch(config)#ip flow-export destination {hostname | ip-address} udp-port

(Required) Configures the router to export NetFlow cache entries to a specific destination (e.g. workstation).

Switch(config)#ip flow-export version [1,5]

(Optional) Configures the router to export NetFlow cache entries to a workstation if you are using receiving software that requires version 1 or 5. Version 5 is the default.

Switch(config)#ip flow-export source <interface>

(Optional) Configures the router to export NetFlow cache entries to a workstation if you are using receiving software that accepts version 1 or 5. Version 5 is the default.


Managing NetFlow Statistics Collection

You can display and clear NetFlow statistics, including IP flow switching cache information and flow information, such as the protocol, total flow, flows per second, and so forth. You can also use the resulting information to obtain information about your switch traffic.

To manage NetFlow switching statistics, perform this task:

Command
Purpose

Switch#show ip cache flow

Displays the NetFlow switching statistics.

Switch#clear ip flow stats

Clears the NetFlow switching statistics.


Configuring NetFlow Aging Parameters

You can control when flows are purged from the software flow cache (and, if configured, reported through NDE) with the configuration aging parameters, Active and Inactive, of the ip flow-cache timeout command.

Active Aging specifies the period of time in which a flow should be removed from the software flow cache after the flow is created. Generally, this parameter is used to periodically notify external collection devices about active flows. This parameter operates independently of existing traffic on the flow. Active timeout settings tend to be on the order of minutes (default is 30min).

Inactive Aging specifies how long after a flow is removed that the last packet is seen. The Inactive parameter clears the flow cache of "stale" flows thereby preventing new flows from starving (due to lack of resources). Inactive timeout settings tend to be on the order of seconds (default is 15sec).

NetFlow Statistics Collection Configuration Example

The following example shows how to modify the configuration to enable NetFlow switching. It also shows how to export the flow statistics for further processing to UDP port 9991 on a workstation with the IP address of 40.0.0.2 In this example, existing NetFlow statistics are cleared, thereby ensuring that the show ip cache flow command displays an accurate summary of the NetFlow switching statistics. 

Switch#config t

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)#ip route-cache flow

Switch(config)#ip flow-export destination 40.0.0.2 9991

Switch(config)#ip flow-export version 5

Switch(config)#end


Switch#show ip flow export

Flow export is enabled

  Exporting flows to 40.0.0.2 (9991)

  Exporting using source IP address 40.0.0.1

  Version 5 flow records

  2 flows exported in 1 udp datagrams

  0 flows failed due to lack of export packet

  0 export packets were sent up to process level

  0 export packets were dropped due to no fib

  0 export packets were dropped due to adjacency issues

  0 export packets were dropped due to fragmentation failures

  0 export packets were dropped due to encapsulation fixup failures

Switch#


Switch#show ip cache flow


IP Flow Switching Cache, 17826816 bytes

  0 active, 262144 inactive, 4 added

  14 ager polls, 0 flow alloc failures

  Active flows timeout in 1 minutes

  Inactive flows timeout in 10 seconds

  last clearing of statistics 15:48:37

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

UDP-other            1      0.0         3    46      0.0       0.0      10.3

IP-other             1      0.0       100    38      0.0       0.0      10.2

Total:              2      0.0        51    38      0.0       0.0      10.2


SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts

Switch#