|
|
This chapter describes how to configure NetFlow Data Export (NDE) on the Cisco 7600 series Internet Routers.
 |
Note For complete syntax and usage information for the commands used in this chapter, refer to the
Cisco 7600 Series Internet Router IOS Command Reference publication and the Release 12.1
publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm |
This chapter consists of these sections:
|
Note NDE does not support IP multicast or Internetwork Packet Exchange (IPX) traffic. |
|
Note In this chapter, the term "PFC" refers to either a PFC2 or a PFC1, except when specifically differentiated, and the term "MSFC" refers to either an MSFC2 or an MSFC1, except when specifically differentiated. |
NDE makes traffic statistics available for analysis by an external data collector. For IP unicast traffic, you can use NDE to monitor all traffic that is Layer 3 switched on the PFC and all traffic that is NetFlow-switched on the MSFC. In a Cisco 7600 series Internet Router, both the PFC and the MSFC maintain NetFlow caches that capture flow-based traffic statistics.
|
Note NDE statistics are not available for traffic that is CEF-switched in software on the MSFC or fast switched in software on the MSFC. |
The cache on the PFC captures statistics for Layer 3-switched flows. The cache on the MSFC captures statistics for NetFlow-switched (routed) flows.
NDE uses NDE version 7 to export the statistics captured on the PFC for Layer 3-switched traffic. NDE can use NDE version 1, 5, or 6 to export the statistics captured on the MSFC for NetFlow-switched traffic.
NDE maintains traffic statistics for each active flow in the cache and increments the statistics when packets within each flow are switched. Periodically, NDE exports summary traffic statistics for all expired flows, which the external data collector receives and processes.
Exported NetFlow data contains statistics for the flow cache entries that have expired since the last export. Flow cache entries expire and are flushed from the cache when one of the following conditions occurs:
For flows that remain continuously active, flow cache entries expire every 30 minutes to ensure periodic reporting of active flows. NetFlow data export packets go to the external data collector either when the number of recently expired flows reaches a predetermined maximum, or every second, whichever occurs first.
By default, all expired flows are exported until you specify a filter. After specifying a filter, only expired and purged flows matching the specified filter criteria are exported. Filter values are stored in NVRAM and are not cleared when NDE is disabled.
|
Note See the "Configuring NDE Flow Filters" section on for detailed NDE filter configuration information. |
Table 27-1 shows the default NDE configuration.
These sections describe how to configure NDE:
|
Note With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command. |
NDE from the PFC uses the source configured for the MSFC. To enable NDE from the PFC, perform this task:
| Command | Purpose |
|---|---|
|
Note With Supervisor Engine 1 and PFC, if NDE is enabled and you disable Multilayer Switching (MLS), you lose the statistics for existing cache entries. They are not exported when MLS shuts down. |
This example shows how to enable NDE from the PFC:
You must enable NetFlow switching on the MSFC Layer 3 interfaces to support NDE.
This section supplements the NetFlow information and procedures in these Release 12.1 publications:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt3/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_r/index.htm
These sections supplement the Release 12.1 NetFlow switching publications:
To enable NetFlow switching, perform this task for each Layer 3 interface for which you want NDE:
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 |
| 1type = ethernet, fastethernet, gigabitethernet, tengigabitethernet, or ge-wan |
To configure the Layer 3 interface used as the source of the NDE packets containing statistics from the MSFC, perform this task:
| Command | Purpose |
|---|---|
Configures the interface used as the source of the NDE packets containing statistics from the MSFC: |
|
| 1type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet |
This example shows how to configure a loopback interface as the NDE flow source:
To configure the destination IP address and UDP port to receive the NDE statistics, perform this task:
| Command | Purpose |
|---|---|
This example shows how to configure the NDE flow destination IP address and UDP port:
|
Note The destination address and UDP port number are saved in NVRAM and are preserved if NDE is disabled and reenabled or if the Internet Router is power cycled. If you are using the NetFlow FlowCollector application for data collection, verify that the UDP port number you specify is the same port number shown in the FlowCollector's nfconfig.file. This file is located at /opt/csconfc/config/nfconfig.file in the FlowCollector application. |
To display the NDE address and port configuration, perform these tasks:
| Command | Purpose |
|---|---|
Displays the NDE export flow IP address and UDP port configuration. |
|
Displays the NDE export flow IP address, UDP port, and the NDE source interface configuration. |
This example shows how to display the NDE export flow source IP address and UDP port configuration:
This example shows how to display the NDE export flow IP address, UDP port, and the NDE source interface configuration:
These sections describe NDE flow filters:
By default, all expired flows are exported until you specify a filter. After specifying a filter, only expired and purged flows matching the specified filter criteria are exported. Filter values are stored in NVRAM and are not cleared when NDE is disabled.
To display the configuration of the NDE flow filters you configure, use the show mls nde command described in the "Displaying the NDE Configuration" section.
To specify a destination or source port flow filter, perform this task:
| Command | Purpose |
|---|---|
This example shows how to specify a port flow filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to ip-flow):
To specify a host and TCP/UDP port flow filter, perform this task:
| Command | Purpose |
|---|---|
This example shows how to specify a source host and destination TCP/UDP port flow filter so that only expired flows from host 171.69.194.140 to destination port 23 are exported (assuming the flow mask is set to ip-flow):
To specify a destination or source host flow filter, perform this task:
| Command | Purpose |
|---|---|
This example shows how to specify a host flow filter to include and export only destinations to host 172.20.52.37:
To specify a protocol flow filter, perform this task:
| Command | Purpose |
|---|---|
This example shows how to specify a TCP protocol flow filter so that only expired flows from destination port 35 are exported:
To clear the NDE flow filter and reset the filter to the default (all flows exported), perform this task:
This example shows how to clear the NDE flow filter so that all flows are exported:
To display the status of the NDE flow filters, use the show mls nde command described in the "Displaying the NDE Configuration" section.
To display the NDE configuration, perform this task:
This example shows how to display the NDE configuration:
Posted: Tue Feb 25 10:20:36 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.