Prerequisites for Flexible NetFlow v9 Export Format
-
The networking device must be running a Cisco release that supports Flexible NetFlow.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This feature enables sending export packets using the Version 9 export format.
The networking device must be running a Cisco release that supports Flexible NetFlow.
Information About Flexible NetFlow v9 Export Format
Flow exporters are created as separate components in a router’s configuration. Exporters are assigned to flow monitors to export the data from the flow monitor cache to a remote system such as a NetFlow collector. Flow monitors can support more than one exporter. Each exporter can be customized to meet the requirements of the flow monitor or monitors in which it is used and the NetFlow collector systems to which it is exporting data.
Flexible NetFlow allows you to configure many different flow exporters, depending on your requirements. Some of the benefits of Flexible NetFlow flow exporters are as follows:
Using flow exporters, you can create an exporter for every type of traffic that you want to analyze so that you can send each type of traffic to a different NetFlow collector. Original NetFlow sends the data in a cache for all of the analyzed traffic to a maximum of two export destinations.
Flow exporters support up to ten exporters per flow monitor. Original NetFlow is limited to only two export destinations per cache.
Flow exporters can use both TCP and UDP for export.
Depending on your release, flow exporters can use class of service (CoS) in the packets that are sent to export destinations to help ensure that the packets are given the correct priority throughout the network. Original NetFlow exporters do not use CoS in the packets that are sent to export destinations.
Depending on your release, flow exporter traffic can be encrypted.
How to Configure Flexible NetFlow v9 Export Format
Perform this required task to configure the flow exporter.
Note |
Each flow exporter supports only one destination. You can export to a destination using either an IPv4 or IPv6 address. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
flow exporter exporter-name Example:
|
Creates the flow exporter and enters Flexible NetFlow flow exporter configuration mode.
|
||
Step 4 |
description description Example:
|
(Optional) Configures a description to the exporter that will appear in the configuration and the display of the show flow exporter command. |
||
Step 5 |
destination {ip-address | hostname } [vrf vrf-name ] Example:
|
Specifies the IP address or hostname of the destination system for the exporter.
|
||
Step 6 |
dscp dscp Example:
|
(Optional) Configures differentiated services code point (DSCP) parameters for datagrams sent by the exporter.
|
||
Step 7 |
source interface-type interface-number Example:
|
(Optional) Specifies the local interface from which the exporter will use the IP address as the source IP address for exported datagrams. |
||
Step 8 |
output-features Example:
|
(Optional) Enables sending export packets using quality of service (QoS) and encryption. |
||
Step 9 |
template data timeout seconds Example:
|
(Optional) Configures resending of templates based on a timeout.
|
||
Step 10 |
transport udp udp-port Example:
|
Specifies the UDP port on which the destination system is listening for exported datagrams.
|
||
Step 11 |
ttl seconds Example:
|
(Optional) Configures the time-to-live (TTL) value for datagrams sent by the exporter.
|
||
Step 12 |
end Example:
|
Exits flow exporter configuration mode and returns to privileged EXEC mode. |
||
Step 13 |
show flow exporter exporter-name Example:
|
(Optional) Displays the current status of the specified flow exporter. |
||
Step 14 |
show running-config flow exporter exporter-name Example:
|
(Optional) Displays the configuration of the specified flow exporter. |
Configuration Examples for Flexible NetFlow v9 Export Format
The following example shows how to configure version 9 export for Flexible NetFlow.
This example starts in global configuration mode.
!
flow exporter EXPORTER-1
destination 172.16.10.2
export-protocol netflow-v9
transport udp 90
exit
!
flow record v4_r1
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long
!
flow monitor FLOW-MONITOR-1
record v4_r1
exporter EXPORTER-1
!
ip cef
!
interface GigabitEthernet 0/0/0
ip address 172.16.6.2 255.255.255.0
ip flow monitor FLOW-MONITOR-1 input
!
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
Flexible NetFlow conceptual information and configuration tasks |
Flexible NetFlow Configuration Guide |
Flexible NetFlow commands |
Cisco IOS Flexible NetFlow Command Reference |
Standard |
Title |
---|---|
None |
— |
MIB |
MIBs Link |
---|---|
None |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFC |
Title |
---|---|
RFC 3954 |
Cisco Systems NetFlow Services Export Version 9 |
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |