Cisco Configuration Guide,Cisco SD-WAN Controllers Release 20.8.x Release 4.2

NetFlow v9 and NetFlow v10 (IPFIX)

Updated: September 24, 2008

Want to summarize with AI?

On this page

Overview

Configure IPFIX
Configure IPFIX 315

Overview

NetFlow v9 and NetFlow v10 (IPFIX) Short Desc

This section helps you understand the NetFlow v9 and NetFlow v10 (IPFIX) based on the following factors:

Table 1. NetFlow v9 and NetFlow v10 (IPFIX)
Factor	NetFlow v9	NetFlow v10 (IPFIX)
Transport	Typically uses UDP	Supports both UDP and TCP transport protocols
Compatibility	Compatible with older NetFlow versions	Backward-compatible with NetFlow v9
Flexibility	Fixed set of predefined fields	More flexible with variable-length information elements and custom-defined attribute
Information Elements	Limited set of predefined fields	Extensive list of predefined elements

Configure IPFIX

Let's consider the following topology to configure IPFIX:

To monitor traffic, you must configure one or more and associate it to a and enable IPFIX on the interface either in egress or ingress direction. Optionally, you can configure a to set the sampling rate for flow samples.

Procedure

	1.	First, let's gather the required details to enable IPFIX on a router: The IP address of the source : `2001:db8::0001` The IP address of the IPFIX Collector (Destination address): `2001:db8::0002` Interface of the router where we will enable IPFIX: `HundredGigE 0/0/0/24` NetFlow version used to transport the data to the collector: `IPFIX`
	2.	Configure a Flow Exporter using the command to specify where and how the packets should be exported. `Router(config)# flow exporter-map fem_ipfix Router(config-fem)# destination 2001:db8::0002 Router(config-fem)# source Loopback 0 Router(config-fem)# transport udp 9001 Router(config-fem)# exit Router(config-fem)# version ipfix Router(config-fem-ipfix)# template data timeout 600 Router(config-fem-ipfix)# options interface-table Router(config-fem-ipfix)# exit` Verify the Flow Exporter configuration using the command. Router#show exporter-map fem_ipfix Flow Exporter Map : fem_ipfix ------------------------------------------------- Id : 1 Packet-Length : 1468 DestinationIpAddr : 2001:db8::2 VRFName : default SourceIfName : SourceIpAddr : 2001:db8::3 DSCP : 0 TransportProtocol : UDP TransportDestPort : 1024 Do Not Fragment : Not Enabled Export Version: IPFIX Common Template Timeout : 1800 seconds Options Template Timeout : 1800 seconds Data Template Timeout : 1800 seconds Interface-Table Export Timeout : 1800 seconds Sampler-Table Export Timeout : 0 seconds VRF-Table Export Timeout : 0 seconds
	3.	Create a Flow Monitor using the command to define the type of traffic to be monitored. You can include one or more exporter maps in the monitor map. A single flow monitor map can support up to eight exporters. The record type specifies the type of packets that are sampled as the packets pass through the router. MPLS, IPv4, and IPv6 packet sampling is supported. `Router(config)# flow monitor-map fmm1 Router(config-fmm)# record ipv6 Router(config-fmm)# option filtered Router(config-fmm)# exporter fem_ipfix Router(config-fmm)# cache entries 65535 Router(config-fmm)# cache timeout active 1800 Router(config-fmm)# cache timeout inactive 15 Router(config-fmm)# exit` Verify the Flow Monitor configuration using the command. `Router#show flow monitor-map fmm1 Flow Monitor Map : fmm1 ------------------------------------------------- Id: 1 RecordMapName: ipv6 ExportMapName: Expo1 CacheAgingMode: Normal CacheMaxEntries: 500000 CacheActiveTout: 60 seconds CacheInactiveTout: 20 seconds CacheUpdateTout: N/A CacheRateLimit: 2000 HwCacheExists: False HwCacheInactTout: 50`
	4.	Configure a Flow Sampler using the command. .Use the same sampler map configuration on the sub-interfaces and physical interfaces under a port. `Router(config)# configure Router(config)# sampler-map fsm1 Router(config-sm)# random 1 out-of 4000 Router(config)# exit Router(config)#commit Router(config)#exit Router#` Verify the sampler map configuration using the command. `Router#show sampler-map fsm1 Sampler Map : fsm1 ------------------------------------------------- Id: 1 Mode: Random (1 out of 4000 Pkts) Router#`
	5.	View the running configuration to verify the configuration that you have configured. Router#show run Thu Nov 9 06:40:07.296 UTC Building configuration... flow exporter-map fem_ipfix version ipfix options interface-table template data timeout 600 ! transport udp 9001 source Loopback0 destination 2001:db8::2 ! flow monitor-map fmm1 record ipv6 option filtered exporter fem_ipfix cache entries 65535 cache timeout active 1800 cache timeout inactive 1 ! sampler-map fsm1 random 1 out-of 4000 ! interface FourHundredGigE0/0/0/1 shutdown ! interface HundredGigE0/0/0/24 shutdown flow ipv4 monitor fmm1 sampler fsm1 ingress flow ipv6 monitor fmm-ipv6 sampler fsm1 ingress ! end
	6.	Apply a Monitor Map and a Sampler Map to a physical interface using the command to enable IPFIX on the router. `Router(config)#interface HundredGigE 0/0/0/24 Router(config-if)#flow ipv4 monitor fmm1 sampler fsm1 ingress Router(config-if)#exit`

Configure IPFIX 315

This section provides you instructions to enable IPFIX 315 on Cisco IOS XR Software.

Procedure

	1.	Enable IPFIX 315 for flow monitoring. `Router(config)# hw-module profile netflow ipfix315-enable`
	2.	Configure an exporter map with IPFIX as the exporter version using the flow exporter-map command in global configuration mode to specify where and how the packets should be exported. `Router(config)# flow exporter-map ipfix_exp Router(config-fem)# version ipfix Router(config-fem-ipfix)# template data timeout 10 Router(config-fem)# dscp 63 Router(config-fem)# transport udp 12000 Router(config-fem)# source Loopback 0 Router(config-fem)# destination 100.10.1.159 Router(config-fem)# exit`
	3.	Create a flow monitor using the flow monitor-mapcommand in global configuration mode to define the type of traffic to be monitored. You can include one or more exporter maps in the monitor map. `Router(config)# flow monitor-map ipfix_mon Router(config-fmm)# record datalinksectiondump Router(config-fmm)# exporter ipfix_exp Router(config-fmm)# cache immediate Router(config-fmm)# exit`
	4.	Configure a sampler map using the sampler-mapcommand to define the rate at which the packet sampling should be performed at the interface where IPFIX is enabled. `Router# sampler-map ipfix_sm Router(config-sm)# random 1 out-of 32000 Router(config)# exit`
	5.	Apply a monitor map and a Sampler Map to a physical interface using the flowcommand to enable IPFIX on the router. `Router(config)#interface 10GE0/0/0/5 Router(config-if)#ipv4 address 192.1.108.2 255.255.255.0 Router(config-if)#ipv6 address 1:108::2/64 Router(config-if)#flow datalinkframesection monitor ipfix_mon sampler ipfix_sm ingress Router(config-if)#encapsulation dot1q 139`
	6.	Verify the sampled and exported flow statistics using the show flow platform producer statistics location command. In this show output, you can see that the system has actively received and monitored a total of 630,478 IPFIX 315 packets. `Router#show flow platform producer statistics location 0/0/0/5 Netflow Platform Producer Counters: IPv4 Ingress Packets: 0 IPv4 Egress Packets: 0 IPv6 Ingress Packets: 0 IPv6 Egress Packets: 0 MPLS Ingress Packets: 0 MPLS Egress Packets: 0 IPFIX315 Ingress Packets: 630478 IPFIX315 Egress Packets: 0 Drops (no space): 0 Drops (other): 0 Unknown Ingress Packets: 0 Unknown Egress Packets: 0 Worker waiting: 2443`
	7.	Verify the flow monitor stats statistics using the show flow monitor cache location command. This example shows that there were 50399 flows added to the cache and exported. `Router#show flow monitor ipfix_mon cache location 0/0/0/5 Cache summary for Flow Monitor ipfix_mon: Cache size: 65535 Current entries: 0 Flows added: 50399 Flows not added: 0 Ager Polls: 2784 - Active timeout 0 - Inactive timeout 0 - Immediate 50399 - TCP FIN flag 0 - Emergency aged 0 - Counter wrap aged 0 - Total 50399 Periodic export: - Counter wrap 0 - TCP FIN flag 0 Flows exported 50399 Matching entries: 0`

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.