Configure Cflowd Traffic Flow Monitoring
This topic provides general procedures for configuring cflowd traffic flow monitoring. You configure cflowd traffic flow monitoring using the basic components of centralized data policy. You configure cflowd template options, including the location of the cflowd collector (if you are sending the flow to a collector), and you must configure cflowd as an action in the data policy.
To configure policy for cflowd traffic flow monitoring, use the Cisco vManage policy configuration wizard. The wizard consists of four sequential screens that guide you through the process of creating and editing policy components:
-
Create Applications or Groups of Interest—Create lists that group together related items and that you call in the match or action components of a policy.
-
Configure Topology—Create the network structure to which the policy applies.
-
Configure Traffic Rules—Create the match and action conditions of a policy.
-
Apply Policies to Sites and VPNs—Associate policy with sites and VPNs in the overlay network.
In the first three policy configuration wizard screens, you are creating policy components or blocks. In the last screen, you are applying policy blocks to sites and VPNs in the overlay network.
For the cflowd policy to take effect, you must activate the policy.
Step 1: Start the Policy Configuration Wizard
To start the policy configuration wizard:
-
In the Cisco vManage NMS, select the screen. When you first open this screen, the Centralized Policy tab is selected by default.
-
Click Add Policy.
The policy configuration wizard opens, and the Create Applications or Groups of Interest screen is displayed.
Step 2: Create Applications or Groups of Interest
To create lists of applications or groups to use in cflowd policy:
-
Create new lists as described in the following table:
-
Prefix
-
In the left bar, click Prefix.
-
Click New Prefix List.
-
Enter a name for the list.
-
In the Add Prefix field, enter one or more data prefixes separated by commas.
-
Click Add.
-
-
Site
-
In the left bar, click Site.
-
Click New Site List.
-
Enter a name for the list.
-
In the Add Site field, enter one or more site IDs separated by commas.
-
Click Add.
-
-
VPN
-
In the left bar, click VPN.
-
Click New VPN List.
-
Enter a name for the list.
-
In the Add VPN field, enter one or more VPN IDs separated by commas.
-
Click Add.
-
-
-
Click Next to Configure Topology in the wizard. When you first open this screen, the Topology tab is selected by default.
Step 3: Configure the Network Topology
To configure the network topology:
In the Topology tab, create a network topology as described:
-
Hub and Spoke - Policy for a topology with one or more central hub sites and with spokes connected to a hub
-
In the Add Topology drop-down, select Hub and Spoke.
-
Enter a name for the hub-and-spoke policy.
-
Enter a description for the policy.
-
In the VPN List field, select the VPN list for the policy.
-
In the left pane, click Add Hub and Spoke. A hub-and-spoke policy component containing the text string My Hub-and-Spoke is added in the left pane.
-
Double-click the My Hub-and-Spoke text string, and enter a name for the policy component.
-
In the right pane, add hub sites to the network topology:
-
Click Add Hub Sites.
-
In the Site List Field, select a site list for the policy component.
-
Click Add.
-
Repeat Steps 7a, 7b, and 7c to add more hub sites to the policy component.
-
-
In the right pane, add spoke sites to the network topology:
-
Click Add Spoke Sites.
-
In the Site List Field, select a site list for the policy component.
-
Click Add.
-
Repeat Steps 8a, 8b, and 8c to add more spoke sites to the policy component.
-
-
Repeat Steps 5 through 8 to add more components to the hub-and-spoke policy.
-
Click Save Hub and Spoke Policy.
-
-
Mesh - Partial-mesh or full-mesh region
-
In the Add Topology drop-down, select Mesh.
-
Enter a name for the mesh region policy component.
-
Enter a description for the mesh region policy component.
-
In the VPN List field, select the VPN list for the policy.
-
Click New Mesh Region.
-
In the Mesh Region Name field, enter a name for the individual mesh region.
-
In the Site List field, select one or more sites to include in the mesh region.
-
Repeat Steps 5 through 7 to add more mesh regions to the policy.
-
Click Save Mesh Region.
-
To use an existing topology:
-
In the Add Topology drop-down, click Import Existing Topology. The Import Existing Topology popup displays.
-
Select the type of topology.
-
In the Policy drop-down, select the name of the topology.
-
Click Import.
Click Next to move to Configure Traffic Rules in the wizard. When you first open this screen, the Application-Aware Routing tab is selected by default.
Step 4: Configure Traffic Rules
To configure traffic rules for cflowd policy:
-
In the Application-Aware Routing bar, select the Cflowd tab.
-
Click the Add Policy drop-down.
-
Select Create New. The Add Cflowd Policy popup opens.
-
Configure timer parameters for the cflowd template:
-
In the Active Flow Timeout field, specify how long to collect a set of flows on which traffic is actively flowing, a value from 30 through 3,600 seconds. The default is 600 seconds (10 minutes).
-
In the Inactive Flow Timeout field, specify how long to wait to send a set of sampled flows to a collector for a flow on which no traffic is flowing, a value from 1 through 3,600 seconds. The default is 60 seconds (1 minute).
-
In the Flow Refresh Interval field, specify how often to send the cflowd template record fields to the collector, a value from 60 through 86,400 seconds (1 minute through 1 day). The default is 90 seconds.
-
In the Sampling Interval field, specify how many packets to wait before creating a new flow, a value from 1 through 65,536 seconds. While you can configure any integer value, the software rounds the value down to the nearest power of 2.
-
-
Click Add New Collector, and configure the location of the cflowd collector. You can configure up to four collectors.
-
In the VPN ID field, enter the number of the VPN in which the collector is located.
-
In the IP Address field, enter the IP address of the collector.
-
In the Port Number field, enter the collector port number. The default port is 4739.
-
In the Transport Protocol drop-down, select the transport type to use to reach the collector, either TCP or UDP.
-
In the Source Interface field, enter the name of the interface to use to send flows to the collector. It can be either a Gigabit Ethernet, a 10-Gigabit Ethernet interface (ge), or a loopback interface (loopback number).
-
-
Click Save Cflowd Policy.
-
Click Next to move to Apply Policies to Sites and VPNs in the wizard.
Step 5: Apply Policies to Sites and VPNs
To apply a policy block to sites and VPNs in the overlay network:
-
If you are already in the policy configuration wizard, skip to Step 6. Otherwise, in the Cisco vManage NMS, select the screen. When you first open this screen, the Centralized Policy tab is selected by default.
-
Click Add Policy. The policy configuration wizard opens, and the Create Applications or Groups of Interest screen is displayed
-
Click Next. The Network Topology screen opens, and in the Topology bar, the Topology tab is selected by default.
-
Click Next. The Configure Traffic Rules screen opens, and in the Application-Aware Routing bar, the Application-Aware Routing tab is selected by default.
-
Click Next. The Apply Policies to Sites and VPNs screen opens.
-
In the Policy Name field, enter a name for the policy. This field is mandatory and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
-
In the Policy Description field, enter a description of the policy. It can contain up to 2048 characters. This field is mandatory, and it can contain any characters and spaces.
-
From the Topology bar, select the type of policy block. The table then lists policies that you have created for that type of policy block.
-
Click Add New Site List. Select one or more site lists, and click Add.
-
Click Preview to view the configured policy. The policy is displayed in CLI format.
-
Click Save Policy. The screen opens, and the policies table includes the newly created policy.
Step 6: Activate a Centralized Policy
Activating a cflowd policy sends that policy to all connected Cisco vSmart Controllers. To activate a cflowd policy:
-
In the Cisco vManage NMS, select the screen. When you first open this screen, the Centralized Policy tab is selected by default.
-
Select a policy.
-
Click the More Actions icon to the right of the row, and click Activate. The Activate Policy popup opens. It lists the IP addresses of the reachable Cisco vSmart Controllers to which the policy is to be applied.
-
Click Activate.