Here's a link for the steps in configuring NetFlow (version 9) in a Cisco NCS 540 IOS-XR.
|
Step 1 |
Create and configure an exporter map. |
||
|
Step 2 |
Create and configure a monitor map and a sampler map.
|
||
|
Step 3 |
Apply the monitor map and sampler map to an interface. |
There are some caveats in configuring NetFlow in a Cisco IOS-XR:
- Do not use the management interface to export the NetFlow packets.
- NetFlow
can be configured only in the ingress direction.
- A source interface must always be configured. If you do not configure a source interface, the exporter will remain in a disabled state.
- Only export format Version 9 and IPFIX is supported.
- A valid record map name must always be configured for every flow monitor map.
- NetFlow is not supported on Bridge Virtual Interface (BVI).
- NetFlow is not supported on sub-interfaces.
- NetFlow on sub-interface routed via BVI is not supported.
- Destination-based Netflow accounting is not supported, only IPv4, IPv6 and MPLS record types are supported under monitor-map.
- Output interface field is not updated in data and flow records when the traffic is routed through ACL based forwarding (ABF).
- Output interface field is not updated in data and flow records for the multicast traffic.
- Output interface, source and destination prefix lengths fields are not set in data and flow records for GRE transit traffic.
- For Netflow IPFIX315, configure the hw-module profile netflow ipfix315 command.
- If IPFIX315 is enabled on a line card then all the ports on that line card should have IPFIX315 configured.
- For hw-module profile qos hqos-enable , NetFlow does not give the output interface for cases like L2 bridging, xconnect, IPFIX, and so on.
- L4 header port numbers are supported only for TCP and UDP.
- NetFlow does not give the output interface for traffic terminating on GRE tunnel.
Here's a sample NetFlow configuration template. It's similar to the legacy IOS IP accounting feature.
flow exporter-map <EXPORTER MAP NAME>
destination <NETFLOW ANALYZER IP>
transport udp 2055
source <SOURCE INTERFACE>
version v9
template data timeout 60
template options timeout 60
options interface-table
options sampler-table
sampler-map <SAMPLER MAP NAME>
random 1 out-of 500
flow monitor-map <MONITOR MAP NAME>
record mpls ipv4-fields
exporter <EXPORTER MAP NAME>
cache entries 1000000
cache timeout active 60
cache timeout inactive 30
cache timeout rate-limit 2000
commit
interface GigabitEthernet0/0/0/x
flow mpls monitor <MONITOR MAP NAME> sampler <SAMPLER MAP NAME>
commit
show flow exporter <EXPORTER MAP NAME> location 0/0/CPU0
show flow monitor <MONITOR MAP NAME> cache format table location 0/0/CPU0
RP/0/RP0/CPU0:NCS540#show flow monitor MONITOR cache format table location 0/0/CPU0
Thu Dec 21 22:18:21.552 UTC
Cache summary for Flow Monitor MONITOR:
Cache size: 65535
Current entries: 13
Flows added: 25
Flows not added: 0
Ager Polls: 573
- Active timeout 12
- Inactive timeout 0
- Immediate 0
- TCP FIN flag 0
- Emergency aged 0
- Counter wrap aged 0
- Total 12
Periodic export:
- Counter wrap 0
- TCP FIN flag 0
Flows exported 0
LabelType Prefix/Length Label1-EXP-S Label2-EXP-S Label3-EXP-S Label4-EXP-S Label5-EXP-S Label6-EXP-S InputInterface OutputInterface ForwardStatus FirstSwitched LastSwitched ByteCount PacketCount Dir SamplerID IPV4SrcAddr IPV4DstAddr IPV4TOS IPV4Prot L4SrcPort L4DestPort L4TCPFlags InputVRFID OutputVRFID BGPNextHopV4
LDP 10.14.6.35/32 24088-5-0 14724-5-1 - - - - Gi0/0/0/19 Gi0/0/0/1 Fwd 08 16:44:31:287 08 16:45:20:486 2600 10 Ing 1 10.1.1.5 172.16.4.13 0xb8 udp 4790 4790 0 default default 0.0.0.0
<OUTPUT TRUNCATED>
