Here’s the sample configuration of Netflow in Cisco running IOS and Nexus-OS.
Cisco IOS-XR:
The NetFlow use these 3 maps to configure
Step1. EXPORTER MAP – configure parameters like export destination IP, udp port (only supported transport protocol), source interface
IPv4:
flow exporter-map NETFLOW-EXPORTER-MAPversion v9transport udp 9991source Loopback0destination 192.168.30.100
IPv6:
flow exporter-map IPv6-NETFLOW-EXPORTER-MAPversion v9transport udp 9991source Loopback0destination 192.168.30.100
Note: destination udp port can be from <1024-65535> (this is where Netflow is listening)
Step2. MONITOR MAP includes flow record map and flow exporter map. Some of the attriubtes that can be configured like number of cache entries and timeout. Record that supports are ipv4, ipv6 and mpls.
IPv4:
flow monitor-map NETFLOW-MONITOR-MAPrecord ipv4exporter NETFLOW-EXPORTER-MAPcache timeout active 10cache entries 1000
IPv6:
flow monitor-map IPv6-NETFLOW-MONITOR-MAPrecord ipv6exporter IPv6-NETFLOW-EXPORTER-MAPcache timeout active 10cache entries 1000
3.SAMPLER MAP – configure the packet rate (one out of n packets) to sample
sampler-map NETFLOW-SAMPLER-MAPrandom 1 out-of 100sampler-map IPv6-NETFLOW-SAMPLER-MAPrandom 1 out-of 100
Note: Sampling interval to use random mode for sampling packets of 1 through 65535 units
Application:
Apply in interface (can be applied in L3 bundle or physical interface, on single or both direction)
configure
interface Te0/0/0/0flow ipv4 monitor NETFLOW-MONITOR-MAP sampler NETFLOW-SAMPLER-MAP ingressflow ipv6 monitor IPv6-NETFLOW-MONITOR-MAP sampler NETFLOW-SAMPLER-MAP ingress
Cisco Nexus:
[Pre-config] Enable netflow
configure
feature netflow
Step1. Configure EXPORTER MAP
flow exporter ExporterMapdescription Exporter Map to Netflow Serverdestination 192.168.30.100 use-vrf managementtransport udp 9991source mgmt0version 9option exporter-stats timeout 120option sampler-table timeout 120
Step2. Configure MONITOR MAP
flow monitor MonitorMaprecord netflow-originalexporter ExporterMap
where:netflow-original is the traditional IPv4 input NetFlow with origin ASs
or can use a customized flow record
e.g.
flow record CustomRecordmatch ipv4 source addressmatch ipv4 destination addressmatch ip protocolmatch ip tosmatch transport source-portmatch transport destination-portcollect transport tcp flagscollect counter bytescollect counter packets
flow monitor MonitorMaprecord CustomRecordexporter ExporterMap
Step3. Configure SAMPLER MAP
sampler SamplerMapmode 1 out-of 100
Application:
configure
interface Eth1/1ip flow monitor MonitorMap input sampler SamplerMap
For Netflow configuration in Juniper, pls. refer to this link –> Configuring NetFlow in Juniper (JunOS)
[…] Step1. Configure EXPORTER MAP set services flow-monitoring version9 template NETFLOW_MONITOR template-refresh-rate seconds 15 set services flow-monitoring version9 template NETFLOW_MONITOR option-refresh-rate seconds 15 set services flow-monitoring version9 template NETFLOW_MONITOR ipv4-template Step2. Configure MONITOR MAP set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 port 9991 set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 source-address 192.168.1.100 set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 version9 template NETFLOW_MONITOR set forwarding-options sampling instance NETFLOW_INSTANCE family inet output inline-jflow source-address 192.168.1.100 Step3. Configure SAMPLER MAP set forwarding-options sampling instance NETFLOW_INSTANCE input rate 100 set forwarding-options sampling instance NETFLOW_INSTANCE input run-length 0 Application: set interfaces ge-0/0/0 unit 0 family inet sampling input Juniper (JunOS): Step1. Configure EXPORTER MAP set services flow-monitoring version9 template NETFLOW_MONITOR template-refresh-rate seconds 15 set services flow-monitoring version9 template NETFLOW_MONITOR option-refresh-rate seconds 15 set services flow-monitoring version9 template NETFLOW_MONITOR ipv4-template Step2. Configure MONITOR MAP set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 port 9991 set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 source-address 192.168.1.100 set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 version9 template NETFLOW_MONITOR set forwarding-options sampling instance NETFLOW_INSTANCE family inet output inline-jflow source-address 192.168.1.100 Step3. Configure SAMPLER MAP set forwarding-options sampling instance NETFLOW_INSTANCE input rate 100 set forwarding-options sampling instance NETFLOW_INSTANCE input run-length 0 Application: set interfaces ge-0/0/0 unit 0 family inet sampling input For Netflow configuration in Cisco, pls. refer to this link –> Configuring NetFlow in Cisco (IOS-XR ,Nexus OS) […]