Configuring NetFlow in Cisco (IOS-XR and Nexus OS)

Here’s the sample configuration of Netflow in Cisco running IOS and Nexus-OS.
Cisco IOS-XR:
The NetFlow use these 3 maps to configure
Step1. EXPORTER MAP – configure parameters like export destination IP, udp port (only supported transport protocol), source interface
IPv4:
flow exporter-map NETFLOW-EXPORTER-MAP
 version v9
  transport udp 9991
  source Loopback0
  destination 192.168.30.100
IPv6:
flow exporter-map IPv6-NETFLOW-EXPORTER-MAP
 version v9
  transport udp 9991
  source Loopback0
  destination 192.168.30.100
Note: destination  udp port can be from  <1024-65535> (this is where Netflow is listening)
Step2. MONITOR MAP includes flow record map and flow exporter map. Some of the attriubtes that can be configured like number of cache entries and timeout. Record that supports are ipv4, ipv6 and mpls.
IPv4:
flow monitor-map NETFLOW-MONITOR-MAP
 record ipv4
 exporter NETFLOW-EXPORTER-MAP
 cache timeout active 10
 cache entries 1000
IPv6:
flow monitor-map IPv6-NETFLOW-MONITOR-MAP
 record ipv6
 exporter IPv6-NETFLOW-EXPORTER-MAP
 cache timeout active 10
 cache entries 1000
3.SAMPLER MAP – configure the packet rate (one out of n packets) to sample
sampler-map NETFLOW-SAMPLER-MAP
 random 1 out-of 100
sampler-map IPv6-NETFLOW-SAMPLER-MAP
 random 1 out-of 100
Note: Sampling interval to use random mode for sampling packets of 1 through 65535 units
Application:
Apply in interface (can be applied in L3 bundle or physical interface, on single or both direction)
configure
  interface Te0/0/0/0
   flow ipv4 monitor NETFLOW-MONITOR-MAP sampler NETFLOW-SAMPLER-MAP ingress
   flow ipv6 monitor IPv6-NETFLOW-MONITOR-MAP sampler NETFLOW-SAMPLER-MAP ingress
Cisco Nexus:
[Pre-config] Enable netflow
configure
 feature netflow

Step1. Configure EXPORTER MAP

flow exporter ExporterMap
  description Exporter Map to Netflow Server
  destination 192.168.30.100 use-vrf management
  transport udp 9991
  source mgmt0
  version 9
    option exporter-stats timeout 120
    option sampler-table timeout 120
Step2. Configure MONITOR MAP
flow monitor MonitorMap
  record netflow-original
  exporter ExporterMap
where:netflow-original  is the traditional IPv4 input NetFlow with origin ASs
 or can use a customized flow record
e.g.
flow record CustomRecord
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match ip tos
  match transport source-port
  match transport destination-port
  collect transport tcp flags
  collect counter bytes
  collect counter packets
flow monitor MonitorMap
  record CustomRecord
  exporter ExporterMap

Step3. Configure SAMPLER MAP

sampler SamplerMap
  mode 1 out-of 100

Application:

configure
 interface Eth1/1
   ip flow monitor MonitorMap input sampler SamplerMap
For Netflow configuration in Juniper, pls. refer to this link –> Configuring NetFlow in Juniper (JunOS)

One Comment

  1. […] Step1. Configure EXPORTER MAP set services flow-monitoring version9 template NETFLOW_MONITOR template-refresh-rate seconds 15 set services flow-monitoring version9 template NETFLOW_MONITOR option-refresh-rate seconds 15 set services flow-monitoring version9 template NETFLOW_MONITOR ipv4-template Step2. Configure MONITOR MAP set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 port 9991 set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 source-address 192.168.1.100 set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 version9 template NETFLOW_MONITOR set forwarding-options sampling instance NETFLOW_INSTANCE family inet output inline-jflow source-address 192.168.1.100 Step3. Configure SAMPLER MAP set forwarding-options sampling instance NETFLOW_INSTANCE input rate 100 set forwarding-options sampling instance NETFLOW_INSTANCE input run-length 0 Application: set interfaces ge-0/0/0 unit 0 family inet sampling input Juniper (JunOS): Step1. Configure EXPORTER MAP set services flow-monitoring version9 template NETFLOW_MONITOR template-refresh-rate seconds 15 set services flow-monitoring version9 template NETFLOW_MONITOR option-refresh-rate seconds 15 set services flow-monitoring version9 template NETFLOW_MONITOR ipv4-template Step2. Configure MONITOR MAP set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 port 9991 set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 source-address 192.168.1.100 set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 version9 template NETFLOW_MONITOR set forwarding-options sampling instance NETFLOW_INSTANCE family inet output inline-jflow source-address 192.168.1.100 Step3. Configure SAMPLER MAP set forwarding-options sampling instance NETFLOW_INSTANCE input rate 100 set forwarding-options sampling instance NETFLOW_INSTANCE input run-length 0 Application: set interfaces ge-0/0/0 unit 0 family inet sampling input For Netflow configuration in Cisco, pls. refer to this link –> Configuring NetFlow in Cisco (IOS-XR ,Nexus OS) […]

Leave a Reply

Your email address will not be published. Required fields are marked *