Tutorials

Netflow configuration on Nexus explained [step by step]

What is Netflow:

NetFlow is a Cisco feature that provides the capability to collect statistics and information on IP traffic as it enters or exits an interface. NetFlow provides operators with network and security monitoring, network planning, traffic analysis, and IP accounting capabilities. 

Cisco NX-OS supports both traditional NetFlow (Version 5) and Flexible NetFlow (Version 9) export formats, but using flexible NetFlow is recommended on Nexus platforms. With traditional NetFlow, all the keys and fields exported are fixed and it supports only IPv4 flows. By default, a flow is defined by seven unique keys:

  • Source IP address
  • Destination IP address
  • Source port
  • Destination port
  • Layer 3 protocol type
  • TOS byte (DSCP markings)
  • Input logical interface (ifindex)

The NetFlow version is template based, so users can specify what data has to be exported.

NetFlow Configuration Steps:

Step 1. Enable the NetFlow feature:

First Step is to Enable Netflow feature on Nexus devices:

feature netflow

Step 2. Define a flow record by specifying key and nonkey fields of interest:

A user has the flexibility to select the collect parameters that can be used in either Version 5 or Version 9, except for IPv6 parameters, which can be used only with Version 9

* Flow record for L2 traffic:


! Flow record for Layer 2 Traffic
flow record Bil2
  match datalink mac source-address
  match datalink mac destination-address
  match datalink vlan
  match datalink ethertype
  collect counter packets
  collect flow sampler id

* Flow record for L3 traffic:

! Flow Record for Layer 3 Traffic
flow record Bil3
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match ip tos
  collect timestamp sys-uptime last
  collect flow sampler id
  collect ip version

Step3: Define a Flow Exporter:

NetFlow data is exported to a remote collector using UDP frames. The data is exported periodically upon the expiration of a flow timeout that is configurable by the user. The default flow timeout value is 30 minutes.

 NetFlow standard (RFC 3954) does not specify a specific NetFlow listening port. The standard or most common UDP port used by NetFlow is UDP port 2055, but other ports, such as 9555, 9995, 9025, and 9026, can also be used.

Under the flow export, the following fields are defined:

  • Collector IPv4/IPv6 address
  • Source interface
  • Virtual Routing and Forwarding (VRF)
  • Version
  • UDP port number
flow exporter Bil_Flow_Exp
  destination 192.168.4.1 use-vrf management
  transport udp 2055
  source mgmt0
  version 9

Step 4: Define and Apply the Flow Monitor to an interface:

Bind the flow record and the flow exporter to a flow monitor. When the flow monitor is defined, the flow monitor can be attached to an interface for collecting NetFlow statistics.

flow monitor FL_MON
  record Bil3
  exporter Bil_Flow_Exp
!
interface Eth3/31-32
ip flow monitor FL_MON input
ip flow monitor FL_MON output

Verifications:

#show run netflow

#show hardware flow ip


Refrences:

https://www.ciscopress.com/articles/article.asp?p=2928194&seqNum=3 https://www.ciscopress.com/articles/article.asp?p=2812391&seqNum=4

Related Articles

Back to top button
error: Content is protected !!