NetFlow is a powerful network monitoring and visualization technology developed by Cisco that provides valuable insights into network traffic. By configuring NetFlow on your Cisco devices, you gain a deeper understanding of how your network is being utilized, identify potential bottlenecks, and troubleshoot network issues more efficiently. This blog post will guide you through the steps involved in configuring NetFlow on your Cisco IOS devices.
Understanding NetFlow Versions
Cisco offers different versions of NetFlow, each with varying levels of detail. Here are the two most commonly used versions:
• NetFlow v9: This version provides basic information about network traffic, including source and destination IP addresses, port numbers, protocol type, and packet count.
• Flexible NetFlow (FNF): This enhanced version offers more granular details like Layer 3 ToS (Type of Service) byte, input interface, and application identification.
Prerequisites
Before configuring NetFlow, ensure you have the following:
• A Cisco device running a compatible IOS version (typically versions 12.0(22)S or later)
• A NetFlow collector to receive and analyze the exported data (various open-source and commercial options are available)
Â
Configuration Steps for netflow capture on L3 interfaces
1. Create flow record for ingress traffic using below commands, you can define what fields to be captured in netflow:
flow record TEST-ingress
description IPV4 ingress
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface input
match ipv4Â tos
match flow direction
collect interface output
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last
Â
Â
2. Create flow record for egress traffic using below commands, you can define what fields to be captured in netflow:
Â
flow record TEST-egress
description IPV4 ingress
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface output
match ipv4Â tosmatch flow direction
collect interface input
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last
3. Create flow export, which defines the details of netflow collector like port number and IP address. You can also define export protocol here. Check details of your network collector and replace accordingly (mostly IP address, port and export-protocol). Export-protocol is option parameter you can ignore this line if you are not clear.
Â
flow exporter EXPORT-TEST
description Export to TEL
destination 10.7.5.2
transport udp 8818
export-protocol ipfix
template data timeout 60
exit
Â
4. Now we need to create a flow monitor for input (ingress) and output (egress) traffic. Flow monitor is used to relate record (what traffic to capture) and exporter (where to send this traffic)
Â
flow monitor INPUT
description IPv4 ingress exports
exporter EXPORT-TEST
record TEST-ingress
cache timeout active 60
exit
Â
Â
flow monitor OUTPUT
description IPv4 egress exports
exporter EXPORT-TEST
record TEST-egress
cache timeout active 60
exitÂ
5. Finally you need to apply the flow monitor under the interface where you need capture the traffic. As this netflow configuration is for L3 interfaces ensure the interface you are configuring must be a L3 interface.
Â
int t1/2/0/1
ip flow monitor OUTPUT output
ip flow monitor INPUT input
Â
Configuration Verification
Once configured, you can verify if NetFlow "show ip flow-export" command displays the configured NetFlow export, including the destination address, port, and version.
"show flow monitor" will show you the top talkers using in the netflow data.
show ip flow-export
show flow monitor OUTPUT cache sort highest counter bytes long top 10
Additional Considerations
• Security: Be mindful of security implications. Restrict NetFlow export to authorized collectors only.
• Performance Impact: NetFlow can introduce minimal overhead on your devices. However, extensive sampling configurations might impact performance.
Conclusion
By configuring NetFlow on your Cisco devices, you gain valuable insights into your network traffic patterns, enabling better network monitoring visibility, troubleshooting, and capacity planning. Remember to choose the appropriate NetFlow version and adjust sampling rates based on your specific needs. Leverage the power of NetFlow to optimize your network performance and ensure a smooth digital experience.
Â
Comments