How to Configure NetFlow v5 & v9 on Cisco Routers
10 likes19,725 views
This document provides instructions for configuring NetFlow versions 5 and 9 on Cisco routers to monitor network traffic. It explains that NetFlow collects IP traffic data, what versions 5 and 9 are, and how to configure each version on a router by specifying the collector server, export port, and interfaces. It also describes how to verify the NetFlow export and how tools like SolarWinds NetFlow Traffic Analyzer analyze exported data to provide network usage insights.
How to Configure NetFlow v5 & v9 on Cisco Routers
- 1. How to Configure NetFlow v5 & v9 on Cisco® Routers? © 2013 SolarWinds Worldwide, LLC. All rights reserved. 1
- 2. Agenda Learn how to configure NetFlow v5 & v9 on Cisco Routers • • • • • • What is NetFlow? Why NetFlow is Important? What is NetFlow v5 & v9? Configuring NetFlow v5 on a Cisco Router Configuring NetFlow v9 on a Cisco Router Monitoring Network Traffic by Analyzing NetFlow © 2013 SolarWinds Worldwide, LLC. All rights reserved. 2
- 3. NetFlow NetFlow provides network administrators with data to understand the movement of traffic in the network. What is NetFlow? NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information, which eventually became the universally accepted standard on traffic monitoring and is supported on most platforms. NetFlow answers the questions of who (users), what (applications), and how network bandwidth is being used. © 2013 SolarWinds Worldwide, LLC. All rights reserved. 3
- 4. Why enabling NetFlow is important? Enabling NetFlow on your routing and switching devices allows you to collect traffic statistics from that device. When traffic passes through the interfaces of a NetFlow enabled device, relevant information about the IP conversation is captured and stored in the NetFlow cache. This helps to: » Understand application and bandwidth usage patterns » Quickly troubleshoot network issues » Detect security and network behavioral anomalies » Verify the performance of QoS policies » Perform capacity planning and save costs by taking informed decisions Efficient network operation lowers costs and drives higher business revenues through better utilization of the network infrastructure. © 2013 SolarWinds Worldwide, LLC. All rights reserved. 4
- 5. What is NetFlow v5 & v9? NetFlow version 5 NetFlow version 9 • Most widely used NetFlow technology • A template based version that is Flexible NetFlow technology • Also called traditional NetFlow— supports autonomous systems (AS) reporting, and a few additional fields • Has ability to monitor a wide range of IP packet information which is absent in traditional NetFlow • Provides the versatility needed to support new fields and record types • Flexible NetFlow accommodates custom fields such as, MPLS labels, IPv6 traffic, NBAR protocols, Multicast IP traffic, VLAN ID, real-time performance of media flows, etc. • • Generally advised that NetFlow v5 be enabled on all interfaces; to monitor inbound and outbound utilization on interfaces Packet format is fixed, and hence is easy to decipher for most NetFlow collection and network traffic reporting packages © 2013 SolarWinds Worldwide, LLC. All rights reserved. 5
- 6. Configuring NetFlow v5 on Cisco Router © 2013 SolarWinds Worldwide, LLC. All rights reserved. 6
- 7. How to Configure NetFlow v5 on a Cisco Router? The following is a set of commands that are issued on a Cisco router to enable NetFlow version 5 on the FastEthernet 0/1 interface and export to the machine 10.199.15.103 (IP Address of NetFlow Analyzer server) on port 2055 (UDP port to export NetFlow packets). Router2951#enable Password:***** Router2951#configure terminal This command has to be executed on all the L3/VLAN interfaces router2951(config)#interface FastEthernet 0/1 router2951(config-if)#ip route-cache flow The hostname or IP address of the NetFlow Collector server router2951(config-if)#exit router2951(config)#ip flow-export destination 10.199.15.103 2055 The port number used to send NetFlow packets. Continued on next slide… © 2013 SolarWinds Worldwide, LLC. All rights reserved. 7
- 8. How to Configure NetFlow v5 on a Cisco Router? (cont…) router2951(config)#ip flow-export source GigabitEthernet0/1 router2951(config)#ip flow-export version 5 The interface through which NetFlow packets are exported. router2951(config)#ip flow-cache timeout active 1 router2951(config)#ip flow-cache timeout inactive 15 router2951(config)#snmp-server ifindex persist router2951(config)#^Z router#write © 2013 SolarWinds Worldwide, LLC. All rights reserved. 8
- 9. How to verify if NetFlow v5 is getting exported from your router? Now that your router has been set up to export NetFlow data, perform these steps in this optional task to verify if NetFlow data export is operational to display the statistics for NetFlow data export. Version 5 flow records show ip flow export command will show you the current NetFlow configuration. router2951# show ip flow export Flow export v5 is enabled for main cache Export source and destination details: VRF ID: Default Source(1) 10.199.10.1 (GigabitEthernet0/1) Destination(1) 10.199.15.103 (2055) Continued on next slide… © 2013 SolarWinds Worldwide, LLC. All rights reserved. 9
- 10. How to verify if NetFlow v5 is getting exported from your router? Version 5 flow records 169422708 flows exported in 5647450 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation © 2013 SolarWinds Worldwide, LLC. All rights reserved. 10
- 11. Configuring NetFlow v9 on Cisco Router © 2013 SolarWinds Worldwide, LLC. All rights reserved. 11
- 12. How to Configure NetFlow v9 on a Cisco Router? Flexible NetFlow is comprised of 3 components: Flow Record Flow Exporter Flow Monitor The following is a set of commands that are issued on a Cisco router to enable Flexible NetFlow on the FastEthernet 0/1 interface and export to the machine 10.199.15.103 (IP Address of NetFlow Analyzer server) on port 2055 (UDP port to export NetFlow packets). Router2951#enable Password:***** Router2951#configure terminal Continued on next slide… © 2013 SolarWinds Worldwide, LLC. All rights reserved. 12
- 13. How to Configure NetFlow v9 on a Cisco Router? (cont…) //Creating Flow Record router2951(config)# flow record NTArecord router2951 (config-flow-record)# match ipv4 source address router2951 (config-flow-record)# match ipv4 destination address router2951 (config-flow-record)# match ipv4 protocol router2951 (config-flow-record)# match transport source-port router2951 (config-flow-record)# match transport destination-port router2951 (config-flow-record)# match ipv4 tos router2951 (config-flow-record)# match interface input router2951 (config-flow-record)# collect interface output router2951 (config-flow-record)# collect counter bytes router2951 (config-flow-record)# collect counter packets Continued on next slide… © 2013 SolarWinds Worldwide, LLC. All rights reserved. 13
- 14. How to Configure NetFlow v9 on a Cisco Router? (cont…) //Creating Flow Exporter The hostname or IP address of the NetFlow Collector server. router2951(config)# flow exporter NTAexport router2951 (config-flow-exporter)#destination 10.199.15.103 router2951 (config-flow-exporter)# source GigabitEthernet0/1 Interface through which router2951 (config-flow-exporter)# transport udp 2055 NetFlow packets are exported. router2951 (config-flow-exporter)# template data timeout 60 The port number used to send NetFlow packets. //Creating Flow Monitor Specify the required timeout router2951(config)# flow monitor NTAmonitor in secs for template export router2951(config-flow-monitor)# record NTArecord router2951(config-flow-monitor)# exporter NTAexport router2951(config-flow-monitor)# cache timeout active 60 router2951(config-flow-monitor)# cache timeout inactive 15 Continued on next slide… © 2013 SolarWinds Worldwide, LLC. All rights reserved. 14
- 15. How to Configure NetFlow v9 on a Cisco Router? (cont…) //Associating the Monitor to an Interface Repeat these commands on all interfaces of your router to associate the NetFlow Monitor to the interfaces. router2951(config)# int FastEthernet0/1 router2951(config-if)# ip flow monitor NTAmonitor input //Save configuration to memory router2951#write © 2013 SolarWinds Worldwide, LLC. All rights reserved. 15
- 16. How to verify if NetFlow v9 is getting exported from your router? Perform these steps in this optional task to verify if NetFlow data export is operational to display the statistics for NetFlow data export. Version 9 flow records show flow exporter exporter-name command will show you the stats of the Flow exporter. router2951#show flow exporter NTAexport Flow exporter NTAexport : Description: User defined Export protocol: NetFlow Version 9 Transport Configuration: Destination IP address: 10.199.15.103 Source IP address: 10.199.10.1 Source Interface: GigabitEthernet0/1 Continued on next slide… © 2013 SolarWinds Worldwide, LLC. All rights reserved. 16
- 17. How to verify if NetFlow v9 is getting exported from your router? (cont…) Transport Protocol: UDP Destination Port: 2055 Source Port: 61256 DSCP: 0x0 TTL: 255 Output Features: Not Used Once NetFlow is configured on the routers, the NetFlow packets are sent to the designated server or collector. NetFlow can bring in thousands of flows per second depending on the size of the network and the traffic. Having a tool in place that collects all NetFlow packets and presents them in an easy to understand, comprehensive view helps you effectively manage your bandwidth. © 2013 SolarWinds Worldwide, LLC. All rights reserved. 17
- 18. Monitoring Network Traffic by Analyzing NetFlow SolarWinds NetFlow Traffic Analyzer (NTA) is software based NetFlow collector that gathers network traffic data, correlates it into a useable format, and then presents it to the user in a Web based interface. NTA analyzes the NetFlow Export data that comes from Cisco devices to provide valuable information on how your bandwidth is consumed and by whom. © 2013 SolarWinds Worldwide, LLC. All rights reserved. 18
- 19. SolarWinds® NetFlow Traffic Analyzer SolarWinds NTA gives you a comprehensive customizable view of your network traffic on a single page. © 2013 SolarWinds Worldwide, LLC. All rights reserved. 19
- 20. Network Traffic Analysis is Just a Click Away! Learn more about SolarWinds NetFlow Traffic Analyzer Connect with the Community © 2013 SolarWinds Worldwide, LLC. All rights reserved. 20
- 21. Thank You! © 2013 SolarWinds Worldwide, LLC. All rights reserved. 21