How can we help?

  1. Auvik Support
  2. Audit and Reporting
  3. Device configuration for Auvik TrafficInsights
  4. How to Configure Netflow

How to Configure Netflow on Cisco Nexus switches

Avatar
Fran Ceconi
Follow

There are a few steps required to configure Netflow on Cisco Nexus switches.

Items that are between { } and in bold should be replaced with values specific to the environment being configured.

  1. Enable Netflow
     
    config t
    feature netflow
  2. Configure a Netflow Flow Record
    A Netflow record details what information you want to collect. You can use the built in record, or create a custom record.
    The built in record is:
            N7K1# show flow record netflow-original
        Flow record netflow-original:
            Description: Traditional IPv4 input NetFlow with origin AS
            No. of users: 1
            Template ID: 256
            Fields:
                match ipv4 source address
                match ipv4 destination address
                match ip protocol
                match ip tos
                match transport source-port
                match transport destination-port
                match interface input
                match interface output
                match flow direction
                collect routing source as
                collect routing destination as
                collect routing next-hop address ipv4
                collect transport tcp flags
                collect counter bytes
                collect counter packets
                collect timestamp sys-uptime first
                collect timestamp sys-uptime last
  3. Configure a Netflow Flow Exporter
    Set destination to your Auvik collector’s IP address, and source to the interface name that will export flows to the collector. 
    N7K1(config)# flow exporter exporter-1
N7K1(config-flow-exporter)# description Fluke Collector
                            destination 10.255.255.100
                                source Vlan10
                                transport udp 2055
                                version 9
  4. Configure a Netflow Flow Monitor Flow Monitors bind the Flow Record to the Flow Exporter 
    N7K1(config)# flow monitor netflow-monitor-1
              record custom-netflow-record
              exporter exporter-1
    or you can use the built-in Netflow Flow Record: 
    N7K1(config)# flow monitor netflow-monitor-2
              record netflow-original
              exporter exporter-2
    You can also apply multiple exporters to the same monitor: 
    N7K1(config)# flow monitor netflow-monitor-3
              record custom-netflow-record
              exporter exporter-1 
              exporter exporter-2
  5. Apply the Netflow Monitor to the your L3 interfaces 
    interface eth3/10   
       ip flow monitor netflow-monitor-1 input    
       exit
  6. (Optional) Configure a Netflow Sampler

    Netflow samplers become important when you’re running mixed M1/F2(e) VDCs. Due to the L3 proxy routing required for F2(e), Netflow traffic is CPU processed. The CPU will automatically rate limit Netflow traffic to 1 out of a 1000 packets to protect the control plane. An error will prompt when trying to configure this in a mixed environment:

    N7K1(config)# interface vlan 10
    
            N7K1(config-if)#  ip flow monitor netflow-monitor-1
            input
            ERROR: A sampler must be configured for an interface on an
            F2 card or F2e mixed vdc
    Configure a sampler to sample 1 out of every 1000 packets: 
    N7K1(config)# sampler netflow-sampler
          #  mode 1 out-of 1000
          N7K1(config-flow-sampler)# exit
          N7K1(config)# interface vlan 10
          N7K1(config-if)#  ip flow monitor netflow-monitor-1
            input sampler netflow-sampler
    Recommended sampler is 1 out-of 4956 to avoid rate limiting.
    An additional 1:100 sampler, over the configured sampler is applicable for F2/F2e ports There will be a new message. The bottom part is important to understand. This says that whatever sampling rate you have configured, we will only sample 1 of those packets out of every 100. If the sampler was configured for 1 out of 1000, the actual sampling rate would be 1 out of 100,000. This could result in useless Netflow statistics.
    Note: It is advised to set it to the maximum allowed by your environment. 
              sampler netflow-sampler
                  mode 1 out-of 10
  7. (Optional) Configure Netflow timers
    These Netflow timers are available: 
    flow timeout active 120 (default is 1800 seconds)
flow timeout inactive 32 (default is 15 seconds)
flow timeout fast 32 threshold 100 (default is disabled)
flow timeout session (default is disabled)
flow timeout aggressive threshold 75 (default is disabled)
    Show commands 
    show flow record netflow-original
show flow record custom-netflow-record
show flow exporter 
show flow monitor netflow-monitor
show sampler
    Verify statistics: 
    N7K1# show flow export
Flow exporter exporter-1:
    Description: Fluke Collector
    Destination: 10.255.255.100
    VRF: default (1)
    Destination UDP Port 2055
    Source Interface Vlan10 (10.10.10.5)
    Export Version 9
    Exporter Statistics
        Number of Flow Records Exported 726
        Number of Templates Exported 1
        Number of Export Packets Sent 37
        Number of Export Bytes Sent 38712
        Number of Destination Unreachable Events 0
        Number of No Buffer Events 0
        Number of Packets Dropped (No Route to Host) 0
        Number of Packets Dropped (other) 0
        Number of Packets Dropped (LC to RP Error) 0
        Number of Packets Dropped (Output Drops) 0
        Time statistics were last cleared: Tue Jul  8 21:12:06 2014
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Auvik System Status

Check system status

Need help?

Submit your question or comment and we'll be in touch.

Send a message

Related articles