Netflow Samplng rate specification on various Cisco hardware

Unanswered Question
renmarqu Fri, 12/11/2009 - 09:30

Hello Harry,


The following document will explain it and show you how to configure sampled netflow on cisco routers :

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/nfstatsa.html#wp1045102

Random Sampling Mode

The sampling mode determines the algorithm that selects a subset of traffic for NetFlow processing. In the random sampling mode that Random Sampled NetFlow uses, incoming packets are randomly selected so that one out of each n sequential packets is selected on averagen value is a parameter from 1 to 65535 packets that you can configure. for NetFlow processing. For example, if you set the sampling rate to 1 out of 100 packets, then NetFlow might sample the 5th, 120th, 199th, 302nd, and so on packets. This sample configuration provides NetFlow data on 1 percent of total traffic. The

    

The configuration will also depend on the IOS version that you are running.


As an example:

6500 running 12.2SXH  - http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/nde.html#wp1164287


I hope this can answer your question... =)


Cheers,

Renata

Lucien Avramov Mon, 12/14/2009 - 03:24

Yes it is supported.


Here is a summary of the Netflow Supervisor NDE with regards to L3 Netflow, Bridged Netflow Statistics (L2 Netflow) and SNMP interface index (SUP version 5 NDE).


L3 Netflow with Hybrid SUP2/MSFC2:
The SUP2 NDE provides SNMP interface index for LAN ports as of CatOS 6.3.6.
Support for interface index on WAN interfaces is added in CatOS 7.3.1 and the WAN interface index support also requires the MSFC2 to run 12.1(12c)E1.


L3 Netflow with Native SUP2/MSFC2:
The LAN and WAN interface index information is planned for 12.1(13)E Supervisor IOS.


L2 Netflow known as Bridged Netflow Statistics is available as of CatOS 7.2.2 and later. When Bridged Netflow Stats are enabled NDE provides flows for traffic between hosts on the same VLAN.


L2 Netflow with SUP1A:
Bridged Netflow Statistics provide SNMP interface index information for LAN ports when this feature is used with a SUP1A and no MSFC/MSFC2.


L2 Netflow with SUP2:
Due to the CEF-based MLS of the SUP2, Bridged Netflow Statistics cannot provide SNMP interface index information for LAN ports when this feature is used with a SUP2 and no MSFC2. On the SUP2 a "completed CEF adjacency" is required in order for NDE to provide interface index information. The completed CEF adjacency is not possible without a MSFC2 doing Layer 3 switching.


L2 Netflow with Hybrid SUP2/MSFC2:
Bridged Netflow Statistics can be enabled in addition to normal Layer 3 switching and both L2 and L3 flows will be exported. As long as there are completed CEF adjacencies the interface index information for flows from Bridged Netflow Statistics will be provided. So in other words if a host on VLAN x is L3 switched to a host on VLAN y there will be a completed CEF adjacency and then if the host on VLAN x talks to another host on VLAN x its interface index will be available in the Bridged Flow Statistics.

Actions

This Discussion