Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

basic Netflow config on cat6500 (MLS monitoring)

I'm facing traffic monitoring on cat6500.

When running routers, a basic ip accounting was pretty enough for my needs.

Now, working w/ a cat6500 lead me to some problems in getting ip accounting info.

I read something about netflow, and the general concepts are quite clear to me, but an hint on a good place to start the implementation on cat6500 (native) would be welcome.

My goal:

1) at first, getting some basic info on who generated packets going in and out my LAN.

2) later, setting up a full netflow server, to track everything down (any suggestion of a good architecture is welcome).

TIA

Ivan

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: basic Netflow config on cat6500 (MLS monitoring)

Hello Ivan,

ad 1) configuration is quite easy:

To configure NDE use the same commands as for the IOS device. In the enable mode on the Supervisor Engine, issue the following, to set up the NetFlow export version.

switch(config)# mls nde sender version 7

The following commands break up flows into shorter segments.

switch(config)# mls aging long 128

switch(config)# mls aging normal 32

On the Supervisor Engine 1 issue the following to put full flows into the netfow exports:

switch(config)# mls flow ip full

If you have a Supervisor Engine 2 or 720 running IOS version 12.1.13(E) or higher, issue the following commands instead:

switch(config)# mls flow ip interface-full

turn on flow accounting for each input interface with the interface command:

interface

ip route-cache flow

For example:

interface FastEthernet0

ip route-cache flow

interface Serial2/1

ip route-cache flow

It is necessary to enable NetFlow on all interfaces through which traffic (you are interested in) will flow. Now, verify that the router (or switch) is generating flow stats - try command 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) the RP cli will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach' or 'if-con' command and issue the 'sh ip ca fl' on each LC.

Enable the exports of these flows with the global commands:

router(config)# ip flow-export version 5

router(config)# ip flow-export destination 2000

router(config)# ip flow-export source FastEthernet0

Use the IP address of your NetFlow Collector and configured listening port. UDP port 2000 is used for example.

We recommend using NetFlow version 5, which is the most recent export version supported by Cisco routers. The 'ip flow-export source' command is used to set up the source IP address of the exports sent by the router or switch. NetFlow Collector can filter incoming traffic on this address. If your router uses BGP protocol, you can configure AS to be included in exports with command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following commands break up flows into shorter segments.

router(config)# ip flow-cache timeout active 5

router(config)# ip flow-cache timeout inactive 30

(See netflow configuration guide on the

http://netflow.caligare.com )

To see netflow stats you can use the command:

router# show ip cache verbose flow

...

Ad 2)

there are many netflow analyzers, see list

of free and/or commercial analyzers on the

http://netflow.caligare.com/applications.htm

Our company is developing Caligare Flow Inspector, so if you will have some question regarding to our product, please, contact me directly.

Kind regards

Jan Nejman

Caligare, Co.

nejman@caligare.com

http://www.caligare.com/

2 REPLIES
Bronze

Re: basic Netflow config on cat6500 (MLS monitoring)

Hello Ivan,

ad 1) configuration is quite easy:

To configure NDE use the same commands as for the IOS device. In the enable mode on the Supervisor Engine, issue the following, to set up the NetFlow export version.

switch(config)# mls nde sender version 7

The following commands break up flows into shorter segments.

switch(config)# mls aging long 128

switch(config)# mls aging normal 32

On the Supervisor Engine 1 issue the following to put full flows into the netfow exports:

switch(config)# mls flow ip full

If you have a Supervisor Engine 2 or 720 running IOS version 12.1.13(E) or higher, issue the following commands instead:

switch(config)# mls flow ip interface-full

turn on flow accounting for each input interface with the interface command:

interface

ip route-cache flow

For example:

interface FastEthernet0

ip route-cache flow

interface Serial2/1

ip route-cache flow

It is necessary to enable NetFlow on all interfaces through which traffic (you are interested in) will flow. Now, verify that the router (or switch) is generating flow stats - try command 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) the RP cli will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach' or 'if-con' command and issue the 'sh ip ca fl' on each LC.

Enable the exports of these flows with the global commands:

router(config)# ip flow-export version 5

router(config)# ip flow-export destination 2000

router(config)# ip flow-export source FastEthernet0

Use the IP address of your NetFlow Collector and configured listening port. UDP port 2000 is used for example.

We recommend using NetFlow version 5, which is the most recent export version supported by Cisco routers. The 'ip flow-export source' command is used to set up the source IP address of the exports sent by the router or switch. NetFlow Collector can filter incoming traffic on this address. If your router uses BGP protocol, you can configure AS to be included in exports with command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following commands break up flows into shorter segments.

router(config)# ip flow-cache timeout active 5

router(config)# ip flow-cache timeout inactive 30

(See netflow configuration guide on the

http://netflow.caligare.com )

To see netflow stats you can use the command:

router# show ip cache verbose flow

...

Ad 2)

there are many netflow analyzers, see list

of free and/or commercial analyzers on the

http://netflow.caligare.com/applications.htm

Our company is developing Caligare Flow Inspector, so if you will have some question regarding to our product, please, contact me directly.

Kind regards

Jan Nejman

Caligare, Co.

nejman@caligare.com

http://www.caligare.com/

New Member

Re: basic Netflow config on cat6500 (MLS monitoring)

Great start.

Currently, I have 2 sup720 as core (running 12.2(33)SXH) and 2 sup32 (running 12.2(18)SXF) as backbone.

As a start, I will introduce NF on backbone in/outbound interfaces (WAN routers are not managed by me).

WAN routers (they are in pairs, for redundancy) are all connected on switched interfaces, and are aggregated on a dedicated Vlan (one for each pair).

172
Views
0
Helpful
2
Replies
CreatePlease to create content