The Optrics Insider

Information For IT Pros

Menu
Follow Us:
Search

Sample Based Flexible NetFlow Export Configuration

ManageEngine Network Management
Shannon Lewis

Sample Based Flexible NetFlow Export Configuration

NetFlow technology involves checking the packets traversing a router interface to identify the actual traffic. The high volume of packets and packet rates of traffic on some router links causes the router to use higher CPU and memory during such an analysis. Sampling is solution to be used when flow analytics has to be done on a device.

Sampling defines that instead of every packet, 1 out of N packets (where N is the sampling rate) is captured and sent to the NetFlow Analyzer for traffic analytics. Based on the information in 1 packet, the traffic pattern for the rest of the packets is constructed.

These sampling packets will considerably decrease the CPU utilization needed to account for NetFlow packets by allowing the majority of the packets to be switched faster because they will not need to go through additional NetFlow processing.

This blog help us to configure sample based Flexible NetFlow export on Cisco Routers. All Cisco router with latest IOS supports Flexible NetFlow export with sampling option.

To configure sample based traditional NetFlow export on the router refer this link and for core switches refer this link.

Flexible NetFlow Configuration:

Flexible NetFlow configuration is somewhat different from traditional NetFlow export as it needs multiple entities like:

  • Flow Exporter
  • Defining sampler
  • Flow Record
  • Flow Monitor
  • Attaching the monitor to interface.

Refer this link to find steps configure Flexible NetFlow without sampling on Cisco router.

Flow Exporter Configuration:

Flow exporter is the one which defines export source and destination which receives the NetFlow packets.

flow exporter ManageEngine

destination

transport udp 9996

data template timeout 60

option sampler-table

Configuring sampling:

sampler NFASample

mode 1 out-of 100

Flow Record Configuration:

Flow record configuration defines the fields exported via NetFlow protocol. Flexible pre-defined flow records are based on the original NetFlow ingress or egress caches. Cisco provides a unique keyword to identify the pre-defined records and these records can associated with a Flexible NetFlow Flow record configuration. The Flexible NetFlow “netflow-original” and netflow ipv4 original-input are predefined records and these two records can be used interchangeably to export the basic key fields and time stamp fields.

The latest Cisco IOS also allow us to define user defined flow record with unique name.

Flow Monitor Configuration:

Flow monitor is the one defines the exporter and record which has to be sent to Analyzing software.

flow monitor ManageEngine

record netflow-original or netflow ipv4 original-input

exporter ManageEngine

cache timeout active 60

cache timeout inactive 15

Associating the Monitor to Interface for NetFlow accounting:

The flow monitor has to attached to every physical or logical interfaces to capture the traffic and export NetFlow packets.

Interface FastEthernet0/0

ip flow monitor ManageEngine input NFAsample

Hope this blogs help those who want configure sample based Flexible NetFlow export on their Cisco routers.

References :-

http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/cfg_cpu_friendly_netflow_export.html

http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/use_fnflow_redce_cpu.html

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_sanf.html

Praveen Kumar

NetFlow Analyzer Technical Team

Download | Interactive Demo  | Twitter | Customers

The post Sample Based Flexible NetFlow Export Configuration appeared first on ManageEngine Blogs.

You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com

The original article/video can be found at Sample Based Flexible NetFlow Export Configuration

Leave a Reply