Cisco 2960-X NetFlow-Lite Configuration

Posted in NetFlow-Lite on June 11th, 2013 by Matthew St. Jean
Cisco 2960-X NetFlow-Lite Configuration

I have two goals with this post, the first is to announce that you can sign up for the joint webcast we are hosting with Cisco Systems regarding the release of the Catalyst 2960-X with NetFlow-Lite Support.
•    10AM – Sign Up
•    4PM – Sign Up

The second goal is to explain how to configure the 2960-X NetFlow-Lite Support.

The Cisco Catalyst 2960-X NetFlow-Lite configuration is pretty straight forward however it is very different from the IPFIX PSAMP “NetFlow-Lite” we configured on the Cisco 4948E NetFlow-Lite.  The 2960x uses flow sampling without any form of packet capture.  There are two types of possible NetFlow Lite sampling configurations on the 2960x:

  • Deterministic Sampling
  • Random Sampling

Deterministic Sampling
Deterministic samplers sample packets exactly as specified (I.e. the first flow out of every 100 flows). Deterministic samplers can only be applied on up to 4 interfaces. For this reason, we decided to configure random sampling.

Random Sampling
Random sampling samples a random flow out of ever X flows.  The maximum sample rate for both Deterministic and Random is 1 out-of 32.  It is not limited to 4 interfaces like Deterministic sampling.

In the configuration below we used Random sampling. I was able to add the configuration to all interfaces using a random sampler called “my-random-sampler”.  The random sampler called “my-random-sampler” was configured to randomly sample 1 out of every 100 flows on the interfaces it was applied to.

Setting up NetFlow Lite on the 2960x:
!
! step 1: create a flow record
flow record flows
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect interface input
collect flow sampler
! below I specified ‘long’ because the 2960x supports 64 bit counters
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
! step 2: create a flow exporter
flow exporter export-to-inside
description flexible NF v9
destination 10.1.1.1
source Vlan7
transport udp 2055
template data timeout 60
!
! lets export some cool option templates
option interface-table
option exporter-stats
option sampler-table
!
!
! step 3: create a flow monitor
flow monitor nftest
record flows
exporter export-to-inside
cache timeout active 60
statistics packet protocol
!
! Below was used for the deterministic sampling configuration
! that I didn’t like because of the 4 interface limitation
! sampler full
! mode deterministic 1 out-of 32
!
! below is the random sampler configuration that I replaced
! the above with.
sampler my-random-sampler
mode random 1 out-of 100
!
!
!
! step 4: apply the flow monitor ‘nftest’ to each interface with
! the defined sampler ‘my-random-sampler’
! input is for ingress.  Egress was not supported in this release…
interface GigabitEthernet1/0/1
ip flow monitor nftest sampler my-random-sampler input
!
interface GigabitEthernet1/0/2
ip flow monitor nftest sampler my-random-sampler input
!
interface GigabitEthernet1/0/3
ip flow monitor nftest sampler my-random-sampler input
!
interface GigabitEthernet1/0/4
ip flow monitor nftest sampler my-random-sampler input
!
! #################################
! ### Repeat the above for all the interfaces ###

! #################################

!
interface GigabitEthernet1/0/50
ip flow monitor nftest sampler my-random-sampler input
switchport mode access
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
! that’s it.  Check out our CiscoLive 2013 video!

Contact our team of NetFlow Knights if you have any questions. Also, Cisco gave us ten Catalyst 2960-X switches to raffle off at CiscoLive 2013 in Orlando Florida.  Make sure you stop by booth 747, fill out a raffle ticket and pick up a NetFlow Sword!

NetFlow Sword Swag for CiscoLive

See you at the show!

Matt

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , , , ,

Leave a Reply