If you’re a faithful follower of our blogs, then you are familiar with the “samplicator” described in Michael Patterson’s “Free NetFlow Forwarder or NetFlow Duplicator” blog from May 29th, 2010.

If you’re not familiar with this NetFlow Forwarder application and you have the need for exporting NetFlow packets to multiple (unlimited!) collectors, then you must read his blog.

With switches or routers that do not support NetFlow export to more than one NetFlow collector, or if you have the need to export to more than the typical two collectors, the samplicator is an ideal solution.

Configuration is quick and easy and, if using the config file to list source (exporters) and destinations (collectors), extremely scalable.

Read more »

You’re in the market for a NetFlow Traffic Analyzer.  What are the key features that you’re looking for?  What makes one NetFlow analyzer stand out from the rest?  Do you have a list of “must haves”?

Such as support for Flexible NetFlow, IPFIX reporting, portable network maps?  How about automated NetFlow configuration on your routers and switches?  Is customization of the web interface important to you?  Multiple language support critical?
Read more »

Okay, back to the basics. We’ve been working with Cisco NetFlow technology for many years now, but what is NetFlow?

NetFlow is a traffic profile monitoring technology developed by Darren Kerr and Barry Bruins at Cisco Systems, back in 1996. At that time, network monitoring mostly consisted of seeing how much traffic was traversing your network, but did not include what that traffic was.
Read more »

Sampled NetFlow provides NetFlow statistics for a subset of incoming (ingress) IPv4 traffic on an interface.  Output Sampled NetFlow allows you to collect NetFlow statistics for a subset of outgoing (egress) IPv4 traffic on that interface.

The Output Sampled NetFlow feature is now available starting with IOS 12.0(24)S for IPv4 traffic on Cisco 12000 Series IP Service Engine (ISE) line cards.  In IOS 12.0(26)S, this feature was enhanced to report the input interface and support for the Cisco 12000 Series 4-Port Gigabit Ethernet ISE line card was added.

Which means that you can now export both ingress and egress Sampled NetFlow for Cisco 12000′s!
Read more »

The traditional NetFlow configuration on a Cisco router will only let you configure the export to two destinations.  Are you looking for a solution that will replicate NetFlow to more than two? Read more »

We have all seen a number of blogs over the past few months talking about Flexible NetFlow. And with customers moving to the Cisco Nexus model switches, which run on Cisco’s NX-OS operating system, we are now assisting in an increasing number of Flexible NetFlow configurations.

A big advantage of the Flexible NetFlow concept is that the user can define the flow. The user-defined flow records and the component structure of Flexible NetFlow make it easy for you to create various configurations for traffic analysis and data export on a networking device with a minimum number of configuration commands.

Don’t be intimidated by the move to Flexible NetFlow.

Flexible NetFlow includes several predefined records that you can use right away to start monitoring traffic in your network.

These predefined records are available to help you quickly deploy Flexible NetFlow. And they help ensure backward compatibility with your existing NetFlow collector configurations for the data that is exported.

Each of the predefined records are based on the original NetFlow ingress and egress caches and the aggregation caches, and each has a unique combination of key and non-key fields that offer you the built-in ability to monitor various types of traffic in your network without customizing Flexible NetFlow on your router.

Many users will find that the pre-existing Flexible NetFlow records are suitable for the majority of their traffic analysis requirements.

Read more »

Expanding upon my last blog, “Cisco’s Flexible NetFlow and LEGO Blocks“, this week I’d like to show the application of FNF’s Template FlowSet configuration in your netflow collection.

Referencing Cisco Systems “NetFlow Version 9 Flow-Record Format” whitepaper, skipping to Table 6 – NetFlow Version 9 Field Type Definitions, there is a list of the fields available to build your NetFlow v9 Template FlowSet.

In the packet capture displayed below, FlowSet 1, Template Id 257, lists the fields included in the Template FlowSet. One of the fields included in this Template FlowSet is LAST_SWITCHED (21), with 21 being the value for that field. The value is an important field, as it is unique to that Field Type.
Read more »

Are you trying to get hardware and software based NetFlow from your Cisco Catalyst 4506 or Catalyst 6500 series switch? The Introduction to Cisco IOS NetFlow page does a great job explaining how to set this up.  Below is a paste from the document: Read more »

Happy Friday everyone!

The other day I was working with a new customer getting NetFlow export enabled on his Cisco 3800 routers. When I was explaining the concept of using the ip flow ingress command in enabling NetFlow per interface, he said:

“I have to do that on all my interfaces?!? I have like ten sub-interfaces to do.”

In reality, ten interfaces isn’t really hard to configure, but it can be… cumbersome.

So if you are enabling NetFlow on a device with LOTS of vlans, a nice quick way to get things up and running is to use the int range command.

You can do this by typing the following:

Read more »

If you checked your routers NetFlow configs, you’ll most likely find that you’re exporting NetFlow v5 templates. If you’re not sure, do a show run | i ip flow and look for:

ip flow-export version 5

With NetFlow v5, all your traffic is measured based on the ingress of an interface. What goes in, must come out, right?

This is not always the case…

Read more »