I’ve posted in the past about when to use egress NetFlow.  I’ve generally felt that there are primarily 3 reasons to enable NetFlow with egress flows.  There are other reasons, but here are my top 3:

  • WAN Compression
  • Multicasts
  • Exporting on one interface

Today I want to talk about a 4th reason to enable egress flows: MPLS. Why do you need egress NetFlow with MPLS?  The Cisco documentation says it best:

<< BEGIN >>

One common application of the MPLS egress NetFlow accounting  feature allows you to capture the MPLS virtual private network (VPN) IP flows that are traveling from one site of a VPN to another site of the same VPN through the service provider backbone.

Formerly, you captured flows only for IP packets on the ingress interface of a router. You could not capture flows for MPLS encapsulated frames, which were switched through Cisco Express Forwarding (CEF) from the input port. Therefore, in an MPLS VPN environment you captured flow information as packets were received from a customer edge (CE) router and forwarded to the backbone. However, you could not capture flow information as packets were transmitted to a CE router because those packets were received as MPLS frames.

The MPLS egress NetFlow accounting feature lets you capture the flows on the outgoing interfaces.


The PE routers export the captured flows to the configured collector devices in the provider network. The NetFlow Analyzer or the VPN solution center (VPN-SC) application collects this information and computes and displays site-to-site VPN traffic statistics.

<< END >>

If you need to enable MPLS Egress NetFlow, there are some prerequisites:
The network must support the following Cisco IOS features before you enable the MPLS egress NetFlow accounting feature:

  • Multiprotocol label switching (MPLS)
  • IP Cisco Express Forwarding (CEF)
  • The NetFlow collector must be able to handle a mixture of ingress and egress flows enabled on different interfaces of the same router.  Only best at NetFlow solutions can do this.

In IOS config mode, simply go to the targeted interface and type in:
Router(config-if)# mpls netflow egress

If your interest is in NetFlow billing with these flows, there is plenty of documentation on NetFlow Accounting with MPLS NetFlow up on Cisco’s web site.

If you are interested in reporting on MPLS tags, send me a packet capture and I’ll make sure the reports get created.  I’ve been known to cut deals to make things happen. 🙂

Mike Patterson author pic

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply