Blog :: Configuration :: Network Operations

Cisco ASR 9000 Configuration NetFlow Guide

One of the best parts about working in Tech Support for a company that analyzes NetFlow, is that I get the opportunity to work with a wide variety of vendors and models. Today most vendors are supporting at least one form of NetFlow. Whether that’s version 5, version 9 or IPFIX. No matter what version of NetFlow, we’re awarded the ability to capture and analyze the traffic on our network in almost real-time. Today I wanted to take a look at the founders of the NetFlow protocol, Cisco, and their Cisco ASR 9000 configuration.

Cisco ASR 9k Hardware

One important thing to note about the ASR9k, is it supports sampled NetFlow. There’s a bit of controversy surrounding sampled NetFlow however. Some people prefer it because it alleviates the possible performance penalty incurred by enabling NetFlow exports. Others would prefer getting a more complete picture of their network traffic. Mainly this will depend on the traffic volume of your network. It is important to note though, that sample NetFlow will substantially decrease the CPU utilization needed to account for NetFlow packets. That being said, let’s dig into getting your Cisco ASR 9000 configured!
First things first, we’ll need to telnet into our Cisco ASR 9000. The basic configuration for NetFlow will consist of:

  • A Flow Monitor Map
  • An Exporter Map
  • A Sampler Map

The steps we’ll want to take are:

  1. Create and configure an exporter map
  2. Create and configure a monitor map and a sampler map
  3. Apply the monitor map and sampler map to an interface

Exporter Map

router# config t
router(config)# flow exporter-map exporter

Name your exporter map (exporter as an example)

router(config-fem)# destination nnn.nnn.nnn.nnn

Configure the destination IP of your analyzer

router(config-fem)# dscp 55 (Optional)
router(config-fem)# source gigabitEthernet 0/0/0/0

Configure the interface your flows will be sourced from

router(config-fem)# transport udp 2055

Configure your transport port

router(config-fem-ver)# version v9

Specify your version of NetFlow

router(config-fem-ver)# options sampler-table timeout 2000
router(config-fem-ver)# template data timeout 10000
router(config)# end

or

router(config)# commit
router(config-fem-ver)# exit
router(config)# exit
router# show flow exporter-map Exporter

Sampler Map

router# config t
router(config)# sampler-map Sampler

Name your sampler map (Sampler for example)

router(config-sm)#
router(config-sm)# random 1 out-of 1

Configure your sampling interval (range from 1-65535)

router(config)# end

or

router(config)# commit
router(config-sm)# exit
router(config)# exit
router# show sampler-map Sampler

Monitor Map

router# config t
router(config)# flow monitor-map Monitor

Name your monitor map (Monitor for example)

router(config-fmm)#
router(config-fmm)# record ipv4

Configure the flow record map name for IPv4, IPv6 or MPLS

Use one of the following:

  • record ipv4
  • record ipv4 [peer as]
  • record ipv6
  • record mpls [labels number]
  • record mpls [ipv4-fields] [labels number]
  • record mpls [ipv6-fields] [labels number]
  • record mpls [ipv4-ipv6-fields] [labels number]
router(config-fmm)# cache entries 10000  (optional)

Configure the number of entries in the flow cache

router(config-fmm)# flow monitor-map Monitor cache permanent (optional)

Disables removal of entries from the flow cache

router(config-fmm)# cache timeout inactive 15

cache timeout {active timeout_value | inactive timeout_value | update timeout_value}

default active timeout = 1800 seconds

default inactive timeout = 15 seconds

default update timeout = 1800 seconds

router(config-fmm)# exporter Exporter

Associates an exporter map with a monitor map

A single flow monitor can support up to eight exporters

router(config)# end

or

router(config)# commit
router(config-fmm)# exit
router(config)# exit
router# show flow monitor-map Monitor

Apply Monitor Map and Sampler Map to an interface

router# config t
router(config)# interface gigabitEthernet 0/0/0/0

Enter interface configuration mode

router(config-if)#
router(config-if)# flow ipv4 monitor Monitor sampler Sampler ingress/egress

Associates a Monitor Map and a Sampler Map with an interface

router(config)# end

or

router(config)# commit

Cisco

Congratulations! We’re now fully configured to export version 9 NetFlow to our traffic analyzer. We can now hop over to our preferred collector and analyze all of our network traffic with your favorite NetFlow Analysis Tool! For more information about your Cisco ASR 9000 visit Cisco’s site and review their documentation here.

Do you have a NetFlow capable device that we haven’t covered? Please let us know and we’ll add a configuration guide!

Related

feature image

Flow protocols in real-world environments

Over the years, libraries have been filled on the topic of flow protocols—specifically, how they work and their general accuracy.

::

sFlow vs NetFlow Comparison

I have been working with a number of customers who asked for an sFlow vs NetFlow comparison.  They were concerned about the amount of

::

NetFlow vs. sFlow for Network Monitoring and Security: The Final Say

We’ve blogged about the differences between NetFlow and sFlow before but this debate continues to come up often enough and has been going on

::