I took a call the other day from a customer who asked, “How do I set up my router to send NetFlow to Scrutinizer?” This is a question that I get on a pretty regular basis, so I strapped on my router config hat and got ready to throw out the typical IP FLOW commands to get the flows going. But then I asked for the model of the router. “It’s a Cisco Nexus 7000,” the customer told me. I found that this device does not run the usual IOS that we have all come to know and love. It runs Cisco’s NX-OS. And Cisco’s NX-OS CLI is completely different.

Cisco NX-OS supports a flexible architecture that allows a user to collect different data for different applications per interface. It allows you to define an optimal flow record for a particular application by selecting the keys from a large collection of predefined fields, whereas the Cisco IOS Software supports one flow mask and export pair for the entire chassis.

In Cisco NX-OS, the flexible architecture that is used consists of flow records, flow exports, and flow monitors. The NetFlow command-line interface (CLI) configuration and verification commands are not available until you enable the NetFlow feature with the feature netflow command. If the feature netflow command is removed, all relevant NetFlow configuration information is also removed.

The Cisco NX-OS/IOS NetFlow Comparison document provides a complete NX-OS/IOS comparison.

To configure NetFlow, follow these steps:

Step 1 Enable the NetFlow feature. (You must globally enable NetFlow before you can configure any flows.)

switch(config)#feature netflow

Step 2 Define a flow record by specifying keys to match on and fields to collect in the flow.

switch(config)#flow record internet
switch(config-flow-record)# description Ipv4 Flow
switch(config-flow-record)# match [command] [option]
switch(config-flow-record)# collect [command] [option]

show flow record internet (displays the information about the NetFlow flow record – internet)

You must configure at least one of the following match parameters for flow records:

[table id=3 /]

You must configure at least one of the following collect parameters for flow records:

[table id=4 /]

Cisco has made available Pre-Defined Flow records to make the migration to this new configuration easier.

Step 3 Define an optional flow exporter by specifying the export format, protocol, destination, and other parameters.

switch(config)#flow exporter scrutinizer
switch(config-flow-exporter)# destination 192.0.2.1
switch(config-flow-exporter)# source ethernet 2/1
switch(config-flow-exporter)# description ExportV9
switch(config-flow-exporter)# transport udp 2055
switch(config-flow-exporter)# version 9

show flow exporter  scrutinizer (Displays Information about the NetFlow flow exporter – scrutinizer)

Step 4 Define a flow monitor based on the flow record and flow exporter.

switch(config)#flow monitor MonitorTest
switch(config-flow-monitor)# description Ipv4Monitor
switch(config-flow-monitor)#exporter scrutinizer
switch(config-flow-monitor)#record internet

show flow monitor  MonitorTest (Displays information about the NetFlow flow monitor – MonitorTest)

Step 5 Apply the flow monitor to a source interface, subinterface, VLAN interface, or a VLAN.

switch(config)# interface Ethernet 2/1
switch(config-if)# ip flow monitor MonitorTest input
or
switch(config-if)# ipv6 flow monitor MonitorTest input

ip flow monitor MonitorTest input    (Associates an IPv4 flow monitor to the interface for input or output packets)
ipv6 flow monitor MonitorTest input  (Associates an IPv6 flow monitor to the interface for input or output packets)

You can apply a flow monitor and an optional sampler to a VLAN

switch(config)# vlan 30
switch(config-vlan)# ip flow monitor MonitorTest input

show flow interface Ethernet 2/1 (Displays information about NetFlow on the interface – Ethernet 2/1)

Here is a sample config:

flow exporter scrutinizer
destination 192.0.2.1
transport udp 2055
source loopback0
version 9
flow record internet
description internet traffic
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes
collect counter packets
flow monitor MonitorTest
description Internet traffic sent to scrutinizer
record internet
exporter scrutinizer

interface Ethernet2/1
description Connected to d87-mdf-fw01
no switchport
ip flow monitor MonitorTest input
ip flow monitor MonitorTest output
ip address 10.1.1.3
no shutdown

For more information on configuring NetFlow on Layer 2 interfaces, NetFlow Timeouts, and NetFlow Samplers, please refer to the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide.

Cisco’s Flexible NetFlow architecture broadens the scope of the information that can be made available for traffic analysis. I invite you to check Mike Patterson’s blog on How-to Configure Cisco Flexible NetFlow for NBAR Exports to see just how powerful this information can be. And with Plixer’s latest NetFlow and sFlow analysis tool, you have the ability to process it all.

Scott Robertson author pic

Scott

Scott provides Pre Sales Technical Support to the Sales team at Plixer. Scott comes from a technical support background, having years of experience doing everything from customer account management to system programming. Some of his interests include coaching youth sports programs here in Sanford, playing drums and guitar in local jam bands, and playing in neighborhood lawn dart tournaments.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply