Blog :: Flexible NetFlow :: Network Operations :: Security Operations

Cisco NGA Configuration Guide

Last week I was working with a customer who needed help with a Cisco NGA Configuration (NetFlow Generation Appliance).  The customer was running the Cisco NGA 3140 (NGA3140-K9) model and had questions with how to setup version 5 versus version 9 NetFlow.  In this blog I will take a look at steps needed to setup the Cisco NGA flows!

Cisco NGA Configuration

After having setup the mirrored traffic for the traffic sources, setting up the flow collector is the step in our NetFlow configuration.  This is where the NGA will send the flow data.  In the example below, Figure 1, the flow data is being sent on UDP port 9995.  Make sure your NetFlow collector is listening on the transport and port you specify to see the data!

Cisco NGA Collector
Figure 1: Cisco NGA Collectors

The next step is creating the Flow Record – this works like Flexible NetFlow but in a GUI (Graphical User Interface).  In Figure 2, the record was called PlixerV9_record.  You can then specify the type of record and what you want to match and collect on.  In this example, the type is IPv4 with a basic NetFlow tuple; we are also collecting the application ID (NBAR – Network Based Application Recognition).  You can also create a record type using IPv6 or Layer 2.

Cisco NGA Configuration
Figure 2: Cisco NGA Flow Record

The next process is to configure the exporters.  In Figure 3, we setup a flow exporter with both template and options template timeouts of 10 minutes and sent all the flows to our one collector we setup in step one.  This can become a more complicated process if you are sending flows to multiple collectors in a distributed environment.  It is also where you would want to configure different weights of packets to different collectors.

Cisco NGA Exporters Configuration
Figure 3: Cisco NGA Flow Exporters Configuration

The final aspect of the Cisco NGA Configuration is to setup the monitors and make them active.  In figure 4 below, there are two monitors but only the top one is active and exporting.

Cisco NGA Monitor
Figure 4: Cisco NGA Flow Monitors

 

Once this is all done, we will start seeing flows from the NGA on the flow collector.  If you are interested in what the reports look like, please take a look at this blog post: NGA NetFlow Reporting with NBAR and more.

NetFlow Generators!

Looking for more information on the Cisco NGA Configuration, NetFlow probes, or generators?  Check out this two post blog series on NetFlow Generators:

NetFlow Generators: Enabling NetFlow Without NetFlow Support (Part #1)
NetFlow Generators: Enabling NetFlow Without NetFlow Support (Part #2)

Plixer is now offering a NetFlow Probe called the FlowPro.  If you are interested in evaluating this probe, please fill out the following FlowPro Evaluation Request Form.  If you have any questions on NetFlow generators or the information that is being exported, feel free to reach out to the Plixer Support Team at 207-324-8805 x4.

Related

khalil

Defining top talkers with Flexible NetFlow and AVC

I was recently on a call with a customer who wanted to know which applications use the most bandwidth during working hours—i.e. their top

::
scottr

Troubleshooting NetFlow over VPN tunnel

I was working with a customer last week who had configured NetFlow on four of their Cisco routers. They had applied basically the same

::
joanna

Configuring a Cisco Catalyst 4510 Switch IOS XE 3.6

Recently I was visiting a customer on site when they mentioned they felt like they were not getting accurate information from their Cisco Catalyst

::