Blog

Nexus 5600 NetFlow configuration

khalil

In this blog, we’ll cover the NetFlow configuration for Nexus 5600 switches. To configure NetFlow, ensure you have a VRF (virtual routing and forwarding) instance configured first, as it doesn’t work if applied under a VLAN interface or physical interface as a source when we configure the flow exporter.

The below configuration includes separate Layer 2 and Layer 3 information divided by the flow record and flow monitor, but still applied under the same interface. These configurations have different responsibilities. The “L2rr” flow record will be responsible for a Layer 2 information, which includes information about MAC addresses and VLANs. “L3rr” will bring us information related to Layer 3, which includes conversations between hosts or IP addresses.

The configuration can still vary based on your version of IOS. Layer 3 information can be taken from a switch that supports Layer 3 forwarding, which in our case is the Nexus 5600.

Here are steps to configure NetFlow on a Nexus 5600:

  1. Create two flow records, for Layer 2 and Layer 3 respectively.
  2. Create a common exporter for both L2/L3 configurations.
  3. Create two flow monitors; each will have separate flow records but same flow exporter.
  4. Create a default sampler for each of the flow monitors.
  5. Apply two created flow monitors under same interface.

Name your flow record for Layer 2 (e.g. L2rr):

flow record L2rr
    description Layer2 information
    match datalink dot1q vlan input
    match datalink dot1q vlan output
    match datalink mac source address input
    match datalink mac source address output
    collect flow sampler
    collect counter bytes
!

Name your flow record for Layer 3 (e.g. L3rr):

flow record L3rr
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    collect ipv4 version
    collect counter bytes long
    collect counter packets long
    collect timestamp sys-uptime first
    collect timestamp sys-uptime last
!

Name your flow exporter (e.g. L2):

flow exporter L2
    destination xxx.xxx.xxx.xxx use vrf-management
    source mgmt0
    transport udp 2055
    template data timeout 60
!

Name your flow monitor for Layer 2 (e.g. L2m):

flow monitor L2m
description Monitoring Layer2
exporter L2
record L2rr
!

Name your flow monitor for Layer 3 (e.g. L3m):

flow monitor L3m
    description Monitoring Layer3
    exporter L2
    record L3rr
!
!

Name your sampler (e.g. L2sampler):

sampler L2sampler
    mode deterministic 1 out-of 100
!
!

Apply configured flow monitors under required interface:

interface Ethernet0/1
    ip flow monitor L3m sampler L2sampler input
    ip flow monitor L2m sampler L2sampler input

The main purpose of this blog was to highlight a difference between two layers and to define what can be applied under each of them to avoid any conflicts during configuration itself. If you’re having difficulty, give us a call. We’ll be glad to walk you through it.

Related

annam

How to Configure NetFlow on Cisco UCS via GUI

Today, I will be talking about Cisco UCS NetFlow configuration via GUI, including its limitations and differences compared to the configuration via CLI. I

Cisco Nexus 9000 NetFlow Configuration

Cisco Nexus 9000 NetFlow Configuration Recently I’ve received numerous request for a sample on the Cisco Nexus 9000 NetFlow configuration. This device has a

Juniper MX NetFlow Configuration

Juniper MX5 NetFlow Configuration Recently while looking at my router’s NetFlow reporting, I came across an issue regarding the Juniper MX5 router’s NetFlow configuration.