Manufacturer: Cisco

Model(s): Nexus 7000 Series Switches

Version(s): NX-OS

URL: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/system_management/configuration/guide/sm_nx_os_cli/sm_15netflow.html

Notes:

  • Capable of capturing flows in both L2 and L3 interfaces
  • Full NetFlow is supported only on the M1 and M2 Series module ports.
  • F2, F2e, F3, and M3 Series modules support sampled NetFlow only

Configuration steps for NetFlow

  1. Enable Netflow Feature
configure terminal
feature netflow
flow timeout active 60
flow timeout inactive 60
  1. Create a Flow Record
configure terminal
flow record FLOW-RECORD
  description flow record
  match ip tos
  match ip protocol
  match ipv4 source address
  match ipv4 destination address
  match transport source-port
  match transport destination-port
  collect counter bytes long
  collect counter packets long
  collect flow direction
  collect flow sampler id
  collect routing next-hop address ipv4
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
  collect transport tcp flags
  exit
CLI command Description 
Flow record <name>
 Creates a flow record and enters flow record configuration mode. 
Description <string>
 Describes this flow record as a maximum 63-character string. 
Match <type>
 Specifies match keys. Plixer recommended keys are listed in the example above 
Collect <type>
 Specifies the collection field. Plixer recommended fields are listed in the example above.
  1. Create a flow Exporter
configure terminal
flow exporter PLIXER-COLLECTOR
  description Plixer Platform Flow Collector
  destination <IP of plixer collector>
  source <INTERFACE>
  transport udp 9995
  version 9
  template data timeout 60
  exit
CLI command Description 
flow exporter <name>
 Creates a flow exporter and enters flow exporter configuration mode 
description <string>
 Describes this flow exporter as a maximum 63-character string 
destination <ip> [use vrf-name]
 IPv4 address of the Plixer collector. You can optionally configure the VRF to use to reach the NetFlow Collector. 
source <interface name/port>
 Specifies the interface to use to reach the Plixer Collector. 
transport udp <port>
 Specifies the UDP port to use to reach the NetFlow Collector. The range is from 0 to 65535. 
version 9
 Specifies the NetFlow export version. Choose version 9 to enter the flow exporter version 9 configuration submode 
template data timeout <seconds>
 Sets the template data resend timer. The range is from 1 to 86400 seconds. Plixer recommends 60 seconds.
  1. Create a Flow Monitor
configure terminal
flow monitor FLOW-COLLECTION
  description Layer 2 flow collection
  record FLOW-RECORD
  exporter PLIXER-COLLECTOR
  exit
CLI command Description 
flow monitor <name>
 Creates a flow monitor and enters flow monitor configuration mode 
description <string>
 Describes this flow monitor as a maximum 63-character string 
record <name>
 Associates a flow record with this flow monitor. 
exporter <name>
 Associates a flow exporter with this flow monitor.
  1. Create a Sampler

For M1 and M2 series module ports, only create a sampler if you want to use sampled flow. If unsampled flow is preferred, then skip this section.

configure terminal
sampler FLOW-SAMPLER
  description Sampler settings for flow collection
  mode <samples> out-of <packets>

flow record FLOW-RECORD
  collect flow sampler id
  exit
CLI command Description 
sampler <name>
 Creates a sampler and enters flow sampler configuration mode 
description <string>
 Describes this flow monitor as a maximum 63-character string 
mode <samples> out-of <packets>
 Defines the number of samples to take per the number of packets received. The samples range is from 1 to 64. The packets range is from 1 to 8192 packets.

Note: 1 and 1 would be unsampled
  1. Apply a Flow Monitor to an interface
configure terminal
interface <interface>
  ip flow monitor FLOW-COLLECTION input
CLI command Description 
Ip flow monitor <ipv4 |ipv6> input
 Associates an IPv4 or IPv6 flow monitor to the interface for input packets.

[Optional] Configuration Steps for Layer 2 Flexible NetFlow interfaces

  1. Create a Layer 2 Flow Record
configure terminal
flow record L2-FLOW-RECORD
  description Layer 2 flow record
  match datalink ethertype
  match datalink vlan
  match datalink mac source-address
  match datalink mac destination-address
  exit
  1. Create a Layer 2 Flow Monitor
configure terminal
flow monitor L2-FLOW-MONITOR
  description Layer 2 flow collection
  record L2-FLOW-RECORD
  exporter PLIXER-COLLECTOR
  exit
  1. Apply a Flow Monitor to a Layer 2 interface
configure terminal
interface <slot/port or port-channel number>
  switchport
  mac packet-classify
  layer2-switched flow monitor L2-FLOW-MONITOR input
  exit