Implementing NetFlow for IPv6

Last Updated: December 1, 2011

First Published: June 26, 2006

Last Updated: July 11, 2008


Note
Effective with Cisco IOS Release 12.4(20)T, the NetFlow for IPv6 feature has been replaced by the IPv6 Flexible NetFlow feature. For information on this feature, see the Cisco IOS Flexible NetFlow Features Roadmap .

NetFlow for IPv6 provides basic NetFlow functionality for IPv6 without affecting IPv4 NetFlow performance.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Implementing NetFlow for IPv6

This document assumes that you are familiar with IPv4. Refer to the publications referenced in the Additional References section for IPv4 configuration and command reference information.

Restrictions for Implementing NetFlow for IPv6

The Cisco IOS SX software release train supports only egress IPv6 netflow.

Information About Implementing NetFlow for IPv6

To configure NetFlow for IPv6 for Cisco IOS software, you should understand the following concept:

NetFlow for IPv6 Environments

NetFlow for IPv6 is based on NetFlow Version 9 and functions by identifying packet flows for ingress IP and IPv6 packets. NetFlow enables you to collect traffic flow statistics on your routing devices and analyze traffic patterns, such as tasks that are used to perform traffic analysis and detect denial of service (DoS) attacks. It does not involve any connection-setup protocol between routers or to any other networking device or end station and does not require any change externally--either to the traffic or packets themselves or to any other networking device.

NetFlow is completely transparent to the existing network, including end stations and application software and network devices such as LAN switches. Also, NetFlow is performed independently on each internetworking device; it need not be operational on each router in the network. You can use NetFlow Data Export (NDE) to export data to a remote workstation for data collection and further processing. Network planners can selectively invoke NDE on a router or on a per-subinterface basis to gain traffic performance, control, or accounting benefits in specific network locations. NetFlow collects accounting information for IPv6 encapsulation and tunnels. If NetFlow capture is configured on a logical interface, IPv6 flows will be reported with that interface as the input or output interface, depending on whether the feature has been activated on the ingress or egress port.

How to Implement NetFlow for IPv6

To configure NetFlow for IPv6, you must define the exporting scheme that will be used to export NetFlow statistics, configure the NetFlow cache, and configure NetFlow on the interfaces from which statistics will be gathered. The tasks required to complete perform these functions are described in the following sections:

Defining the Exporting Scheme Used to Gather NetFlow for IPv6 Statistics

This task describes how to define the exporting scheme that is used to gather NetFlow for IPv6 statistics.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ipv6 flow-export version 9 [origin-as | peer-as] [bgp-nexthop

4.    ipv6 flow-export destination ip-address udp-port

5.    ipv6 flow-export template {refresh-rate packet-refresh-rate | timeout timeout-value

6.    ipv6 flow-export template options {export-stats | refresh-rate packet-refresh-rate | timeout timeout-value

7.    interface type number

8.    ipv6 flow {ingress | egress


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 flow-export version 9 [origin-as | peer-as] [bgp-nexthop


Example:

Router(config)# ipv6 flow-export version 9

 

Enables NetFlow routing.

 
Step 4
ipv6 flow-export destination ip-address udp-port


Example:

Router(config)# ipv6 flow-export destination 10.0.101.254 9991

 

Enables the exporting of information in NetFlow cache entries to a specific address or port.

 
Step 5
ipv6 flow-export template {refresh-rate packet-refresh-rate | timeout timeout-value


Example:

Router(config)# ipv6 flow-export template timeout 60

 

Enables the exporting of information in NetFlow cache entries.

 
Step 6
ipv6 flow-export template options {export-stats | refresh-rate packet-refresh-rate | timeout timeout-value


Example:

Router(config)# ipv6 flow-export template options export-stats

 

Configures templates for IPv6 cache exports.

 
Step 7
interface type number


Example:

Router(config)# interface atm 0

 

Specifies an interface type and number, and places the router in interface configuration mode.

 
Step 8
ipv6 flow {ingress | egress


Example:

Router(config-if)# ipv6 flow ingress

 

(Optional) Enables IPv6 flow capture for incoming (ingress) or outgoing (egress) packets.

Commands for ingress and egress can be specified on the same interface. If a switched packet belongs to a flow that is captured at both ingress and egress, it will be counted twice. This command must be entered on each interface and for each direction in which NetFlow capture is needed.

 

Customizing the NetFlow for IPv6 Cache

Several options are available for configuring and customizing the NetFlow for IPv6 cache:

  • Customize the number of entries in the NetFlow for IPv6 cache
  • Customize the timeout
  • Customize the Multiprotocol Label Switching (MPLS) parameters

These options are described in the following optional task:

Customizing the NetFlow for IPv6 Cache

Normally, the size of the NetFlow for IPv6 cache will meet your needs. However, you can increase or decrease the number of entries maintained in the cache to meet the needs of your NetFlow traffic rates. The default is 64K flow cache entries. Each cache entry requires about 64 bytes of storage. Assuming a cache with the default number of entries, about 4 MB of DRAM would be required. Each time a new flow is taken from the free flow queue, the number of free flows is checked. If only a few free flows remain, NetFlow attempts to age 30 flows using an accelerated timeout. If only 1 free flow remains, NetFlow automatically ages 30 flows regardless of their age. The intent is to ensure that free flow entries are always available.


Caution

Cisco recommends that you not change the number of NetFlow cache entries. Improper use of this feature could cause network problems. To return to the default NetFlow cache entries, use the no ip flow-cache entries global configuration command.

The following task describes how to customize the number of entries in the NetFlow cache.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ipv6 flow-cache entries number

4.    ipv6 flow-cache timeout {active minutes | inactive seconds

5.    ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 flow-cache entries number


Example:

Router(config)# ipv6 flow-cache entries 131072

 

Changes the number of entries maintained in the NetFlow cache.

 
Step 4
ipv6 flow-cache timeout {active minutes | inactive seconds


Example:

Router(config)# ipv6 flow-cache timeout active 10

 

Changes the timeout values for the NetFlow cache.

 
Step 5
ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix


Example:

Router(config)# ipv6 flow-aggregation cache as

 

Configures the aggregation cache configuration scheme.

 

Managing NetFlow for IPv6 Statistics

You can display and clear NetFlow for IPv6 statistics. NetFlow for IPv6 statistics consist of IPv6 packet size distribution, IP flow cache information, and flow information such as the protocol, total flow, and flows per second. The resulting information can be used to determine information about your router traffic.

The following task describes how to manage NetFlow for IPv6 statistics. Use these commands as needed for verification of configuration.

SUMMARY STEPS

1.    enable

2.    show ip cache flow

3.    clear ip flow stats


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
show ip cache flow


Example:

Router# show ip cache flow

 

Displays NetFlow statistics.

 
Step 3
clear ip flow stats


Example:

Router# clear ip flow stats

 

Clears the NetFlow statistics.

 

Configuring an Aggregation Cache for NetFlow for IPv6

The following task describes how to configure an aggregation cache for NetFlow for IPv6.

Before You Begin

To configure an aggregation cache, you must enter aggregation cache configuration mode, and you must decide which type of aggregation scheme you want to configure: Autonomous System, Destination Prefix, Prefix, Protocol Prefix, or Source Prefix aggregation cache. Once you define the aggregation scheme, the following task lets you define the operational parameters for that scheme.


SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ipv6 flow-export destination ip-address udp-port

4.    ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix

5.    cache {entries number | timeout {active minutes | inactive seconds}}

6.    cache {entries number | timeout {active minutes | inactive seconds}}

7.    exit

8.    ipv6 flow-export destination ip-address udp-port


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 flow-export destination ip-address udp-port


Example:

Router(config)# ipv6 flow-export destination 10.42.42.1 9991

 

Enables the exporting of information in NetFlow cache entries to a specific address or port.

 
Step 4
ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix


Example:

Router(config)# ipv6 flow-aggregation cache as

 

Configures the aggregation cache configuration scheme, and places the router in NetFlow aggregation cache configuration mode.

 
Step 5
cache {entries number | timeout {active minutes | inactive seconds}}


Example:

Router(config-flow-cache)# cache entries 2046

 

Specifies the number (in this example, 2046) of cache entries to allocate for the autonomous system aggregation cache.

 
Step 6
cache {entries number | timeout {active minutes | inactive seconds}}


Example:

Router(config-flow-cache)# cache timeout inactive 199

 

Specifies the number of seconds (in this example, 199) that an inactive entry is allowed to remain in the aggregation cache before it is deleted.

 
Step 7
exit


Example:

Router(config-flow-cache)# exit

 

Exits NetFlow aggregation cache configuration mode, and places the router in global configuration mode.

 
Step 8
ipv6 flow-export destination ip-address udp-port


Example:

Router(config)# ipv6 flow-export destination 10.0.101.254 9991

 

Enables the data export.

 

Configuring a NetFlow for IPv6 Minimum Prefix Mask for Router-Based Aggregation

To configure the NetFlow for IPv6 Minimum Prefix Mask for Router-Based Aggregation feature, perform the tasks described in the following sections. Each task is optional.

Configuring the Minimum Mask of a Prefix Aggregation Scheme

The following task describes how to configure the minimum mask of a prefix aggregation scheme.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix

4.    mask {destination | source} minimum value


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix


Example:

Router(config)# ipv6 flow-aggregation cache prefix

 

Configures the aggregation cache configuration scheme, and places the router in NetFlow aggregation cache configuration mode.

 
Step 4
mask {destination | source} minimum value


Example:

Router(config-flow-cache)# mask source minimum value

 

Configures the minimum value for the source mask.

 

Configuring the Minimum Mask of a Destination-Prefix Aggregation Scheme

The following task describes how to configure the minimum mask of a destination-prefix aggregation scheme.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix

4.    mask {destination | source} minimum value


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix


Example:

Router(config)# ipv6 flow-aggregation cache destination-prefix

 

Configures the aggregation cache configuration scheme, and places the router in NetFlow aggregation cache configuration mode.

 
Step 4
mask {destination | source} minimum value


Example:

Router(config-flow-cache)# mask destination minimum 32

 

Configures the minimum value for the destination mask.

 

Configuring the Minimum Mask of a Source-Prefix Aggregation Scheme

The following task describes how to configure the minimum mask of a source-prefix aggregation scheme.


Note
If the minimum mask has not been explicitly configured, no minimum mask information is displayed. The default value of the minimum mask is zero. The configurable range for the minimum mask is from 1 to 32. An appropriate value should be chosen by the user depending on the traffic. A higher value of the minimum mask will provide more detailed network addresses, but it may also result in an increased number of flows in the aggregation cache.
SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix

4.    mask {destination | source} minimum value


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ipv6 flow-aggregation cache {as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix


Example:

Router(config)# ipv6 flow-aggregation cache source-prefix

 

Configures the aggregation cache configuration scheme, and places the router in NetFlow aggregation cache configuration mode.

 
Step 4
mask {destination | source} minimum value


Example:

Router(config-flow-cache)# mask source minimum 5

 

Configures the minimum value for the source mask.

 

Configuration Examples for Implementing NetFlow for IPv6

The section provides the following configuration example:

Configuring NetFlow in IPv6 Environments Example

If you configure the ipv6 flow ingresscommandon a few selected subinterfaces and then configure the ip route-cache flowcommand on the main interface, enabling the main interface will overwrite the ip flow ingress command and data collection will start from the main interface and from all the subinterfaces. In a scenario where you configure the ipv6 flow ingress command and then configure the ip route-cache flow command on the main interface, you can restore subinterface data collection by using the no ip route-cache flow command. This configuration will disable data collection from the main interface and restore data collection to the subinterfaces you originally configured with the ipv6 flow ingress command.

The following example shows how to configure NetFlow on Fast Ethernet subinterface 6/3.0:

Router(config)# interface FastEthernet6/3.0
Router(config-subif)# ipv6 flow ingress

The following example shows the configuration for a loopback source interface. The loopback interface has the IPv6 address 2001:0DB8:1:1:FFFF:FFFF:FFFF:FFFE/64 and is used by the serial interface in slot 5, port 0.

Router# configure terminal
Router(config)# interface loopback 0
Router(config-if)# ipv6 address 2001:0DB8:1:1:FFFF:FFFF:FFFF:FFFE/64
Router(config-if)# exit
Router(config)# interface serial 5/0:0
Router(config-if)# ip unnumbered loopback0
Router(config-if)# encapsulation ppp
Router(config-if)# ipv6 flow cache
Router(config-if)# exit
Router(config)# ipv6 flow-export source loopback 0
Router(config)# exit

Additional References

The following sections provide references related to the Implementing NetFlow for IPv6 feature.

Related Documents

Related Topic

Document Title

Cisco IOS Flexible NetFlow

http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/fnetflow_feat_rdmap.html Cisco IOS Flexible NetFlow Features Roadmap

NetFlow for IPv4 commands: complete command syntax, command mode, defaults, usage guidelines, and examples

Cisco IOS NetFlow Command Reference

NetFlow for IPv6 commands

Cisco IOS IPv6 Command Reference

Standards

Standard

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

MIBs

MIB

MIBs Link

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

--

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport

Feature Information for Implementing NetFlow for IPv6

GUID-2315FE7C-FFFB-4110-95DB-2CC032253DA91 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(2)T or a later release appear in the table.

For information about a feature in this technology that is not documented here, see the Start Here: Cisco IOS Software Release Specifies for IPv6 Features roadmap.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn . You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.


Note
GUID-2315FE7C-FFFB-4110-95DB-2CC032253DA91 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Table 1 Feature Information for Implementing NetFlow for IPv6

Feature Name

Releases

Feature Information

IPv6: NetFlow for IPv6

12.3(7)T 12.4 12.4(2)T

NetFlow for IPv6 enables you to collect traffic flow statistics on your routing devices and analyze traffic patterns, which are used to detect DoS attacks.

The following sections provide information about this feature:

NetFlow: Removal of IPv6 NetFlow

12.4(20)T

This feature was removed.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2011 Cisco Systems, Inc. All rights reserved.