Configuring NetFlow Multicast Accounting

First Published: June 19, 2006
Last Updated: April 21, 2008

This document contains information about and instructions for configuring NetFlow multicast accounting. NetFlow multicast accounting allows you to capture multicast-specific data (both packets and bytes) for multicast flows.

NetFlow is a Cisco IOS application that provides statistics on packets flowing through the router. It is emerging as a primary network accounting and security technology.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Configuring NetFlow Multicast Accounting" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Configuring NetFlow Multicast Accounting

Restrictions for Configuring NetFlow Multicast Accounting

Information About Configuring NetFlow Multicast Accounting

How to Configure NetFlow Multicast Accounting

Configuration Examples for NetFlow Multicast Accounting

Additional References

Glossary

Feature Information for Configuring NetFlow Multicast Accounting

Prerequisites for Configuring NetFlow Multicast Accounting

Before you can configure NetFlow multicast accounting, you must:

Configure the router for IP routing

Configure Multicast fast switching or multicast distributed fast switching (MDFS); multicast Cisco Express Forwarding (CEF) switching is not supported.

Configure Multicast routing.

Configure NetFlow v9 (Version 9) data export (otherwise, multicast data is visible in the cache but is not exported).

Restrictions for Configuring NetFlow Multicast Accounting

Memory Impact

If traffic is heavy, the additional flows might fill the global flow hash table. If you must increase the size of the global flow hash table, you must also add memory to the router.

NetFlow has a maximum cache size of 65,536 flow record entries of 64 bytes each. To deduce the packet-replication factor, multicast accounting adds 16 bytes (for a total of 80 bytes) to each multicast flow record.

Performance Impact

Ingress multicast accounting does not greatly affect performance. Because of the additional accounting-related computation that occurs in the traffic-forwarding path of the router, egress NetFlow multicast accounting might degrade network performance slightly, but it does not limit the functionality of the router.

Multicast Addresses

NetFlow data cannot be exported to multicast addresses.

Information About Configuring NetFlow Multicast Accounting

NetFlow Multicast Benefits

Multicast Ingress and Multicast Egress Accounting

NetFlow Multicast Flow Records

NetFlow Multicast Benefits

NetFlow multicast allows you to capture multicast-specific data (both packets and bytes) for multicast flows. For example, you can capture the packet-replication factor for a specific flow as well as for each outgoing stream. NetFlow multicast provides complete end-to-end usage information about network traffic for a complete multicast traffic billing solution.

You can use NetFlow multicast accounting to identify and count multicast packets on the ingress side or the egress side (or both sides) of a router. Multicast ingress accounting provides information about the source and how many times the traffic was replicated. Multicast egress accounting monitors the destination of the traffic flow.

NetFlow multicast lets you enable NetFlow statistics to account for all packets that fail the reverse path forwarding (RPF) check and that are dropped in the core of the service provider network. Accounting for RPF-failed packets provides more accurate traffic statistics and patterns.

Multicast Ingress and Multicast Egress Accounting

NetFlow multicast lets you select either multicast ingress accounting, in which a replication factor (equal to the number of output interfaces) indicates the load, or multicast egress accounting, in which all outgoing multicast streams are counted as separate streams, or both multicast ingress and multicast egress accounting.

NetFlow multicast lets you collect information about how much data is leaving the interfaces of the router (egress and multicast ingress accounting) or how much multicast data is received (multicast ingress accounting).

On the ingress side, multicast packets are counted as with unicast packets, but with two additional fields (for number of replicated packets and byte count). With multicast ingress accounting, the destination interface field is set to null, and the IP next hop field is set to 0 for multicast flows.

NetFlow Multicast Flow Records

Multicast ingress accounting creates one flow record that indicates how many times each packet is replicated. Multicast egress accounting creates a unique flow record for each outgoing interface.

How to Configure NetFlow Multicast Accounting

Configuring NetFlow Multicast Accounting in Cisco IOS Releases 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, 12.2(33)SB, and Newer Releases

Configuring NetFlow Multicast Accounting in Cisco IOS Releases Prior to 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, and 12.2(33)SB

Verifying the NetFlow Multicast Accounting Configuration (optional)

Configuring NetFlow Multicast Accounting in Cisco IOS Releases 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, 12.2(33)SB, and Newer Releases

Perform the steps in this required task to configure NetFlow multicast accounting.

Prerequisites

You must have already configured IP multicast on the networking devices in your network. See the Cisco IOS IP Multicast Configuration Guide, for more information on configuring IP multicast.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip multicast-routing [vrf vrf-name] [distributed]

4. ip multicast netflow rpf-failure

5. ip multicast netflow output-counters

6. interface type number

7. ip flow ingress

8. end

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:

Router> enable

Enters privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip multicast-routing [vrf vrf-name] [distributed]

Example:

Router(config)# ip multicast-routing

Enables IP multicast routing.

The vrf keyword supports the multicast Virtual Private Network (VPN) routing/forwarding instance (VRF).

The vrf-name argument is the name assigned to the VRF.

The distributed keyword enables Multicast Distributed Switching (MDS).

Step 4 

ip multicast netflow rpf-failure

Example:

Router(config)# ip multicast netflow rpf-failure

Enables accounting for multicast data that fails the RPF check.

Step 5 

ip multicast netflow output-counters

Example:

Router(config)# ip multicast netflow output-counters

Enables accounting for the number of bytes and packets forwarded.

Step 6 

interface type number

Example:

Router(config)# interface fastethernet 0/0

Specifies the interface and enters interface configuration mode.

Step 7 

ip flow ingress

Example:

Router(config-if)# ip flow ingress

Enables NetFlow ingress accounting.

Step 8 

end

Example:

Router(config-if)# end

Exits the current configuration mode and returns to privileged EXEC mode.

Troubleshooting Tips

If there are no multicast flow records in the NetFlow cache, check the multicast switching counters for the existence of process-switched packets (NetFlow exports only fast-switched or MDFS-switched packets). If process-switched packets are present, check the MDFS routing table to help determine potential problems.

Configuring NetFlow Multicast Accounting in Cisco IOS Releases Prior to 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, and 12.2(33)SB

Configuring NetFlow Multicast Egress Accounting

Configuring NetFlow Multicast Ingress Accounting

Configuring NetFlow Multicast Egress Accounting

Perform the steps in this required task to configure NetFlow multicast egress accounting.

Prerequisites

You must have already configured IP multicast on the networking devices in your network. See the Cisco IOS IP Multicast Configuration Guide, for more information on configuring IP multicast.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip multicast-routing [vrf vrf-name] [distributed]

4. ip multicast netflow rpf-failure

5. interface type number

6. ip multicast netflow egress

7. end

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:

Router> enable

Enters privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip multicast-routing [vrf vrf-name] [distributed]

Example:

Router(config)# ip multicast-routing


Enables IP multicast routing.

The vrf keyword supports the multicast Virtual Private Network (VPN) routing/forwarding instance (VRF).

The vrf-name argument is the name assigned to the VRF.

The distributed keyword enables Multicast Distributed Switching (MDS).

Step 4 

ip multicast netflow rpf-failure

Example:

Router(config)# ip multicast netflow rpf-failure

Enables accounting for multicast data that fails the RPF check.

Step 5 

interface type number

Example:

Router(config)# interface fastethernet 0/0

Specifies the interface and enters interface configuration mode.

Step 6 

ip multicast netflow egress

Example:

Router(config-if)# ip multicast netflow egress

Enables NetFlow multicast egress accounting.

Step 7 

end

Example:

Router(config-if)# end

Exits the current configuration mode and returns to privileged EXEC mode.

Troubleshooting Tips

If there are no multicast flow records in the NetFlow cache, check the multicast switching counters for the existence of process-switched packets (NetFlow exports only fast-switched or MDFS-switched packets). If process-switched packets are present, check the MDFS routing table to help determine potential problems.

Configuring NetFlow Multicast Ingress Accounting

Perform the steps in this required task to configure NetFlow multicast ingress accounting.

Multicast ingress NetFlow accounting is enabled by default.

Prerequisites

You must have already configured IP multicast on the networking devices in your network. See the Cisco IOS IP Multicast Configuration Guide, for more information on configuring IP multicast.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip multicast-routing [vrf vrf-name] [distributed]

4. ip multicast netflow rpf-failure

5. interface type number

6. ip multicast netflow ingress

7. end

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:

Router> enable

Enters privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip multicast-routing [vrf vrf-name] [distributed]

Example:

Router(config)# ip multicast-routing


Enables IP multicast routing.

The vrf keyword supports the multicast VRF.

The vrf-name argument is the name assigned to the VRF.

The distributed keyword enables Multicast Distributed Switching (MDS).

Step 4 

ip multicast netflow rpf-failure

Example:

Router(config)# ip multicast netflow rpf-failure

Enables accounting for multicast data that fails the RPF check.

Step 5 

interface type number

Example:

Router(config)# interface fastethernet 0/0

Specifies the interface and enters interface configuration mode.

Step 6 

ip multicast netflow ingress

Example:

Router(config-if)# ip multicast netflow ingress

Enables NetFlow multicast ingress accounting.

Step 7 

end

Example:

Router(config-if)# end

Exits the current configuration mode and returns to privileged EXEC mode.

Troubleshooting Tips

If there are no multicast flow records in the NetFlow cache, check the multicast switching counters for the existence of process-switched packets (NetFlow exports only fast-switched or MDFS-switched packets). If process-switched packets are present, check the MDFS routing table to help determine potential problems.

Verifying the NetFlow Multicast Accounting Configuration

Perform the steps in this optional task to verify the NetFlow multicast accounting configuration.

SUMMARY STEPS

1. enable

2. show ip cache verbose flow

DETAILED STEPS

Step 1 enable

Use this command to enable privileged EXEC mode. Enter your password if required. For example: 

Router> enable

Router#

Step 2 show ip cache verbose flow

Use this command to verify that NetFlow multicast accounting is configured. Look for the two additional fields related to multicast data, that is, the number of IP multicast output packet and byte counts. For example: 

Router# show ip cache verbose flow


IP packet size distribution (5149 total packets):

   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480

   .997 .002 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000


    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608

   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000


IP Flow Switching Cache, 278544 bytes

  2 active, 4094 inactive, 14 added

  468 ager polls, 0 flow alloc failures

  Active flows timeout in 30 minutes

  Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 25800 bytes

  1 active, 1023 inactive, 1 added, 1 added to flow

  0 alloc failures, 0 force free

  1 chunk, 1 chunk added

  last clearing of statistics never

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

UDP-other           12      0.0         1    52      0.0       0.1      15.6

Total:              12      0.0         1    52      0.0       0.1      15.6


SrcIf          SrcIPaddress    DstIf          DstIPaddress    Pr TOS Flgs  Pkts

Port Msk AS                    Port Msk AS    NextHop              B/Pk  Active

IPM: OPkts    OBytes   

Et0/0          10.1.1.1        Null           224.192.16.1    01 55  10    5164 

0000 /0  0                     0000 /0  0     0.0.0.0                20   262.8

IPM:    15K    309K 

Et0/0          10.1.1.1        Null           255.255.255.255 11 C0  10       1 

0208 /0  0                     0208 /0  0     0.0.0.0                52     0.0

Router#

The Opkts column displays the number of IP multicast (IPM) output packets, the OBytes column displays the number of IPM output bytes, and the DstIPaddress column displays the destination IP address for the IPM output packets.

Configuration Examples for NetFlow Multicast Accounting

Configuring NetFlow Multicast Accounting in Cisco IOS Releases 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, 12.2(33)SB, and Newer Releases

Configuring NetFlow Multicast Accounting in Cisco IOS Releases Prior to 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, and 12.2(33)SB

Configuring NetFlow Multicast Accounting in Cisco IOS Releases 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, 12.2(33)SB, and Newer Releases

The following example shows how to configure multicast NetFlow accounting: 

configure terminal

 ip multicast-routing

 ip multicast netflow rpf-failure

 ip multicast netflow output-counters

!

interface ethernet 0/0

 ip flow ingress

 end

Configuring NetFlow Multicast Accounting in Cisco IOS Releases Prior to 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, and 12.2(33)SB

Configuring NetFlow Multicast Egress Accounting: Example

Configuring NetFlow Multicast Ingress Accounting: Example

Configuring NetFlow Multicast Egress Accounting: Example

The following example shows how to configure multicast egress NetFlow accounting on the egress Ethernet 0/0 interface: 

configure terminal

 ip multicast-routing

 ip multicast netflow rpf-failure


!

interface ethernet 0/0

 ip multicast netflow egress

 end

Configuring NetFlow Multicast Ingress Accounting: Example

The following example shows how to configure multicast ingress NetFlow accounting on the ingress Ethernet 1/0 interface: 

configure terminal

 ip multicast-routing

 ip multicast netflow rpf-failure


!

interface ethernet 1/0

 ip multicast netflow ingress

 end

Additional References

Related Documents

Related Topic
Document Title

Overview of Cisco IOS NetFlow

Cisco IOS NetFlow Overview

List of the features documented in the Book Title configuration guide

Cisco IOS NetFlow Features Roadmap

The minimum information about and tasks required for configuring NetFlow and NetFlow Data Export

Getting Started with Configuring NetFlow and NetFlow Data Export

Tasks for configuring NetFlow to capture and export network traffic data

Configuring NetFlow and NetFlow Data Export

Tasks for configuring Configuring MPLS Aware NetFlow

Configuring MPLS Aware NetFlow

Tasks for configuring MPLS egress NetFlow accounting

Configuring MPLS Egress NetFlow Accounting and Analysis

Tasks for configuring NetFlow input filters

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

Tasks for configuring Random Sampled NetFlow

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

Tasks for configuring NetFlow aggregation caches

Configuring NetFlow Aggregation Caches

Tasks for configuring NetFlow BGP next hop support

Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Tasks for detecting and analyzing network threats with NetFlow

Detecting and Analyzing Network Threats With NetFlow

Tasks for configuring NetFlow Reliable Export With SCTP

NetFlow Reliable Export With SCTP

Tasks for configuring NetFlow Layer 2 and Security Monitoring Exports

NetFlow Layer 2 and Security Monitoring Exports

Tasks for configuring the SNMP NetFlow MIB

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Tasks for configuring the NetFlow MIB and Top Talkers feature

Configuring NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands

Information for installing, starting, and configuring the CNS NetFlow Collection Engine

Cisco CNS NetFlow Collection Engine Documentation


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

No new or modified MIBS are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Feature Information for Configuring NetFlow Multicast Accounting

Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(1) or 12.0(3)S or a later release appear in the table.

Not all commands may be available in your Cisco IOS software release. For details on when support for a specific command was introduced, see the command reference documentation.

For information on a feature in this technology that is not documented here, see the "Cisco IOS NetFlow Features Roadmap" module.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 1 Feature Information for Configuring NetFlow Multicast Accounting 

Feature Name
Releases
Feature Configuration Information

NetFlow Multicast Support

12.3(1), 12.2(18)S, 12.2(27)SBC,
12.2(33)SXF,
12.2(33)SRB

The NetFlow Multicast Support feature lets you capture multicast-specific data (both packets and bytes) for multicast flows. For example, you can capture the packet-replication factor for a specific flow as well as for each outgoing stream. This feature provides complete end-to-end usage information about network traffic for a complete multicast traffic billing solution.

The following sections provide information about this feature:

NetFlow Multicast Benefits

Multicast Ingress and Multicast Egress Accounting

NetFlow Multicast Flow Records

Configuring NetFlow Multicast Accounting in Cisco IOS Releases 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, 12.2(33)SB, and Newer Releases

Configuring NetFlow Multicast Accounting in Cisco IOS Releases Prior to 12.4(12), 12.4(11)T, 12.2(33)SRB, 12.2(33)SXH, and 12.2(33)SB

Verifying the NetFlow Multicast Accounting Configuration

The following commands were introduced by this feature: ip multicast netflow egress, ip multicast netflow ingress, and ip multicast netflow rpf-failure.

NetFlow Multicast Support1

12.4(11)T, 12.4(12), 12.(33)SRB, 12.2(33)SB,
12.2(33)SXH

The ip multicast netflow [ingress | egress] interface configuration command was replaced by the ip multicast netflow output-counters global configuration command.

1 This was a minor modification to the existing NetFlow Multicast Support feature. Minor feature modifications are not included in Feature Navigator.


Glossary

CEF—Cisco Express Forwarding. A Layer 3 IP switching technology that optimizes network performance and scalability for networks with large and dynamic traffic patterns.

dCEF—distributed Cisco Express Forwarding. A type of CEF switching in which line cards (such as Versatile Interface Processor (VIP) line cards) maintain identical copies of the forwarding information base (FIB) and adjacency tables. The line cards perform the express forwarding between port adapters; this relieves the Route Switch Processor of involvement in the switching operation.

egress traffic—Traffic leaving the network.

fast switching—Cisco feature in which a route cache is used for expediting packet switching through a router.

ingress traffic—Traffic entering the network.

multicast data—Single packets copied by the network and sent to a specific subset of network addresses. These addresses are specified in the Destination Address field.

NetFlow—A Cisco IOS application that provides statistics on packets flowing through the router. It is emerging as a primary network accounting and security technology.

NetFlow Aggregation—A NetFlow feature that lets you summarize NetFlow export data on an IOS router before the data is exported to a NetFlow data collection system such as the NetFlow Collection Engine. This feature lowers bandwidth requirements for NetFlow export data and reduces platform requirements for NetFlow data collection devices.

NetFlow Collection Engine (formerly called NetFlow FlowCollector)—A Cisco application that is used with NetFlow on Cisco routers and Catalyst series switches. The NetFlow Collection Engine collects packets from the router that is running NetFlow and decodes, aggregates, and stores them. You can generate reports on various aggregations that can be set up on the NetFlow Collection Engine.

NetFlow v9—NetFlow export format Version 9. A flexible and extensible means for carrying NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.

RPF—Reverse Path Forwarding. Multicasting technique in which a multicast datagram is forwarded out of all but the receiving interface if the receiving interface is the one used to forward unicast datagrams to the source of the multicast datagram.

ToS byte—type of service byte. Second byte in the IP header that indicates the desired quality of service (QoS) for a particular datagram.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2008 Cisco Systems, Inc. All rights reserved.