Netflow Supported Features

In-line Modification of Netflow Configuration

The In-line modification of Netflow configuration enables to add or remove flow attributes of a flow entity that is already applied to an interface.

A flow entity can be a monitor map, exporter map or a sampler map.

Netflow does not support in-line modification of all its configuration items. This table lists flow entries and flow attributes that are in-line modifiable.


Note

In-line modification of flow items clears the cache counters. As a result there could be flow accounting mismatch.
Table 1. In-line Modifiable Flow Entities and Flow Attributes

Flow Entity

Flow Attribute

Monitor map

Note

 

Any modification to the cache attributes results in resetting of the cache counters. The cache flows are dropped not exported.

cache timeout active seconds

cache timeout inactive seconds

cache timeout update seconds

cache timeout rate-limit seconds

exporter

cache entries

cache permanent

option outphysint | bgstrings

Note

 

This flow attribute is not supported on Cisco NCS 540 Router.

Exporter Map

Note

 

Any modification to an exporter map results in resetting of the exporter counter.

source <source interface>

destination <destinaiton address>

dscp <dscp_value>

version v9 | ipfix

Sampler Map

sampling interval

Restriction

  • In-line modification of the record ipv4 flow attribute is not supported.

Use Case

Consider a netflow configuration as shown below applied on Bundle interface. 

RP/0/RP1/CPU0:router#show running-config interface bundle-ether 8888
Thu Oct 26 14:17:17.459 UTC
interface Bundle-Ether8888
ipv4 address 192.168.108.1 255.255.255.252
 ipv6 address 192:168:108::1/126
flow ipv6 monitor MONITOR-8k sampler SAMPLER-8k ingress
!
RP/0/RP1/CPU0:router#show running-config flow monitor-map MONITOR-8k
Thu Oct 26 14:17:32.581 UTC
flow monitor-map MONITOR-8k
 record ipv6
 exporter NF-2
 cache timeout update 30
!

The Netflow configuration includes:

  • flow monitor map—MONITOR-8k: The flow monitor map do not have cache entries configured. Cache entries are the number of entries in the flow cache.

  • exporter map—NF-2

  • sampler map—SAMPLE-8k

The cache entries attribute is in-line modifiable. Let us configure the cache entries, while the flow monitor map is in use: 


RP/0/RP1/CPU0:router#config
RP/0/RP1/CPU0:router(config)#flow monitor-map MONITOR-8k
RP/0/RP1/CPU0:router(config-fmm)#cache entries 8000
RP/0/RP1/CPU0:router(config-fmm)#commit
Thu Oct 26 14:18:24.625 UTC
RP/0/RP1/CPU0:Oct 26 14:18:24.879 : config[67366]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user '<username>'. 
Use 'show configuration commit changes 1000000556' to view the changes.  /*configuration commit is successfull. */

The above configuration changes are committed successfully.

Verification

To verify if the monitor map has chache entries of 8000 configured, use the show flow monitor-map command for MONITOR-8k map: 


RP/0/RSP0/CPU0:router# show flow monitor-map MONITOR-8k

Flow Monitor Map : MONITOR-8k
-------------------------------------------------
Id:                1
RecordMapName:     ipv6
ExportMapName:     NF-2
CacheAgingMode:    Permanent
CacheMaxEntries:   8000
CacheActiveTout:   N/A
CacheInactiveTout: N/A
CacheUpdateTout:   30 seconds

Options Template Overview

NetFlow version 9 is a template-based version. The templates provide an extensible design to the record format. This feature allows enhancements to NetFlow services without requiring concurrent changes to the basic flow-record format. An options template is a special type of template record that is used to communicate the format of data related to the NetFlow process. Rather than supplying information about IP flows, the options are used to supply metadata about the NetFlow process itself. The sampler options template and the interface options template are different forms of options templates. These two tables are exported by the NetFlow process. The NetFlow process will also export the VRF table.

Sampler Table

The sampler options template consists of sampler tables. Similarly, the interface option templates consist of interface tables. By enabling the options for sampler table and interface table, it becomes easier for the collector to determine the information on data flow.

The sampler table consists of information on the active samplers. It is used by the collector to estimate the sampling rate for each data flow. The sampler table consists of the following information for each sampler:
Field Name Value

FlowSamplerID

This ID is assigned to the sampler. It is used by the collector to retrieve information about the sampler for a data flow record.

FlowSamplerMode

This field indicates the mode in which the sampling has been performed.

FlowSamplerRandomInterval

This field indicates the rate at which the sampling is performed.

SamplerName

This field indicates the name of the sampler.

Interface Table

The interface table consists of information on interfaces that are being monitored for data flow. By using this information, the collector determines the names of interfaces associated with the data flow. The interface table consists of the following information:

Field Name Value

ingressInterface

This field indicates the SNMP index assigned to the interface. By matching this value to the Ingress interface in the data flow record, the collector is able to retrieve the name of the interface.

interfaceDescription

This field indicates the name of the interface.

VRF Table

The VRF table consists of mapping of VRF IDs to the VRF names. By using this information, the collector determines the name of the required VRF. The VRF table consists of the following information:

Field Name Value

ingressVRFID

The identifier of the VRF with the name in the VRF-Name field.

VRF-Name

The VRF name which has the VRFID value ingressVRFID. The value "default" indicates that the interface is not assigned explicitly to a VRF.

The data records contain ingressVRFID as an extra field in each record. The values of these fields are used to lookup the VRF Table to find the VRF names. A value 0 in these fields indicates that the VRF is unknown.

The VRF table is exported at intervals specified by the optional timeout keyword that can be configured manually. The default value is 1800 seconds.

Information About Configuring NetFlow

Information About Configuring NetFlow

NetFlow Configuration Submodes

In Cisco IOS XR Software, NetFlow map configuration takes place in map-specific submodes. Cisco IOS XR Software supports these NetFlow map configuration submodes:


Note

The Cisco IOS XR Software allows you to issue most commands available under submodes as one single command string from mode. For example, you can issue the record ipv4 command from the flow monitor map configuration submode as follows: 


RP/0/RP0/CPU0:router(config)# flow monitor-map fmm
RP/0/RP0/CPU0:router(config-fmm)# record ipv4

Alternatively, you can issue the same command from global configuration mode, as shown in the following example: 


RP/0/RP0/CPU0:router(config)# flow monitor-map fmm record ipv4
Flow Monitor Map Configuration Submode

When you issue the flow monitor-map map_name command in mode, the CLI prompt changes to “config-fmm,” indicating that you have entered the flow monitor map configuration submode.

In this sample output, the question mark (?) online help function displays all the commands available under the flow monitor map configuration submode: 


RP/0/RP0/CPU0:router(config)# flow monitor-map fmm

RP/0/RP0/CPU0:router(config-fmm)# ?

cache     Specify flow cache attributes
commit    Commit the configuration changes to running
describe  Describe a command without taking real actions
do        Run an exec command
exit      Exit from this submode
exporter  Specify flow exporter map name
no        Negate a command or set its defaults
record    Specify a flow record map name
show      Show contents of configuration
Flow Exporter Map Version Configuration Submode

When you issue the version v9 command in the flow exporter map configuration submode, the CLI prompt changes to “config-fem-ver,” indicating that you have entered the flow exporter map version configuration submode.

In this sample output, the question mark (?) online help function displays all the commands available under the flow exporter map version configuration submode: 


RP/0/RP0/CPU0:router(config-fem)# version v9

RP/0/RP0/CPU0:router(config-fem-ver)# ?

commit    Commit the configuration changes to running
describe  Describe a command without taking real actions
do        Run an exec command
exit      Exit from this submode
no        Negate a command or set its defaults
options   Specify export of options template
show      Show contents of configuration
template  Specify template export parameters
Flow Monitor Map Configuration Submode

When you issue the flow monitor-map map_name command in mode, the CLI prompt changes to “config-fmm,” indicating that you have entered the flow monitor map configuration submode.

In this sample output, the question mark (?) online help function displays all the commands available under the flow monitor map configuration submode: 


RP/0/RP0/CPU0:router(config)# flow monitor-map fmm

RP/0/RP0/CPU0:router(config-fmm)# ?

cache     Specify flow cache attributes
commit    Commit the configuration changes to running
describe  Describe a command without taking real actions
do        Run an exec command
exit      Exit from this submode
exporter  Specify flow exporter map name
no        Negate a command or set its defaults
record    Specify a flow record map name
show      Show contents of configuration
Sampler Map Configuration Submode

When you issue the sampler-map map_name command in mode, the CLI prompt changes to “config-sm,” indicating that you have entered the sampler map configuration submode.

In this sample output, the question mark (?) online help function displays all the commands available under the sampler map configuration submode: 


RP/0/RP0/CPU0:router(config)# sampler-map fmm

RP/0/RP0/CPU0:router(config-sm)# ?
clear     Clear the uncommitted configuration
clear     Clear the configuration
commit    Commit the configuration changes to running
describe  Describe a command without taking real actions
do        Run an exec command
exit      Exit from this submode
no        Negate a command or set its defaults
pwd       Commands used to reach current submode
random    Use random mode for sampling packets
root      Exit to the global configuration mode
show      Show contents of configuration
Enabling the NetFlow BGP Data Export Function

Use the bgp attribute-download command to enable NetFlow BGP routing attribute collection. The routing attributes are then exported. When no routing attributes are collected, zeroes (0) are exported.

When BGP attribute download is enabled, BGP downloads the attribute information for prefixes (community, extended community, and as-path) to the Routing Information Base (RIB) and Forwarding Information Base (FIB). This enables FIB to associate the prefixes with attributes and send the NetFlow statistics along with the associated attributes.

MPLS Flow Monitor with IPv4 and IPv6 Support

Cisco IOS XR Software supports the NetFlow collection of MPLS packets. It also supports the NetFlow collection of MPLS packets carrying IPv4, IPv6, or both IPv4 and IPv6 payloads.

MPLS Cache Reorganization to Support Both IPv4 and IPv6

In Cisco IOS XR Software, at a time, you can have only one MPLS flow monitor running on an interface. If you apply an additional MPLS flow monitor to the interface, the new flow monitor overwrites the existing one.

You can configure the MPLS flow monitor to collect IPv4 fields, IPv6 fields, or IPv4-IPv6 fields. IPv4-IPv6 configuration collects both IPv4 and IPv6 addresses using one MPLS flow monitor. IPv4 configuration collects only IPv4 addresses. IPv6 configuration collects only IPv6 addresses.

The MPLS flow monitor supports up to 1,000,000 cache entries. NetFlow entries include these types of fields:

  • IPv4 fields

  • IPv6 fields

  • MPLS with IPv4 fields

  • MPLS with IPv6 fields

The maximum number of bytes per NetFlow cache entry is as follows:

  • IPv4–88 bytes per entry

  • IPv6–108 bytes per entry

  • MPLS with IPv4 fields–108 bytes per entry

  • MPLS with IPv6 fields–128 bytes per entry


Note

The different types of NetFlow entries are stored in separate caches. Consequently, the number of NetFlow entries on a line card can significantly impact the amount of available memory on the line card. Also, even though the sampling rate for IPv6 is the same as the sampling rate for IPv4, the CPU utilization for IPv6 is higher due to the longer keys used by the IPv6 fields.

MPLS Packets with IPv6 Flows
Table 2. Feature History Table

Feature Name

Release Information

Feature Description
MPLS top label type 4 for BGP Labeled Unicast traffic Release 7.4.1

This feature is an enhancement to how Netflow MPLS records are verified. This feature allows the user to analyze the traffic types by providing more visibility on the granularity of the information. This feature helps you to monitor the traffic data.

This feature introduces the new MPLS label type BGP. This label type is a field in the MPLS label that identifies the control protocol which allocates the top-of-stack label. MPLS label types enable verification of Netflow MPLS records.

The collection of IPv6 flows in MPLS packets is an option. The CPU uses 128 bytes for each IPv6 field. IPv6 flows may contain these types of information:

  • Source IP address

  • Destination IP address

  • Traffic class value

  • Layer 4 protocol number

  • Layer 4 source port number

  • Layer 4 destination port number

  • Flow ID

  • Header option mask

To collect the IPv6 fields in MPLS packets, you must activate the MPLS record type, ipv6-fields by running the record mpls ipv6-fields command. You can also specify the number of labels to be used for aggregation with this command.

Monitor GTP-U Traffic in 5G Network

Table 3. Feature History Table

Feature Name

Release Information

Feature Description

Monitor GTP-U Traffic in 5G Network

Release 24.2.1

You now get a comprehensive view of your 5G network's performance and gain detailed insights into slice utilization, deployed QoS policies, and their impact on traffic. This includes verifying deployed QoS policies, assessing 5G slice mechanisms, and tracking GTP-U endpoints for specific applications. This feature specifically applies to 5G network slicing when the GTP User Plane carries data within the core network and to the radio access network. This is achieved by exporting GTP-U related Information Elements using Netflow and IPFIX records to collectors for analysis.

This feature introduces these changes:

CLI:

Cisco 8000 routers introduces the capability to monitor the performance of GTP-U traffic in 5G networks. This feature utilizes Netflow and IPFIX to collect and analyze traffic data, offering valuable insights into network performance and facilitating effective management of 5G network traffic.

Starting from IOS-XR software release 24.2.1, three new GTP-U related information elements can be gathered in Netflow and IPFIX records for both IPv4 and IPv6 traffic. This advancement allows administrators to optimize the performance and security of their 5G networks.

The newly introduced information elements are as follows:

IE Field

IE Number

GTP_TEID

507

GTP_QFI

509

GTP_SESS_DIR

510

IE number, or Information Element Number, is a unique identifier assigned to specific elements within network communication protocols, facilitating standardized interpretation and management. For more information, refer IP Flow Information Export (IPFIX) Entities.

Benefits of GTP-U Traffic Monitoring

The following are some of the key benefits of enabling GTP-U traffic monitoring on your router.

  • Monitor Network Slicing: 5G network slicing enables the creation of dedicated virtual networks with specific functionalities. By exporting GTP traffic records, you can conduct detailed analysis of the traffic within each slice, ensuring optimal performance and resource allocation.

  • Flexible Deployment: GTP-U monitoring can be implemented on any network node where the outermost traffic encapsulation utilizes the GTP protocol. This capability can be activated to monitor traffic at various strategic points across the network infrastructure.

  • IPv6 Support for 5G Deployments: With the expansion of 5G networks, there’s an increasing use of IPv6, especially in scenarios where 5G base stations (gNodeBs) connect to User Plane Functions (UPFs) using IPv6. This feature ensures that flow records for such IPv6 GTP-U traffic can be captured and exported effectively.

GTP-U Traffic Record Templates

This section provides you with all the record template options available for monitoring GTP-U traffic.

IPv4-GTP-IPv4 Record

This record captures GTP-U traffic details between IPv4 interfaces, essential for monitoring and optimizing IPv4 5G network performance.

S.No IPFIX NetFlow V9
IE # Field

Size

(Bytes)

 IE # Field

Size

(Bytes)
46 256 V9_ETH_TYPE 2 256 V9_ETH_TYPE 2
47 243 V9_DOT1Q_VLAN_ID 2 243 V9_DOT1Q_VLAN_ID 2
48 245 V9_DOT1Q_CUST_VLAN_ID 2 245 V9_DOT1Q_CUST_VLAN_ID 2
49 244 V9_DOT1Q_PRIORITY 1 244 V9_DOT1Q_PRIORITY 1
50 198 IN_BYTES_DELTA 8 444 V9_AS_PATH 128
1 2 V9_IN_PKTS 8 2 V9_IN_PKTS 4
2 1 V9_IN_BYTES 8 1 V9_IN_BYTES 4
3 10 V9_INPUT_SNMP 4 10 V9_INPUT_SNMP 4
4 14 V9_OUTPUT_SNMP 4 14 V9_OUTPUT_SNMP 4
5 22 V9_FIRST_SWITCHED 4 22 V9_FIRST_SWITCHED 4
6 21 V9_LAST_SWITCHED 4 21 V9_LAST_SWITCHED 4
7 89 V9_FORWARDING_STATUS 4 89 V9_FORWARDING_STATUS 1
8 61 V9_DIRECTION 1 61 V9_DIRECTION 1
9 302 SELECTOR_ID 4 48 V9_FLOW_SAMPLER_ID 2
10 234 V9_VRF_ID_INPUT 4 234 V9_VRF_ID_INPUT 4
11 235 V9_VRF_ID_OUTPUT 4 235 V9_VRF_ID_OUTPUT 4
12 55 V9_POST_QOS_TOS 1 55 V9_POST_QOS_TOS 1
13 8 V9_IPV4SRCADDR 4 8 V9_IPV4SRCADDR 4
14 12 V9_IPV4DSTADDR 4 12 V9_IPV4DSTADDR 4
15 7 V9_SRC_PORT 2 7 V9_SRC_PORT 2
16 11 V9_DST_PORT 2 11 V9_DST_PORT 2
17 9 V9_SRC_MASK 1 9 V9_SRC_MASK 1
18 13 V9_DST_MASK 1 13 V9_DST_MASK 1
19 4 V9_PROT 1 4 V9_PROT 1
20 6 V9_TCP_FLAGS 2 6 V9_TCP_FLAGS 1
21 5 V9_TOS 1 5 V9_TOS 1
22 52 V9_MIN_TTL 1 52 V9_MIN_TTL 1
23 53 V9_MAX_TTL 1 53 V9_MAX_TTL 1
24 54 V9_IP_IDENT 4 54 V9_IP_IDENT 4
25 197 IPFIX_FRAG_FLAGS 1 197 IPFIX_FRAG_FLAGS 1
26 88 V9_FRAGMENT_OFFSET 2 88 V9_FRAGMENT_OFFSET 2
27 184 IPFIX_TCP_SEQ_NUM 4 184 IPFIX_TCP_SEQ_NUM 4
28 25 V9_MIN_PKT_LEN 8 25 V9_MIN_PKT_LEN 8
29 26 V9_MAX_PKT_LEN 8 26 V9_MAX_PKT_LEN 8
30 503 IPFIX_L4_CHECKSUM 2 503 IPFIX_L4_CHECKSUM 2
31 504 IPFIX_ICMP_8_BYTES 8 504 IPFIX_ICMP_8_BYTES 8
32 507 GTP_TEID 4 507 GTP_TEID 4
33 509 GTP_QFI 1 509 GTP_QFI 1
34 510 GTP_SESS_DIR 1 510 GTP_SESS_DIR 1
35 8 V9_IPV4SRCADDR 4 8 V9_IPV4SRCADDR 4
36 12 V9_IPV4DSTADDR 4 12 V9_IPV4DSTADDR 4
37 5 V9_TOS 1 5 V9_TOS 1
38 16 V9_SRC_AS 4 16 V9_SRC_AS 4
39 17 V9_DST_AS 4 17 V9_DST_AS 4
40 18 V9_BGP_IPV4_NEXT_HOP 4 18 V9_BGP_IPV4_NEXT_HOP 4
41 63 V9_BGP_IPV6_NEXT_HOP 16 63 V9_BGP_IPV6_NEXT_HOP 16
42 15 V9_IPV4_NEXT_HOP 4 15 V9_IPV4_NEXT_HOP 4
43 62 V9_IPV6_NEXT_HOP 16 62 V9_IPV6_NEXT_HOP 16
44 56 V9_IN_SRC_MAC 6 56 V9_IN_SRC_MAC 6
45 80 V9_IN_DST_MAC 6 80 V9_IN_DST_MAC 6
46 256 V9_ETH_TYPE 2 256 V9_ETH_TYPE 2
47 243 V9_DOT1Q_VLAN_ID 2 243 V9_DOT1Q_VLAN_ID 2
48 245 V9_DOT1Q_CUST_VLAN_ID 2 245 V9_DOT1Q_CUST_VLAN_ID 2
49 244 V9_DOT1Q_PRIORITY 1 244 V9_DOT1Q_PRIORITY 1
50 198 IN_BYTES_DELTA 8 444 V9_AS_PATH 128
51 445 V9_STD_COMM 128

IPv4-GTP-IPv6 Record

This record monitors GTP-U traffic that starts in an IPv4 network and transitions into an IPv6 network, aiding in cross-network compatibility analysis.

S.No IPFIX NetFlow V9
IE # Field

Size

(Bytes)

 IE # Field

Size

(Bytes)
1 2 V9_IN_PKTS 8 2 V9_IN_PKTS 4
2 1 V9_IN_BYTES 8 1 V9_IN_BYTES 4
3 10 V9_INPUT_SNMP 4 10 V9_INPUT_SNMP 4
4 14 V9_OUTPUT_SNMP 4 14 V9_OUTPUT_SNMP 4
5 22 V9_FIRST_SWITCHED 4 22 V9_FIRST_SWITCHED 4
6 21 V9_LAST_SWITCHED 4 21 V9_LAST_SWITCHED 4
7 89 V9_FORWARDING_STATUS 4 89 V9_FORWARDING_STATUS 1
8 61 V9_DIRECTION 1 61 V9_DIRECTION 1
9 302 SELECTOR_ID 4 48 V9_FLOW_SAMPLER_ID 2
10 234 V9_VRF_ID_INPUT 4 234 V9_VRF_ID_INPUT 4
11 235 V9_VRF_ID_OUTPUT 4 235 V9_VRF_ID_OUTPUT 4
12 55 V9_POST_QOS_TOS 1 55 V9_POST_QOS_TOS 1
13 27 V9_IPV6_SRC_ADDR 16 27 V9_IPV6_SRC_ADDR 16
14 28 V9_IPV6_DST_ADDR 16 28 V9_IPV6_DST_ADDR 16
15 31 V9_FLOW_LABEL 4 31 V9_FLOW_LABEL 3
16 64 V9_IPV6_OPTION_HEADERS 4 64 V9_IPV6_OPTION_HEADERS 4
17 7 V9_SRC_PORT 2 7 V9_SRC_PORT 2
18 11 V9_DST_PORT 2 11 V9_DST_PORT 2
19 30 V9_IPV6_DST_MASK 1 30 V9_IPV6_DST_MASK 1
20 29 V9_IPV6_SRC_MASK 1 29 V9_IPV6_SRC_MASK 1
21 4 V9_PROT 1 4 V9_PROT 1
22 6 V9_TCP_FLAGS 2 6 V9_TCP_FLAGS 1
23 5 V9_TOS 1 5 V9_TOS 1
24 52 V9_MIN_TTL 1 52 V9_MIN_TTL 1
25 53 V9_MAX_TTL 1 53 V9_MAX_TTL 1
26 54 V9_IP_IDENT 4 54 V9_IP_IDENT 4
27 197 IPFIX_FRAG_FLAGS 1 197 IPFIX_FRAG_FLAGS 1
28 88 V9_FRAGMENT_OFFSET 2 88 V9_FRAGMENT_OFFSET 2
29 184 IPFIX_TCP_SEQ_NUM 4 184 IPFIX_TCP_SEQ_NUM 4
30 25 V9_MIN_PKT_LEN 8 25 V9_MIN_PKT_LEN 8
31 26 V9_MAX_PKT_LEN 8 26 V9_MAX_PKT_LEN 8
32 503 IPFIX_L4_CHECKSUM 2 503 IPFIX_L4_CHECKSUM 2
33 504 IPFIX_ICMP_8_BYTES 8 504 IPFIX_ICMP_8_BYTES 8
34 507 GTP_TEID 4 507 GTP_TEID 4
35 509 GTP_QFI 1 509 GTP_QFI 1
36 510 GTP_SESS_DIR 1 510 GTP_SESS_DIR 1
37 8 V9_IPV4SRCADDR 4 8 V9_IPV4SRCADDR 4
38 12 V9_IPV4DSTADDR 4 12 V9_IPV4DSTADDR 4
39 5 V9_TOS 1 5 V9_TOS 1
40 16 V9_SRC_AS 4 16 V9_SRC_AS 4
41 17 V9_DST_AS 4 17 V9_DST_AS 4
42 18 V9_BGP_IPV4_NEXT_HOP 4 18 V9_BGP_IPV4_NEXT_HOP 4
43 63 V9_BGP_IPV6_NEXT_HOP 16 63 V9_BGP_IPV6_NEXT_HOP 16
44 15 V9_IPV4_NEXT_HOP 4 15 V9_IPV4_NEXT_HOP 4
45 62 V9_IPV6_NEXT_HOP 16 62 V9_IPV6_NEXT_HOP 16
46 56 V9_IN_SRC_MAC 6 56 V9_IN_SRC_MAC 6
47 80 V9_IN_DST_MAC 6 80 V9_IN_DST_MAC 6
48 256 V9_ETH_TYPE 2 256 V9_ETH_TYPE 2
49 243 V9_DOT1Q_VLAN_ID 2 243 V9_DOT1Q_VLAN_ID 2
50 245 V9_DOT1Q_CUST_VLAN_ID 2 245 V9_DOT1Q_CUST_VLAN_ID 2
51 244 V9_DOT1Q_PRIORITY 1 244 V9_DOT1Q_PRIORITY 1
52 198 IN_BYTES_DELTA 8 444 V9_AS_PATH 128
53 445 V9_STD_COMM 128

IPv6-GTP-IPv4 Record

This record monitors GTP-U traffic moving from an IPv6 network to an IPv4 network, ensuring seamless data flow across different network types.

S.No IPFIX NetFlow V9
IE # Field

Size

(Bytes)

 IE # Field

Size

(Bytes)
1 2 V9_IN_PKTS 8 2 V9_IN_PKTS 4
2 1 V9_IN_BYTES 8 1 V9_IN_BYTES 4
3 10 V9_INPUT_SNMP 4 10 V9_INPUT_SNMP 4
4 14 V9_OUTPUT_SNMP 4 14 V9_OUTPUT_SNMP 4
5 21 V9_LAST_SWITCHED 4 21 V9_LAST_SWITCHED 4
6 22 V9_FIRST_SWITCHED 4 22 V9_FIRST_SWITCHED 4
7 89 V9_FORWARDING_STATUS 4 89 V9_FORWARDING_STATUS 1
8 61 V9_DIRECTION 1 61 V9_DIRECTION 1
9 302 SELECTOR_ID 4 48 V9_FLOW_SAMPLER_ID 2
10 234 V9_VRF_ID_INPUT 4 234 V9_VRF_ID_INPUT 4
11 235 V9_VRF_ID_OUTPUT 4 235 V9_VRF_ID_OUTPUT 4
12 55 V9_POST_QOS_TOS 1 55 V9_POST_QOS_TOS 1
13 8 V9_IPV4SRCADDR 4 8 V9_IPV4SRC4ADDR 4
14 12 V9_IPV4DSTADDR 4 12 V9_IPV4DSTADDR 4
15 7 V9_SRC_PORT 2 7 V9_SRC_PORT 2
16 11 V9_DST_PORT 2 11 V9_DST_PORT 2
17 9 V9_SRC_MASK 1 9 V9_SRRC_MASK 1
18 13 V9_DST_MASK 1 13 V9_DST_MASK 1
19 4 V9_PROT 1 4 V9_PROT 1
20 6 V9_TCP_FLAGS 2 6 V9_TCP_FLAGS 1
21 5 V9_TOS 1 5 V9_TOS 1
22 52 V9_MIN_TTL 1 52 V9_MIN_TTL 1
23 53 V9_MAX_TTL 1 53 V9_MAX_TTL 1
24 54 V9_IP_IDENT 4 54 V9_IP_IDENT 4
25 197 IPFIX_FRAG_FLAGS 1 197 IPFIX_FRAG_FLAGS 1
26 88 V9_FRAGMENT_OFFSET 2 88 V9_FRAGMENT_OFFSET 2
27 184 IPFIX_TCP_SEQ_NUM 4 184 IPFIX_TCP_SEQ_NUM 4
28 25 V9_MIN_PKT_LEN 8 25 V9_MIN_PKT_LEN 8
29 26 V9_MAX_PKT_LEN 8 26 V9_MAX_PKT_LEN 8
30 503 IPFIX_L4_CHECKSUM 2 503 IPFIX_L4_CHECKSUM 2
31 504 IPFIX_ICMP_8_BYTES 8 504 IPFIX_ICMP_8_BYTES 8
32 507 GTP_TEID 4 507 GTP_TEID 4
33 509 GTP_QFI 1 509 GTP_QFI 1
34 510 GTP_SESS_DIR 1 510 GTP_SESS_DIR 1
35 27 V9_IPV6_SRC_ADDR 16 27 V9_IPV6_SRC_ADDR 16
36 28 V9_IPV6_DST_ADDR 16 28 V9_IPV6_DST_ADDR 16
37 5 V9_TOS 1 5 V9_TOS 1
38 31 V9_FLOW_LABEL 4 31 V9_FLOW_LABEL 3
39 16 V9_SRC_AS 4 16 V9_SRC_AS 4
40 17 V9_DST_AS 4 17 V9_DST_AS 4
41 18 V9_BGP_IPV4_NEXT_HOP 4 18 V9_BGP_IPV4_NEXT_HOP 4
42 63 V9_BGP_IPV6_NEXT_HOP 16 63 V9_BGP_IPV6_NEXT_HOP 16
43 15 V9_IPV4_NEXT_HOP 4 15 V9_IPV4_NEXT_HOP 4
44 62 V9_IPV6_NEXT_HOP 16 62 V9_IPV6_NEXT_HOP 16
45 56 V9_IN_SRC_MAC 6 56 V9_IN_SRC_MAC 6
46 80 V9_IN_DST_MAC 6 80 V9_IN_DST_MAC 6
47 256 V9_ETH_TYPE 2 256 V9_ETH_TYPE 2
48 243 V9_DOT1Q_VLAN_ID 2 243 V9_DOT1Q_VLAN_ID 2
49 245 V9_DOT1Q_CUST_VLAN_ID 2 245 V9_DOT1Q_CUST_VLAN_ID 2
50 244 V9_DOT1Q_PRIORITY 1 244 V9_DOT1Q_PRIORITY 1
51 198 IN_BYTES_DELTA 8 444 V9_AS_PATH 128
52 445 V9_STD_COMM 128

IPv6-GTP-IPv6 Record

This record provides insights into GTP-U traffic within IPv6 networks, crucial for maintaining the integrity and efficiency of modern 5G infrastructures.

S.No IPFIX NetFlow V9
IE # Field

Size

(Bytes)

 IE # Field

Size

(Bytes)
1 2 V9_IN_PKTS 8 2 V9_IN_PKTS 4
2 1 V9_IN_BYTES 8 1 V9_IN_BYTES 4
3 10 V9_INPUT_SNMP 4 10 V9_INPUT_SNMP 4
4 14 V9_OUTPUT_SNMP 4 14 V9_OUTPUT_SNMP 4
5 21 V9_LAST_SWITCHED 4 21 V9_LAST_SWITCHED 4
6 22 V9_FIRST_SWITCHED 4 22 V9_FIRST_SWITCHED 4
7 89 V9_FORWARDING_STATUS 4 89 V9_FORWARDING_STATUS 1
8 61 V9_DIRECTION 1 61 V9_DIRECTION 1
9 302 SELECTOR_ID 4 48 V9_FLOW_SAMPLER_ID 2
10 234 V9_VRF_ID_INPUT 4 234 V9_VRF_ID_INPUT 4
11 235 V9_VRF_ID_OUTPUT 4 235 V9_VRF_ID_OUTPUT 4
12 55 V9_POST_QOS_TOS 1 55 V9_POS_QOS_TOS 1
13 27 V9_IPV6_SRC_ADDR 16 27 V9_IPV6_SRC_ADDR 16
14 28 V9_IPV6_DST_ADDR 16 28 V9_IPV6_DST_ADDR 16
15 31 V9_FLOW_LABEL 4 31 V9_FLOW_LABEL 3
16 64 V9_IPV6_OPTION_HEADERS 4 64 V9_IPV6_OPTION_HEADERS 4
17 7 V9_SRC_PORT 2 7 V9_SRC_PORT 2
18 11 V9_DST_PORT 2 11 V9_DST_PORT 2
19 30 V9_IPV6_DST_MASK 1 30 V9_IPV6_DST_MASK 1
20 29 V9_IPV6_SRC_MASK 1 29 V9_IPV6_SRC_MASK 1
21 4 V9_PROT 1 4 V9_PROT 1
22 6 V9_TCP_FLAGS 2 6 V9_TCP_FLAGS 1
23 5 V9_TOS 1 5 V9_TOS 1
24 52 V9_MIN_TTL 1 52 V9_MIN_TTL 1
25 53 V9_MAX_TTL 1 53 V9_MAX_TTL 1
26 54 V9_IP_IDENT 4 54 V9_IP_IDENT 4
27 197 IPFIX_FRAG_FLAGS 1 197 IPFIX_FRAG_FLAGS 1
28 88 V9_FRAGMENT_OFFSET 2 88 V9_FRAGMENT_OFFSET 2
29 184 IPFIX_TCP_SEQ_NUM 4 184 IPFIX_TCP_SEQ_NUM 4
30 25 V9_MIN_PKT_LEN 8 25 V9_MIN_PKT_LEN 8
31 26 V9_MAX_PKT_LEN 8 26 V9_MAX_PKT_LEN 8
32 503 IPFIX_L4_CHECKSUM 2 503 IPFIX_L4_CHECKSUM 2
33 504 IPFIX_ICMP_8_BYTES 8 504 IPFIX_ICMP_8_BYTES 8
34 507 GTP_TEID 4 507 GTP_TEID 4
35 509 GTP_QFI 1 509 GTP_QFI 1
36 510 GTP_SESS_DIR 1 510 GTP_SESS_DIR 1
37 27 V9_IPV6_SRC_ADDR 16 27 V9_IPV6_SRC_ADDR 16
38 28 V9_IPV6_DST_ADDR 16 28 V9_IPV6_DST_ADDR 16
39 5 V9_TOS 1 5 V9_TOS 1
40 31 V9_FLOW_LABEL 4 31 V9_FLOW_LABEL 3
41 16 V9_SRC_AS 4 16 V9_SRC_AS 4
42 17 V9_DST_AS 4 17 V9_DST_AS 4
43 18 V9_BGP_IPV4_NEXT_HOP 4 18 V9_BGP_IPV4_NEXT_HOP 4
44 63 V9_BGP_IPV6_NEXT_HOP 16 63 V9_BGP_IPV6_NEXT_HOP 16
45 15 V9_IPV4_NEXT_HOP 4 15 V9_IPV4_NEXT_HOP 4
46 62 V9_IPV6_NEXT_HOP 16 62 V9_IPV6_NEXT_HOP 16
47 56 V9_IN_SRC_MAC 6 56 V9_IN_SRC_MAC 6
48 80 V9_IN_DST_MAC 6 80 V9_IN_DST_MAC 6
49 256 V9_ETH_TYPE 2 256 V9_ETH_TYPE 2
50 243 V9_DOT1Q_VLAN_ID 2 243 V9_DOT1Q_VLAN_ID 2
51 245 V9_DOT1Q_CUST_VLAN_ID 2 245 V9_DOT1Q_CUST_VLAN_ID 2
52 244 V9_DOT1Q_PRIORITY 1 244 V9_DOT1Q_PRIORITY 1
53 198 IN_BYTES_DELTA 8 444 V9_AS_PATH 128
54 445 V9_STD_COMM 128

Extended Template Records

IPv4 Peering Extended Record

This record extends monitoring capabilities to include detailed peering information for IPv4 traffic, enhancing traffic management and security measures.

S.No IPFIX NetFlow V9
IE # Field

Size

(Bytes)

 IE # Field

Size

(Bytes)
1 2 V9_IN_PKTS 8 2 V9_IN_PKTS 4
2 1 V9_IN_BYTES 8 1 V9_IN_BYTES 4
3 8 V9_IPV4SRCADDR 4 8 V9_IPV4SRCADDR 4
4 12 V9_IPV4DSTADDR 4 12 V9_IPV4DSTADDR 4
5 10 V9_INPUT_SNMP 4 10 V9_INPUT_SNMP 4
6 14 V9_OUTPUT_SNMP 4 14 V9_OUTPUT_SNMP 4
7 22 V9_FIRST_SWITCHED 4 22 V9_FIRST_SWITCHED 4
8 21 V9_LAST_SWITCHED 4 21 V9_LAST_SWITCHED 4
9 7 V9_SRC_PORT 2 7 V9_SRC_PORT 2
10 11 V9_DST_PORT 2 11 V9_DST_PORT 2
11 16 V9_SRC_AS 4 16 V9_SRC_AS 4
12 17 V9_DST_AS 4 17 V9_DST_AS 4
13 18 V9_BGP_IPV4_NEXT_HOP 4 18 V9_BGP_IPV6_NEXT_HOP 4
14 63 V9_BGP_IPV6_NEXT_HOP 16 63 V9_BGP_IPV6_NEXT_HOP 16
15 15 V9_IPV4_NEXT_HOP 4 15 V9_IPV4_NEXT_HOP 4
16 62 V9_IPV6_NEXT_HOP 16 62 V9_IPV6_NEXT_HOP 16
17 9 V9_SRC_MASK 1 9 V9_SRC_MASK 1
18 13 V9_DST_MASK 1 13 V9_DST_MASK 1
19 4 V9_PROT 1 4 V9_PROT 1
20 6 V9_TCP_FLAGS 2 6 V9_TCP_FLAGS 1
21 5 V9_TOS 1 5 V9_TOS 1
22 55 V9_POST_QOS_TOS 1 55 V9_POST_QOS_TOS 1
23 61 V9_DIRECTION 1 61 V9_DIRECTION 1
24 89 V9_FORWARDING_STATUS 4 89 V9_FORWARDING_STATUS 1
25 302 SELECTOR_ID 4 48 V9_FLOW_SAMPLER_ID 2
26 234 V9_VRF_ID_INPUT 4 234 V9_VRF_ID_INPUT 4
27 235 V9_VRF_ID_OUTPUT 4 235 V9_VRF_ID_OUTPUT 4
28 52 V9_MIN_TTL 1 52 V9_MIN_TTL 1
29 53 V9_MAX_TTL 1 53 V9_MAX_TTL 1
30 54 V9_IP_IDENT 4 54 V9_IP_IDENT 4
31 197 IPFIX_FRAG_FLAGS 1 197 IPFIX_FRAG_FLAGS 1
32 88 V9_FRAGMENT_OFFSET 2 88 V9_FRAGMENT_OFFSET 2
33 184 IPFIX_TCP_SEQ_NUM 4 184 IPFIX_TCP_SEQ_NUM 4
34 25 V9_MIN_PKT_LEN 8 25 V9_MIN_PKT_LEN 8
35 26 V9_MAX_PKT_LEN 8 26 V9_MAX_PKT_LEN 8
36 503 IPFIX_L4_CHECKSUM 2 503 IPFIX_L4_CHECKSUM 2
37 504 IPFIX_ICMP_8_BYTES 8 504 IPFIX_ICMP_8_BYTES 8
38 56 V9_IN_SRC_MAC 6 56 V9_IN_SRC_MAC 6
39 80 V9_IN_DST_MAC 6 80 V9_IN_DST_MAC 6
40 256 V9_ETH_TYPE 2 256 V9_ETH_TYPE 2
41 243 V9_DOT1Q_VLAN_ID 2 243 V9_DOT1Q_VLAN_ID 2
42 245 V9_DOT1Q_CUST_VLAN_ID 2 245 V9_DOT1Q_CUST_VLAN_ID 2
43 244 V9_DOT1Q_PRIORITY 1 244 V9_DOT1Q_PRIORITY 1
44 198 IN_BYTES_DELTA 8 444 V9_AS_PATH 128
45 445 V9_STD_COMM 128

IPv6 Peering Extended Record

This record offers comprehensive peering data for IPv6 traffic, supporting advanced traffic analysis and network optimization strategies.

S.No IPFIX NetFlow V9
IE # Field

Size

(Bytes)

 IE # Field

Size

(Bytes)
1 2 V9_IN_PKTS 8 2 V9_IN_PKTS 4
2 1 V9_IN_BYTES 8 1 V9_IN_BYTES 4
3 27 V9_IPV6_SRC_ADDR 16 27 V9_IPV6_SRC_ADDR 16
4 28 V9_IPV6_DST_ADDR 16 28 V9_IPV6_DST_ADDR 16
5 10 V9_INPUT_SNMP 4 10 V9_INPUT_SNMP 4
6 14 V9_OUTPUT_SNMP 4 14 V9_OUTPUT_SNMP 4
7 22 V9_FIRST_SWITCHED 4 22 V9_FIRST_SWITCHED 4
8 21 V9_LAST_SWITCHED 4 21 V9_LAST_SWITCHED 4
9 31 V9_FLOW_LABEL 4 31 V9_FLOW_LABEL 3
10 64 V9_IPV6_OPTION_HEADERS 4 64 V9_IPV6_OPTION_HEADERS 4
11 7 V9_SRC_PORT 2 7 V9_SRC_PORT 2
12 11 V9_DST_PORT 2 11 V9_DST_PORT 2
13 16 V9_SRC_AS 4 16 V9_SRC_AS 4
14 17 V9_DST_AS 4 17 V9_DST_AS 4
15 18 V9_BGP_IPV4_NEXT_HOP 4 18 V9_BGP_IPV6_NEXT_HOP 4
16 63 V9_BGP_IPV6_NEXT_HOP 16 63 V9_BGP_IPV6_NEXT_HOP 16
17 15 V9_IPV4_NEXT_HOP 4 15 V9_IPV4_NEXT_HOP 4
18 62 V9_IPV6_NEXT_HOP 16 62 V9_IPV6_NEXT_HOP 16
19 30 V9_IPV6_DST_MASK 1 30 V9_IPV6_DST_MASK 1
20 29 V9_IPV6_SRC_MASK 1 29 V9_IPV6_SRC_MASK 1
21 4 V9_PROT 1 4 V9_PROT 1
22 6 V9_TCP_FLAGS 2 6 V9_TCP_FLAGS 1
23 5 V9_TOS 1 5 V9_TOS 1
24 55 V9_POST_QOS_TOS 1 55 V9_POST_QOS_TOS 1
25 61 V9_DIRECTION 1 61 V9_DIRECTION 1
26 89 V9_FORWARDING_STATUS 4 89 V9_FORWARDING_STATUS 1
27 302 SELECTOR_ID 4 48 V9_FLOW_SAMPLER_ID 2
28 234 V9_VRF_ID_INPUT 4 234 V9_VRF_ID_INPUT 4
29 235 V9_VRF_ID_OUTPUT 4 235 V9_VRF_ID_OUTPUT 4
30 52 V9_MIN_TTL 1 52 V9_MIN_TTL 1
31 53 V9_MAX_TTL 1 53 V9_MAX_TTL 1
32 54 V9_IP_IDENT 4 54 V9_IP_IDENT 4
33 197 IPFIX_FRAG_FLAGS 1 197 IPFIX_FRAG_FLAGS 1
34 88 V9_FRAGMENT_OFFSET 2 88 V9_FRAGMENT_OFFSET 2
35 184 IPFIX_TCP_SEQ_NUM 4 184 IPFIX_TCP_SEQ_NUM 4
36 25 V9_MIN_PKT_LEN 8 25 V9_MIN_PKT_LEN 8
37 26 V9_MAX_PKT_LEN 8 26 V9_MAX_PKT_LEN 8
38 503 IPFIX_L4_CHECKSUM 2 503 IPFIX_L4_CHECKSUM 2
39 504 IPFIX_ICMP_8_BYTES 8 504 IPFIX_ICMP_8_BYTES 8
40 56 V9_IN_SRC_MAC 6 56 V9_IN_SRC_MAC 6
41 80 V9_IN_DST_MAC 6 80 V9_IN_DST_MAC 6
42 256 V9_ETH_TYPE 2 256 V9_ETH_TYPE 2
43 243 V9_DOT1Q_VLAN_ID 2 243 V9_DOT1Q_VLAN_ID 2
44 245 V9_DOT1Q_CUST_VLAN_ID 2 245 V9_DOT1Q_CUST_VLAN_ID 2
45 244 V9_DOT1Q_PRIORITY 1 244 V9_DOT1Q_PRIORITY 1
46 198 IN_BYTES_DELTA 8 444 V9_AS_PATH 128
47 445 V9_STD_COMM 128

Configure Netflow for GTP-U Traffic Monitoring

Configure a Flow Exporter
Router# configure
Router(config)# flow exporter-map Expo1 
Router(config-fem)# source-address 2001:db8::0003
Router(config-fem)# destination 2001:db8::0002
Router(config-fem)# transport udp 1024
Router(config-fem)# version v9
Router(config-fem-ver)# options interface-table
Router(config-fem-ver)# commit
Router(config-fem-ver)# root
Router(config)#exit

Create a Flow Monitor for GTP-U monitoring


Router(config)#flow monitor-map ipv6
Router(config-fmm)#record ipv6 gtp
Router(config-fmm)#exporter Expo1
Router(config-fmm)#option bgpattr
Router(config-fmm)#cache timeout active 30
Router(config-fmm)#cache timeout inactive 5
Router(config-fmm)#exit

Configure a Flow Sampler

Router(config)# configure
Router(config)# sampler-map fsm1 
Router(config-sm)# random 1 out-of 262144
Router(config)# exit
Router(config)#commit
Router(config)#exit
Router#
Apply a Flow Monitor Map and a Flow Sampler to a physical interface

Router#configure
Router(config)#interface HundredGigE 0/0/0/24
Router(config-if)#flow ipv6 monitor fmm-ipv6 sampler fsm1 ingress 
Router(config-if)#commit
Router(config-if)#root
Router(config)#exit

Running Configuration

View the running configuration


Router# show run

flow exporter-map Expo1
 version v9
  options interface-table
 !
 transport udp 1024
 source-address 2001:db8::3
 destination 2001:db8::2
!         
flow monitor-map fmm-ipv6
 record ipv6
 exporter Expo1
 cache entries 500000
 cache timeout active 60
 cache timeout inactive 20
!         
sampler-map fsm1
 random 1 out-of 262144
!         
       
interface HundredGigE0/0/0/24
 shutdown 
 flow ipv6 monitor fmm-ipv6 sampler fsm1 ingress
!              
end

Verification

Monitoring Cache Record for GTP-U services

In the following example, you can verify the GTP tunnel ID, QoS flow identifier, and GTP session number from the GTPTeid, GTPQFI and GTPSESSDIR field. 

Router#show flow monitor fmm-ipv6 cache format record location 0/0/CPU0 
========== Record number: 1 ==========
RecordType       : GTP Tunneled Record
IPV4SrcAddr      : 0.0.0.0         
IPV4DstAddr      : 0.0.0.0         
IPv6SrcAddr      : 2001:db8:1::1                           
IPv6DstAddr      : 2001:db8:2::2                           
L4SrcPort        : 0         
L4DestPort       : 0         
IPV4Prot         : icmpv6  
IPV4TOS          : 0       
InputInterface   : Gi0/2/0/0      
OutputInterface  : 0              
L4TCPFlags       : 0           
ForwardStatus    : Fwd                 
FirstSwitched    : 00 00:08:59:286
LastSwitched     : 00 00:08:59:286
ByteCount        : 1296        
PacketCount      : 1           
Dir              : Ing
GTPTeid          : 11          
GTPQFI           : 0         
GTPSESSDIR       : 0         
IPv6TC           : 0     
IPv6FlowLabel    : 690680        
MinimumTTL       : 64        
MaximumTTL       : 64        
IPFragFlags      : 0         
IPFragOffset     : 181       
IPIdentification : 0         
IPV6Ident        : 1546089621
L4SequenceNum    : 0         
L4Checksum       : 0         
MinPktLen        : 100       
MaxPktLen        : 100       
ICMPBytes        : 0x8000cf945edf0002    
OuterIPV4SrcAddr : 100.100.100.1   
OuterIPV4DstAddr : 200.200.200.2   
OuterIPv6SrcAddr : ::                                      
OuterIPv6DstAddr : ::                                      
BGPNextHopV4     : 0.0.0.0         
BGPNextHopV6     : ::                                      
BGPSrcOrigAS     : 0           
BGPDstOrigAS     : 0           
IPV4NextHop      : 0.0.0.0         
IPV6NextHop      : ::                                      
SrcMacAddr       : 00:00:3f:11:50:20 
DstMacAddr       : 45:00:00:62:00:00 
EthType          : 2048   
Dot1qPriority    : 0             
Dot1qVlanId      : 0           
CustVlanId       : 0           
InputVRFID       : default                          
OutputVRFID      : default
========== Record number: 2 ==========
RecordType       : GTP Tunneled Record
IPV4SrcAddr      : 192.168.12.2    
IPV4DstAddr      : 192.168.12.1    
IPv6SrcAddr      : ::                                      
IPv6DstAddr      : ::                                      
L4SrcPort        : 0         
L4DestPort       : 0         
IPV4Prot         : icmp    
IPV4TOS          : 0       
InputInterface   : Gi0/2/0/0      
OutputInterface  : 0              
L4TCPFlags       : 0           
ForwardStatus    : Fwd                 
FirstSwitched    : 00 00:08:54:244
LastSwitched     : 00 00:08:54:244
ByteCount        : 64          
PacketCount      : 1           
Dir              : Ing
GTPTeid          : 11          
GTPQFI           : 0         
GTPSESSDIR       : 0         
IPv6TC           : 0     
IPv6FlowLabel    : 0             
MinimumTTL       : 255       
MaximumTTL       : 255       
IPFragFlags      : 0         
IPFragOffset     : 97        
IPIdentification : 4         
IPV6Ident        : 0         
L4SequenceNum    : 0         
L4Checksum       : 0         
MinPktLen        : 100       
MaxPktLen        : 100       
ICMPBytes        : 0xabcdabcdabcdabcd    
OuterIPV4SrcAddr : 100.100.100.1   
OuterIPV4DstAddr : 200.200.200.2   
OuterIPv6SrcAddr : ::                                      
OuterIPv6DstAddr : ::                                      
BGPNextHopV4     : 0.0.0.0         
BGPNextHopV6     : ::                                      
BGPSrcOrigAS     : 0           
BGPDstOrigAS     : 0           
IPV4NextHop      : 0.0.0.0         
IPV6NextHop      : ::                                      
SrcMacAddr       : 00:00:3f:11:50:20 
DstMacAddr       : 45:00:00:62:00:00 
EthType          : 2048   
Dot1qPriority    : 0             
Dot1qVlanId      : 0           
CustVlanId       : 0           
InputVRFID       : default                          
OutputVRFID      : default

Netflow Full Packet Capture

This feature captures the exact packet size of the ingress Netflow packet.

Earlier, when a L2VPN packet with a destination MAC address starting with the number 6 is received, the packet gets wrongly decoded as IPv6 packet; the packet size consequently gets reported inaccurately to the collector.

Configuring Netflow Full Packet Capture

This section describes how to configure Netflow full packet capture feature on the line card location 0/1/cpu0:


Note

You should reload the line card for the changes to take effect.

 
RP/0/RP0/CPU0:router(config)# hw-module profile netflow fpc-enable location 0/1/cpu0
RP/0/RP0/CPU0:router(config)# exit
RP/0/RP0/CPU0:router # system admin
RP/0/RP0/CPU0:router(sysadmin)# hw-module reload location 0/1/cpu0  
RP/0/RP0/CPU0:router(sysadmin)# commit
RP/0/RP0/CPU0:router(sysadmin)# end

Running Config


config
  hw-module profile netflow fpc-enable location 0/1/cpu0
!
sysadmin
 hw-module reload location 0/1/cpu0 
!