Flexible NetFlow—MPLS Egress NetFlow

The Flexible NetFlow--MPLS Egress NetFlow feature allows you to capture IP flow information for packets undergoing MPLS label disposition; that is, packets that arrive on a router as MPLS packets and are transmitted as IP packets.

Information About Flexible NetFlow MPLS Egress NetFlow

Flexible NetFlow MPLS Egress NetFlow

The Flexible NetFlow - MPLS Egress NetFlow feature allows you to capture IP flow information for packets that arrive on a router as Multiprotocol Label Switching (MPLS) packets and are transmitted as IP packets. This feature allows you to capture the MPLS VPN IP flows that are traveling through the service provider backbone from one site of a VPN to another site of the same VPN. The Flexible NetFlow - MPLS Egress NetFlow feature is enabled by applying a flow monitor in output (egress) mode on the provider edge (PE) to customer edge (CE) interface of the provider’s network.

The figure below shows a sample MPLS VPN network topology that includes four VPN 1 sites and two VPN 2 sites. If the Flexible NetFlow - MPLS Egress NetFlow is enabled on an outgoing PE interface by applying a flow monitor in output mode, IP flow information for packets that arrive at the PE as MPLS packets (from an MPLS VPN) and that are transmitted as IP packets to the PE router is captured. For example:

  • To capture the flow of traffic going to site 2 of VPN 1 from any remote VPN 1 sites, you enable a flow monitor in output mode on link PE2-CE5 of provider edge router PE2.

  • To capture the flow of traffic going to site 1 of VPN 2 from any remote VPN 2 site, you enable a flow monitor in output mode on link PE3-CE4 of the provider edge router PE3.

The flow data is stored in the Flexible NetFlow cache. You can use the show flow monitor monitor-name cache command to display the flow data in the cache.

Figure 1. Sample MPLS VPN Network Topology with Flexible NetFlow--MPLS Egress NetFlow Feature

If you configure a Flexible NetFlow exporter for the flow monitors you use for the Flexible NetFlow - MPLS Egress NetFlow feature, the PE routers will export the captured flows to the configured collector devices in the provider network. Applications such as the Network Data Analyzer or the VPN Solution Center (VPN-SC) can gather information from the captured flows and compute and display site-to-site VPN traffic statistics.

Limitations

When using Flexible NetFlow to monitor outbound traffic on a router at the edge of an MPLS cloud, for IP traffic that leaves over a VRF, the following fields are not collected and have a value of 0:

  • destination mask

  • destination prefix

  • destination AS numbers

  • destination BGP traffic index

  • nexthop

  • BGP nexthop

How to Configure Flexible NetFlow MPLS Egress NetFlow

Configuring a Flow Exporter for the Flow Monitor

Perform this optional task to configure a flow exporter for the flow monitor in order to export the data that is collected by Flexible NetFlow to a remote system for further analysis and storage.

Flow exporters are used to send the data that you collect with Flexible NetFlow to a remote system such as a NetFlow Collection Engine. Exporters use UDP as the transport protocol and use the Version 9 export format.


Note

Each flow exporter supports only one destination. If you want to export the data to multiple destinations, you must configure multiple flow exporters and assign them to the flow monitor.

You can export to a destination using either an IPv4 or IPv6 address.


Note

When you configure an exporter, configure the exporter in such a way that the source interface is defined as a WAN interface. This configuration helps you prevent any unpredictable behavior because the NAT is not applied on the packets.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. flow exporter exporter-name
  4. description description
  5. destination {hostname | ip-address } [vrf vrf-name ]
  6. export-protocol {netflow-v5 | netflow-v9 | ipfix }
  7. transport udp udp-port
  8. exit
  9. flow monitor flow-monitor-name
  10. exporter exporter-name
  11. end
  12. show flow exporter exporter-name
  13. show running-config flow exporter exporter-name

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

flow exporter exporter-name

Example:


Device(config)# flow exporter EXPORTER-1

Creates a flow exporter and enters Flexible NetFlow flow exporter configuration mode.

  • This command also allows you to modify an existing flow exporter.

Step 4

description description

Example:


Device(config-flow-exporter)# description Exports to datacenter

(Optional) Creates a description for the flow exporter.

Step 5

destination {hostname | ip-address } [vrf vrf-name ]

Example:


Device(config-flow-exporter)# destination 172.16.10.2

Specifies the hostname or IP address of the system to which the exporter sends data.

Note

 

You can export to a destination using either an IPv4 or IPv6 address.

Step 6

export-protocol {netflow-v5 | netflow-v9 | ipfix }

Example:


Device(config-flow-exporter)# export-protocol netflow-v9

Specifies the version of the NetFlow export protocol used by the exporter.

  • Default: netflow-v9 .

Step 7

transport udp udp-port

Example:


Device(config-flow-exporter)# transport udp 65

Configures UDP as the transport protocol and specifies the UDP port on which the destination system is listening for exported Flexible NetFlow traffic.

Step 8

exit

Example:


Device(config-flow-exporter)# exit

Exits Flexible NetFlow flow exporter configuration mode and returns to global configuration mode.

Step 9

flow monitor flow-monitor-name

Example:


Device(config)# flow monitor FLOW-MONITOR-1

Enters Flexible NetFlow flow monitor configuration mode for the flow monitor that you created previously.

Step 10

exporter exporter-name

Example:


Device(config-flow-monitor)# exporter EXPORTER-1

Specifies the name of an exporter that you created previously.

Step 11

end

Example:


Device(config-flow-monitor)# end

Exits Flexible NetFlow flow monitor configuration mode and returns to privileged EXEC mode.

Step 12

show flow exporter exporter-name

Example:


Device# show flow exporter FLOW_EXPORTER-1

(Optional) Displays the current status of the specified flow exporter.

Step 13

show running-config flow exporter exporter-name

Example:


Device<# show running-config flow exporter FLOW_EXPORTER-1

(Optional) Displays the configuration of the specified flow exporter.

Creating a Flow Monitor

Perform this required task to create a customized flow monitor.

Each flow monitor has a separate cache assigned to it. Each flow monitor requires a record to define the contents and layout of its cache entries. These record formats can be a user-defined format. An advanced user can create a customized format using the flow record command.

Before you begin

If you want to use a customized record, you must create the customized record before you can perform this task. If you want to add a flow exporter to the flow monitor for data export, you must create the exporter before you can complete this task.


Note

You must use the no ip flow monitor command to remove a flow monitor from all of the interfaces to which you have applied it before you can modify the parameters for the record command on the flow monitor.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. flow monitor monitor-name
  4. description description
  5. record {record-name }
  6. cache {timeout {active } seconds | { normal }
  7. Repeat Step 6 as required to finish modifying the cache parameters for this flow monitor.
  8. exporter exporter-name
  9. end
  10. show flow monitor [[name ] monitor-name [cache [format {csv | record | table } ]] ]
  11. show running-config flow monitor monitor-name

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

flow monitor monitor-name

Example:


Device(config)# flow monitor FLOW-MONITOR-1

Creates a flow monitor and enters Flexible NetFlow flow monitor configuration mode.

  • This command also allows you to modify an existing flow monitor.

Step 4

description description

Example:


Device(config-flow-monitor)# description Used for basic ipv4 traffic analysis

(Optional) Creates a description for the flow monitor.

Step 5

record {record-name }

Example:


Device(config-flow-monitor)# record FLOW-RECORD-1

Specifies the record for the flow monitor.

Step 6

cache {timeout {active } seconds | { normal }

Example:

    Step 7

    Repeat Step 6 as required to finish modifying the cache parameters for this flow monitor.

    Step 8

    exporter exporter-name

    Example:

    
Device(config-flow-monitor)# exporter EXPORTER-1

    (Optional) Specifies the name of an exporter that was created previously.

    Step 9

    end

    Example:

    
Device(config-flow-monitor)# end

    Exits Flexible NetFlow flow monitor configuration mode and returns to privileged EXEC mode.

    Step 10

    show flow monitor [[name ] monitor-name [cache [format {csv | record | table } ]] ]

    Example:

    
Device# show flow monitor FLOW-MONITOR-2 cache

    (Optional) Displays the status for a Flexible NetFlow flow monitor.

    Step 11

    show running-config flow monitor monitor-name

    Example:

    
Device# show running-config flow monitor FLOW_MONITOR-1

    (Optional) Displays the configuration of the specified flow monitor.

    Applying a Flow Monitor to an Interface

    Before it can be activated, a flow monitor must be applied to at least one interface. Perform this required task to activate a flow monitor.

    While running the ip flow monitor command for the first interface to enable FNF monitor, you may see the following warning message displaying a GLOBAL memory allocation failure. This log is triggered by enabling FNF monitoring with a large cache size. 

    Jul  4 01:45:00.255: %CPPEXMEM-3-NOMEM: F0/0: cpp_cp_svr: QFP: 0, GLOBAL memory allocation of 90120448 bytes by FNF failed
Jul  4 01:45:00.258: %CPPEXMEM-3-TOPUSER: F0/0: cpp_cp_svr: QFP: 0, Top User: CPR STILE EXMEM GRAPH, Allocations: 877, Type: GLOBAL
Jul  4 01:45:00.258: %CPPEXMEM-3-TOPUSER: F0/0: cpp_cp_svr: QFP: 0, Top User: SBC, Bytes Allocated: 53850112, Type: GLOBAL

    The warning message does not necessarily indicate a flow monitor application failure. The warning message can indicate internal steps that FNF uses for applying memory from the EXMEM infrastructure.

    To ensure that the FNF monitor is enabled successfully, use the show flow monitor monitor-name command to check Status (allocated or not allocated) of a flow monitor. For more information, see Displaying the Current Status of a Flow Monitor.

    SUMMARY STEPS

    1. enable
    2. configure terminal
    3. interface type number
    4. {ip | ipv6 } flow monitor monitor-name {input | output }
    5. Repeat Steps 3 and 4 to activate a flow monitor on any other interfaces in the device over which you want to monitor traffic.
    6. end
    7. show flow interface type number
    8. show flow monitor name monitor-name cache format record

    DETAILED STEPS

      Command or Action Purpose

    Step 1

    enable

    Example:

    
Device> enable

    Enables privileged EXEC mode.

    • Enter your password if prompted.

    Step 2

    configure terminal

    Example:

    
Device# configure terminal

    Enters global configuration mode.

    Step 3

    interface type number

    Example:

    
Device(config)# interface GigabitEthernet 0/0/0

    Specifies an interface and enters interface configuration mode.

    Step 4

    {ip | ipv6 } flow monitor monitor-name {input | output }

    Example:

    
Device(config-if)# ip flow monitor FLOW-MONITOR-1 input

    Activates a flow monitor that was created previously by assigning it to the interface to analyze traffic.

    Step 5

    Repeat Steps 3 and 4 to activate a flow monitor on any other interfaces in the device over which you want to monitor traffic.

    Step 6

    end

    Example:

    
Device(config-if)# end

    Exits interface configuration mode and returns to privileged EXEC mode.

    Step 7

    show flow interface type number

    Example:

    
Device# show flow interface GigabitEthernet 0/0/0

    Displays the status of Flexible NetFlow (enabled or disabled) on the specified interface.

    Step 8

    show flow monitor name monitor-name cache format record

    Example:

    
Device# show flow monitor name FLOW_MONITOR-1 cache format record

    Displays the status, statistics, and flow data in the cache for the specified flow monitor.

    Configuration Examples for Flexible NetFlow MPLS Egress NetFlow

    Example: Configuring Flexible NetFlow Egress Accounting for IPv4 and IPv6 Traffic

    The following example shows how to configure Flexible NetFlow egress accounting for IPv4 and IPv6 traffic.

    This example starts in global configuration mode. 

    
!
flow record v4_r1
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long
!
flow record v6_r1
match ipv6 traffic-class
match ipv6 protocol
match ipv6 source address
match ipv6 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long
!
flow monitor FLOW-MONITOR-1
 record v4_r1
 exit
!
!
flow monitor FLOW-MONITOR-2
 record v6_r1
 exit
!
ip cef
ipv6 cef
!
interface GigabitEthernet0/0/0
 ip address 172.16.6.2 255.255.255.0
 ipv6 address 2001:DB8:2:ABCD::2/48
 ip flow monitor FLOW-MONITOR-1 output
 ipv6 flow monitor FLOW-MONITOR-2 output
!

    Additional References

    Related Documents

    Related Topic

    Document Title

    Cisco IOS commands

    Cisco IOS Master Command List, All Releases

    Flexible NetFlow conceptual information and configuration tasks

    Flexible NetFlow Configuration Guide

    Flexible NetFlow commands

    Cisco IOS Flexible NetFlow Command Reference

    Standards/RFCs

    Standard

    Title

    No new or modified standards/RFCs are supported by this feature.

    MIBs

    MIB

    MIBs Link

    None

    To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

    http://www.cisco.com/go/mibs

    Technical Assistance

    Description

    Link

    The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

    http://www.cisco.com/cisco/web/support/index.html

    Feature Information for Flexible NetFlow - MPLS Egress NetFlow

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
    Table 1. Feature Information for Flexible NetFlow - MPLS Egress NetFlow

    Feature Name

    Releases

    Feature Information

    Flexible NetFlow - MPLS Egress NetFlow

    12.2(33)SRE

    12.2(50)SY

    12.4(22)T

    15.0(1)SY

    15.0(1)SY1

    Cisco IOS XE Release 3.1S

    The Flexible NetFlow--MPLS Egress NetFlow feature allows you to capture IP flow information for packets undergoing MPLS label disposition; that is, packets that arrive on a router as MPLS packets and are transmitted as IP packets.

    Support for this feature was added for Cisco 7200 and 7300 NPE series routers in Cisco IOS Release 12.2(33)SRE.

    No commands were introduced or modified by this feature.