Configuring VXLAN-Aware Flexible Netflow

Restrictions for VXLAN-Aware Flexible NetFlow

Traffic capture using VXLAN-aware Flexible NetFlow is limited to unicast traffic.

Information About VXLAN-Aware Flexible NetFlow

Flexible NetFlow (FNF) uses flows to provide statistics for accounting, network monitoring, and network planning. VXLAN-aware FNF provides information about the VXLAN-encapsulated IPV4 and IPV6 packets in the network. VXLAN-aware FNF captures the VXLAN flow information for both bridged and routed traffic.

A flow is a unidirectional stream of packets that arrives on a source interface and has the same values for the keys. A key is an identified value for a field within the packet. You create a flow using a flow record to define the unique keys for your flow. FNF allows you to define an optimal flow record for a particular application by selecting the keys from a large collection of predefined fields. All key values must match for the packet to count in a given flow. Flows are stored in the FNF cache. You can export the data FNF gathers for your flow by using an exporter.

In a BGP EVPN VXLAN fabric, an FNF monitor is configured on the NVE interface on a VTEP and on the physical interface on a spine switch. For more information about FNF, see Configuring Flexible NetFlow module of the Network Management Configuration Guide.

How to Configure VXLAN-Aware Flexible NetFlow

To configure VXLAN-aware FNF, perform these steps:

  1. Create a flow record by specifying key fields and non-key fields to the flow.

  2. Create a flow exporter by specifying the export protocol and transport destination port, source, and other parameters.

  3. Create a flow monitor based on the flow record and flow exporter.

  4. Apply the flow monitor to the network virtualization edge (NVE) interface on the VTEPs.


Note

The commands listed in this section are applicable only to VXLAN-aware FNF. For detailed steps to configure FNF, see How to Configure Flexible Netflow section in the Configuring Flexible NetFlow module of the Network Management Configuration Guide.

Configuring a Flow Record

To configure a flow record for VXLAN-aware FNF, perform the following steps:


Note

All the match commands listed in this configuration task are mandatory.

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.
Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 3

flow record flow-record-name

Example:

Device(config)# flow record vxlan_nf_record_input

Creates a flow record and enters flow record configuration mode.

This command also allows you to modify an existing flow record.

Note 

We recommend that you configure a unique flow record for each address family (IPv4 and IPv6) and also for each traffic direction (input and output).

Ensure that the flow record for ingress traffic has the match commands configured with the input keyword.

Ensure that the flow record for egress traffic has the match commands configured with the output keyword.

Step 4

match datalink vlan { input | output}

Example:

Device(config-flow-record)# match datalink vlan output

Configures the VLAN ID (for input or output traffic) as a key field for the FNF flow record.

Note 

Ensure that you configure the vlan input and vlan output fields. These fields are required for VXLAN-aware FNF to work on EVPN input and output traffic flows.

Step 5

match routing vrf input

Example:

Device(config-flow-record)# match routing vrf input

Configures the VRF ID (for input or output traffic) as a key field for the FNF flow record.

Note 

Ensure that you configure the vrf input field. This field is required for VXLAN-aware FNF to work on EVPN input and output traffic flows.

Step 6

match vxlan vtep { input | output}

Example:

Device(config-flow-record)# match vxlan vtep output

Configures the VTEP ID as a key field for the FNF flow record.

The input keyword shows the VTEP source IP address in the captured flow.

The output keyword shows the VTEP destination IP address in the captured flow

Step 7

match vxlan vnid

Example:

Device(config-flow-record)# match vxlan vnid

Configures the VXLAN VNI ID as a key field for the FNF flow record.
Step 8

end

Example:

Device(config-flow-record)# end

Returns to privileged EXEC mode.

Configuring Flow Exporter

To configure flow exporter for VXLAN-aware FNF, perform the following steps:

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.
Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 3

flow exporter flow-exporter-name

Example:

Device(config)# flow exporter e1

Creates a flow exporter and enters flow exporter configuration mode.
Step 4

destination ipv4-address

Example:

Device(config-flow-exporter)# destination 172.16.103.2

Sets the IPv4 destination address or hostname for the exporter.
Step 5

source interface-type interface-number

Example:

Device(config-flow-exporter)# source TenGigabitEthernet1/5/0/3

Specifies the interface to use to reach the NetFlow collector at the configured destination.

Ensure that the source IP address is unique per fabric.

Note 

We recommend that you configure a unique Loopback on each VTEP.
Note 

Flow exporter does not support unnumbered IP interface as source interface.
Step 6

ttl seconds

Example:

Device(config-flow-exporter)# ttl 4

Configures the time-to-live (TTL) value for datagrams sent by the exporter.

The range is from 1 to 255 seconds. The default is 255.
Step 7

transport udp port-number

Example:

Device(config-flow-exporter)# transport udp 2055

Specifies the UDP port to use to reach the NetFlow collector.
Step 8

export-protocol { ipfix | netflow-v9}

Example:

Device(config-flow-exporter)# export-protocol ipfix

Specifies the version of the NetFlow export protocol used by the exporter.
Step 9

end

Example:

Device(config-flow-exporter)# end

Returns to privileged EXEC mode.

Configuring a Flow Monitor

To configure a flow monitor for VXLAN-aware FNF, perform the following steps:

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.
Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 3

flow monitor flow-monitor-name

Example:

Device(config)# flow monitor vxlan_nf_monitor_input

Creates a flow monitor and enters flow monitor configuration mode.

This command also allows you to modify an existing flow monitor.
Step 4

exporter flow-exporter-name

Example:

Device(config-flow-monitor)# exporter e1

Specifies the name of the flow exporter that was created previously and associates it with the specified flow monitor.
Step 5

record flow-record-name

Example:

Device(config-flow-monitor)# record vxlan_nf_record_input

Specifies the record for the flow monitor.
Step 6

end

Example:

Device(config-flow-monitor)# end

Returns to privileged EXEC mode.

Configuring Flexible NetFlow on an NVE Interface

To configure VXLAN-aware FNF on the NVE interface of a VTEP, perform the following steps:

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.
Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 3

interface nve-interface-number

Example:

Device(config)# interface nve1

Specifies the network virtualization edge (NVE) interface number and enters interface configuration mode.
Step 4

ip flow monitor flow-monitor-name { input | output}

Example:

Device(config-if)# ip flow monitor vxlan_nf_monitor_input input

Associates the IPv4 flow monitor to the NVE interface for input or output packets.
Step 5

ipv6 flow monitor flow-monitor-name { input | output}

Example:

Device(config-if)# ipv6 flow monitor vxlan_nf_v6monitor_input input

Associates the IPv6 flow monitor to the NVE interface for input or output packets.
Step 6

end

Example:

Device(config-if)# end

Returns to privileged EXEC mode.

Configuration Examples for VXLAN-Aware Flexible NetFlow

This section provides configuration examples for VXLAN-aware FNF using the following topology:

Figure 1. EVPN VXLAN Topology with VXLAN-Aware Flexible NetFlow

Configuring VTEP 1 to enable VXLAN-Aware Flexible NetFlow

The following table provides a sample configuration for VTEP 1 to enable VXLAN-aware FNF:

Table 1. Configuring VTEP 1 to enable VXLAN-Aware Flexible NetFlow

VTEP 1

 
Leaf-01# show running-config

<snip: only config relevant to vxlan netflow is shown>
flow record vxlan_nf_record_input
 match datalink vlan input
 match datalink mac source address input
 match datalink mac destination address input
 match routing vrf input
 match ipv4 ttl
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match transport icmp ipv4 type
 match transport icmp ipv4 code
 match transport igmp type
 match interface input
 match flow direction
 match vxlan vnid
 match vxlan vtep input
 match vxlan vtep output
 collect counter bytes long
 collect counter packets long
 collect timestamp absolute first
 collect timestamp absolute last
!
flow record vxlan_nf_record_output
 match datalink mac destination address output
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match datalink vlan output
 match vxlan vnid
 match vxlan vtep input
 match vxlan vtep output
 collect counter bytes long
 collect counter packets long
 collect timestamp absolute first
 collect timestamp absolute last
!

flow record vxlan_nf_v6record_input
 match datalink vlan input
 match routing vrf input
 match ipv6 protocol
 match ipv6 source address
 match ipv6 destination address
 match transport source-port
 match transport destination-port
 match vxlan vnid
 match vxlan vtep input
 match vxlan vtep output
 collect counter bytes long
 collect counter packets long
 collect timestamp absolute first
 collect timestamp absolute last
!
flow record vxlan_nf_v6record_output
  match datalink vlan output
 match ipv6 protocol
 match ipv6 source address
 match ipv6 destination address
 match transport source-port
 match transport destination-port
 match vxlan vnid
 match vxlan vtep input
 match vxlan vtep output
 collect counter bytes long
 collect counter packets long
 collect timestamp absolute first
 collect timestamp absolute last
!
flow exporter e1
 destination 172.16.103.2
 source TenGigabitEthernet1/5/0/3
 ttl 4
 transport udp 2055
 export-protocol ipfix
!
flow monitor vxlan_nf_monitor_input
 exporter e1
 cache timeout inactive 100
 cache timeout active 100
 record vxlan_nf_record_input
 !
!
flow monitor vxlan_nf_monitor_output
 exporter e1
 cache timeout inactive 100
 cache timeout active 100
 record vxlan_nf_record_output
 !
!
flow monitor vxlan_nf_v6monitor_input
 exporter e1
 cache timeout inactive 100
 cache timeout active 100
 record vxlan_nf_v6record_input
 !
!
 
flow monitor vxlan_nf_v6monitor_output
 exporter e1
 cache timeout inactive 100
 cache timeout active 100
 record vxlan_nf_v6record_output
!
interface nve1
 ip flow monitor vxlan_nf_monitor_input input
 ip flow monitor vxlan_nf_monitor_output output
 ipv6 flow monitor vxlan_nf_v6monitor_input input
 ipv6 flow monitor vxlan_nf_v6monitor_output output
!
Leaf-01#

Checking IPv4 Input Flow Monitor Cache Output

The following example provides a sample output to check the IPv4 input flow monitor cache output on VTEP 1:

Leaf-01# configure terminal
Leaf-01(config)# show flow monitor vxlan_nf_monitor_input cache format table

  Cache type:                               Normal (Platform cache)

  Cache size:                                10000

  Current entries:                               4



  Flows added:                                   8

  Flows aged:                                    4

    - Inactive timeout    (   100 secs)          4
DATALINK VLAN INPUT  DATALINK MAC SRC ADDR INPUT  DATALINK MAC DST ADDR INPUT  IP VRF ID INPUT                IPV4 SRC ADDR    IPV4 DST ADDR    TRNS SRC PORT  TRNS DST PORT  ICMP IPV4 TYPE  ICMP IPV4 CODE  IGMP TYPE  INTF INPUT            FLOW DIRN      VXLAN VXLAN VNID  VXLAN VXLAN VTEP INPUT  VXLAN VXLAN VTEP OUTPUT  IP PROT  IP TTL            bytes long             pkts long  time abs first  time abs last
===================  ===========================  ===========================  =============================  ===============  ===============  =============  =============  ==============  ==============  =========  ====================  =========  ====================  ======================  =======================  =======  ======  ====================  ====================  ==============  =============
                 13  AAAA.CCCC.1003               AAAA.BBBB.1003               3          (l3vni5001)         192.168.13.3     192.168.13.2                 0              0               0               0          0  Null                  Input                     10013  2.2.2.2                 1.1.1.1                       61      64              43517376                 43172    14:00:41.391   14:01:34.391
                 11  AAAA.CCCC.1001               AAAA.BBBB.1001               2          (l3vni5000)         192.168.11.3     192.168.11.2                 0              0               0               0          0  Null                  Input                     10011  2.2.2.2                 1.1.1.1                       61      64              43517376                 43172    14:00:41.391   14:01:34.391
                 10  AAAA.CCCC.1002               AAAA.BBBB.1002               2          (l3vni5000)         192.168.10.3     192.168.10.2                 0              0               0               0          0  Null                  Input                     10010  2.2.2.2                 1.1.1.1                       61      64              43517376                 43172    14:00:41.391   14:01:34.391
                 12  AAAA.CCCC.1004               AAAA.BBBB.1004               3          (l3vni5001)         192.168.12.3     192.168.12.2                 0              0               0               0          0  Null                  Input                     10012  2.2.2.2                 1.1.1.1                       61      64              43517376                 43172    14:00:41.391   14:01:34.391

Leaf-01#

Checking IPv4 Output Flow Monitor Cache Output

The following example provides a sample output to check the IPv4 output flow monitor cache output on VTEP 1:

Leaf-01# configure terminal
Leaf-01(config)# show flow monitor vxlan_nf_monitor_output cache format table

  Cache type:                               Normal (Platform cache)

  Cache size:                                10000

  Current entries:                               4

  Flows added:                                   8

  Flows aged:                                    4

    - Inactive timeout    (   100 secs)          4

DATALINK MAC DST ADDR OUTPUT  IPV4 SRC ADDR    IPV4 DST ADDR    TRNS SRC PORT  TRNS DST PORT  DATALINK VLAN OUTPUT      VXLAN VXLAN VNID  VXLAN VXLAN VTEP INPUT  VXLAN VXLAN VTEP OUTPUT  IP PROT            bytes long             pkts long  time abs first  time abs last
============================  ===============  ===============  =============  =============  ====================  ====================  ======================  =======================  =======  ====================  ====================  ==============  =============
AAAA.CCCC.1002                192.168.10.2     192.168.10.3                 0              0                    10                 10010  1.1.1.1                 2.2.2.2                       61              44812536                 43172    14:00:41.391   14:01:34.391
AAAA.CCCC.1004                192.168.12.2     192.168.12.3                 0              0                    12                 10012  1.1.1.1                 2.2.2.2                       61              44812536                 43172    14:00:41.391   14:01:34.391
AAAA.CCCC.1003                192.168.13.2     192.168.13.3                 0              0                    13                 10013  1.1.1.1                 2.2.2.2                       61              44812536                 43172    14:00:41.391   14:01:34.391
AAAA.CCCC.1001                192.168.11.2     192.168.11.3                 0              0                    11                 10011  1.1.1.1                 2.2.2.2                       61              44812536                 43172    14:00:41.391   14:01:34.391

Leaf-01#

Checking IPv6 Input Flow Monitor Cache Output

The following example provides a sample output to check the IPv6 input flow monitor cache output on VTEP 1:

Leaf-01# configure terminal
Leaf-01(config)# show flow monitor vxlan_nf_v6monitor_input cache format table

  Cache type:                               Normal (Platform cache)

  Cache size:                                10000

  Current entries:                               4



  Flows added:                                   8

  Flows aged:                                    4

    - Inactive timeout    (   100 secs)          4
IPV6 SRC ADDR                                  IPV6 DST ADDR                                  TRNS SRC PORT  TRNS DST PORT      VXLAN VXLAN VNID  VXLAN VXLAN VTEP INPUT  VXLAN VXLAN VTEP OUTPUT  IP PROT            bytes long             pkts long  time abs first  time abs last
=============================================  =============================================  =============  =============  ====================  ======================  =======================  =======  ====================  ====================  ==============  =============
192:168:12::3                                  192:168:12::2                                              0              0                 10012  2.2.2.2                 1.1.1.1                       59              43517376                 43172    14:00:41.391   14:01:34.391
192:168:10::3                                  192:168:10::2                                              0              0                 10010  2.2.2.2                 1.1.1.1                       59              43517376                 43172    14:00:41.391   14:01:34.391
192:168:13::3                                  192:168:13::2                                              0              0                 10013  2.2.2.2                 1.1.1.1                       59              43517376                 43172    14:00:41.391   14:01:34.391
192:168:11::3                                  192:168:11::2                                              0              0                 10011  2.2.2.2                 1.1.1.1                       59              43517376                 43172    14:00:41.391   14:01:34.391

Leaf-01#