Cisco IOS-XR:
The NetFlow use these 3 maps to configure
Step1. EXPORTER MAP - configure parameters like export destination IP, udp port (only supported transport protocol), source interface
IPv4:
flow exporter-map NETFLOW-EXPORTER-MAP
version v9
transport udp 9991
source Loopback0
destination 192.168.30.100
IPv6:
flow exporter-map IPv6-NETFLOW-EXPORTER-MAP
version v9
transport udp 9991
source Loopback0
destination 192.168.30.100
Note: destination udp port can be from <1024-65535> (this is where Netflow is listening)
Step2. MONITOR MAP includes flow record map and flow exporter map. Some of the attriubtes that can be configured like number of cache entries and timeout. Record that supports are ipv4, ipv6 and mpls.
IPv4:
flow monitor-map NETFLOW-MONITOR-MAP
record ipv4
exporter NETFLOW-EXPORTER-MAP
cache timeout active 10
cache entries 1000
IPv6:
flow monitor-map IPv6-NETFLOW-MONITOR-MAP
record ipv6
exporter IPv6-NETFLOW-EXPORTER-MAP
cache timeout active 10
cache entries 1000
3.SAMPLER MAP - configure the packet rate (one out of n packets) to sample
sampler-map NETFLOW-SAMPLER-MAP
random 1 out-of 100
sampler-map IPv6-NETFLOW-SAMPLER-MAP
random 1 out-of 100
Note: Sampling interval to use random mode for sampling packets of 1 through 65535 units
Application:
Apply in interface (can be applied in L3 bundle or physical interface, on single or both direction)
configure
interface Te0/0/0/0
flow ipv4 monitor NETFLOW-MONITOR-MAP sampler NETFLOW-SAMPLER-MAP ingress
flow ipv6 monitor IPv6-NETFLOW-MONITOR-MAP sampler NETFLOW-SAMPLER-MAP ingress
Cisco Nexus:
[Pre-config] Enable netflow
configure
feature netflow
Step1. Configure EXPORTER MAP
flow exporter ExporterMap
description Exporter Map to Netflow Server
destination 192.168.30.100 use-vrf management
transport udp 9991
source mgmt0
version 9
option exporter-stats timeout 120
option sampler-table timeout 120
Step2. Configure MONITOR MAP
flow monitor MonitorMap
record netflow-original
exporter ExporterMap
where:netflow-original is the traditional IPv4 input NetFlow with origin ASs
or can use a customized flow record
e.g.
flow record CustomRecord
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port
collect transport tcp flags
collect counter bytes
collect counter packets
flow monitor MonitorMap
record CustomRecord
exporter ExporterMap
sampler SamplerMap
mode 1 out-of 100
configure
interface Eth1/1
ip flow monitor MonitorMap input sampler SamplerMap
Juniper (JunOS):
Step1. Configure EXPORTER MAP
set services flow-monitoring version9 template NETFLOW_MONITOR template-refresh-rate seconds 15
set services flow-monitoring version9 template NETFLOW_MONITOR option-refresh-rate seconds 15
set services flow-monitoring version9 template NETFLOW_MONITOR ipv4-template
Step2. Configure MONITOR MAP
set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 port 9991
set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 source-address 192.168.1.100
set forwarding-options sampling instance NETFLOW_INSTANCE family inet output flow-server 192.168.30.100 version9 template NETFLOW_MONITOR
set forwarding-options sampling instance NETFLOW_INSTANCE family inet output inline-jflow source-address 192.168.1.100
Step3. Configure SAMPLER MAP
set forwarding-options sampling instance NETFLOW_INSTANCE input rate 100
set forwarding-options sampling instance NETFLOW_INSTANCE input run-length 0
Application:
set interfaces ge-0/0/0 unit 0 family inet sampling input
No comments:
Post a Comment