|
|
This chapter describes how to configure NetFlow Data Export (NDE) on the Catalyst 6000 family switches.
This chapter consists of these sections:
These sections describe how NDE works:
You can use NDE to monitor all IP Multilayer Switching (MLS) intersubnet traffic through the Multilayer Switch Feature Card (MSFC). NDE complements the embedded Remote Monitoring (RMON) capabilities on the switch that allow you to see all interface traffic.
Integrated MLS management includes products, management utilities, and partner applications designed to gather flow statistics, export the statistics, collect and perform data reduction on the exported statistics, and forward them to applications for traffic monitoring, planning, and accounting. Flow collectors, such as the Cisco SwitchProbe and NetFlow FlowCollector, gather and classify flows. This flow information is then aggregated and fed to applications such as TrafficDirector, NetSys, or NetFlow Analyzer.
An external data collector gathers flow entries from the MLS cache of one or more switches or Cisco routers. The switch or router transmits data to the flow collector by grouping flow entries for expired flows from its MLS cache into a User Datagram Protocol (UDP) datagram, which consists of a header and a series of flow entries. See Figure 21-1.
By default, all expired flows are exported until you specify a filter. After specifying a filter, only expired and purged flows matching the specified filter criteria are exported. Filter values are stored in NVRAM and are not cleared when NDE is disabled.
Table 21-1 shows the default NDE configuration.
| Feature | Default Value |
|---|---|
NDE | Disabled |
NDE data collector address and UDP port | None specified |
NDE filters | None configured |
These sections describe how to configure NDE:
The MSFC and the PFC use the NDE IP address when sending MLS statistics to a data collection application. You must configure the IP address on the MSFC so the data collection application can aggregate export data from both the MSFC and the PFC for the same flow.
If you do not specify an NDE IP address for the MSFC, the MSFC automatically selects the IP address of one of its interfaces and uses that IP address as its NDE IP address and its MLS IP address.
If you manually specify an NDE IP address for the MSFC, the MSFC uses this IP address as its MLS IP address (as shown in the output of the show mls nde command), replacing the one that was automatically selected.
After specifying the NDE IP address for the MSFC, enter the show mls nde command and note the "source address." You must add this address to the included MLS router list on the switch.
 | Caution When you enable MLS on the Catalyst 6000 family switch, the MSFC automatically selects one of its interfaces as the NDE IP address. If you later enable NDE and you specify a different NDE IP address from the automatically selected address, you must include the new MLS IP address in the list of routers participating in MLS on the switch. |
To enable NDE for the first time requires the following three steps:
The collector address and UDP port number are saved in NVRAM and are preserved if NDE is disabled and reenabled or if the switch is power cycled.
To configure a NetFlow internal data export collector, perform this task:
| Command | Purpose |
|---|---|
Router(config)# mls nde [ip-address] | Enable NDE and specify the NDE collector and UDP port. |
This example shows how to enable NDE and specify the internal collector IP address:
Router(config)# mls nde 172.20.52.3 Router(config)#
To configure the NDE flow source interface, perform this task:
| Command | Purpose |
|---|---|
Router(config)# ip flow-export source {interface-type number} | Select the NDE flow source interface. |
This example shows how to configure the NDE flow source interface as Fast Ethernet interface 5/8:
Router(config)# ip flow-export source fastethernet 5/8 Router(config)#
To configure the destination IP address and UDP port to receive the NDE statistics, perform this task:
| Command | Purpose |
|---|---|
Router(config)# ip flow-export destination ip_addres udp-port-number | Configure the NDE destination IP address and UDP port. |
This example shows how to configure the NDE flow destination IP address and UDP port on the switch:
Router(config)# ip flow-export destination 172.20.52.37 200 Router(config)#
To display the NDE address and port configuration for the switch, perform these tasks:
| Command | Purpose |
|---|---|
Router# show mls nde | Display the NDE export flow IP address and UDP port configuration. |
Router# show ip flow export | Display the NDE export flow IP address and UDP port and the NDE source interface configuration. |
This example shows how to display the NDE export flow source IP address and UDP port configuration of the switch:
Router# show mls nde
Netflow Data Export enabled
Netflow Data Export configured for port 0 on Host 0.0.0.0
Source address: 172.20.52.3, port: 8
Version: 0
Include Filter is:
destination: ip address 0.0.0.0, mask 0.0.0.0, port 35
source: ip address 0.0.0.0, mask 0.0.0.0, port 0
Exclude Filter is:
destination: ip address 2.2.2.2, mask 255.255.255.0, port 23
source: ip address 0.0.0.0, mask 0.0.0.0, port 0
Total Netflow Data Export Packets are:
0 packets, 0 no packets, 0 records
Router#
This example shows how to display the NDE export flow IP address and UDP port and the NDE source interface configuration:
Router# show ip flow export Flow export is enabled Exporting flows to 172.20.52.37 (200) Exporting using source interface FastEthernet5/8 Version 1 flow records 0 flows exported in 0 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues Router#
This section describes how to configure NDE flow filters.
By default, all expired flows are exported until you specify a filter. After specifying a filter, only expired and purged flows matching the specified filter criteria are exported. Filter values are stored in NVRAM and are not cleared when NDE is disabled.
To display the configuration of the NDE flow filters you configure, use the show mls nde command described in the "Displaying the NDE Configuration" section.
To specify a destination or source port flow filter, perform this task:
| Command | Purpose |
|---|---|
Router(config)# mls nde flow {exclude | include} {dest-port number | src-port number} | Specify a port filter for an NDE flow. |
This example shows how to specify a port flow filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to ip-flow):
Router(config)# mls nde flow include dest-port 35 Router(config)#
To specify a host and TCP/UDP port flow filter, perform this task:
| Command | Purpose |
|---|---|
Router(config)# mls nde flow {exclude | include} {destination ip_address mask | source ip_address mask {dest-port number | src-port number}} | Specify a host and port flow filter for an NDE flow. |
This example shows how to specify a source host and destination TCP/UDP port flow filter so that only expired flows from host 171.69.194.140 to destination port 23 are exported (assuming the flow mask is set to ip-flow):
Router(config)# mls nde flow exclude destination 2.2.2.2 255.255.255.0 dest-port 23
To specify a destination or source host flow filter, perform this task
| Command | Purpose |
|---|---|
Router(config)# mls nde flow {exclude | include} {destination ip_address mask | source ip_address mask | protocol {tcp {dest-port number | src-port number} | udp {dest-port number | src-port number}} | Specify a host flow filter for an NDE flow. |
This example shows how to specify a host flow filter to include and export only destinations to host 172.20.52.37:
Router(config)# mls nde flow include destination 172.20.52.37 255.255.255.224 Router(config)#
To specify a protocol flow filter, perform this task:
| Command | Purpose |
|---|---|
Router(config)# mls nde flow {exclude | include} protocol {tcp {dest-port number | src-port number} | udp {dest-port number | src-port number}} | Specify a protocol flow filter for an NDE flow. |
This example shows how to specify a TCP protocol flow filter so that only expired flows from destination port 35 are exported:
Router(config)# mls nde flow include protocol tcp dest-port 35 Router(config)#
To clear the NDE flow filter and reset the filter to the default (all flows exported), perform this task:
| Command | Purpose |
|---|---|
Router# clear mls nde flow {all | exclude | include} | Clear the NDE flow filter. |
This example shows how to clear the NDE flow filter so that all flows are exported:
Router# clear mls nde flow all Router#
To display the status of the NDE flow filters, use the show mls nde command described in the "Displaying the NDE Configuration" section.
To disable NDE, perform this task:
| Command | Purpose |
|---|---|
Router# no mls nde {ip_address udp_port} | Disable NDE on the switch. |
This example shows how to disable NDE on the switch and use the show mls nde command to confirm the NDE is disabled:
Router(config)# no mls nde 172.20.52.3 8 Router(config)# ^Z Router# *Nov 4 11:12:06: %SYS-5-CONFIG_I: Configured from console by vty2 (171.69.115.10) Router# show mls nde Netflow Data Export is Disabled Router#
Using the no mls nde command to disable NDE automatically deletes the IP flow export source interface and IP flow export destination IP address configured in the "Enabling NetFlow Data Export" section.
To display the NDE configuration, perform this task:
| Command | Purpose |
|---|---|
Router# show mls nde | Display the NDE configuration on the switch. |
This example shows how to display the NDE configuration on the switch:
Router# show mls nde
Netflow Data Export enabled
Netflow Data Export configured for port 0 on Host 0.0.0.0
Source address: 172.20.52.3, port: 8
Version: 0
Include Filter is:
destination: ip address 0.0.0.0, mask 0.0.0.0, port 35
source: ip address 0.0.0.0, mask 0.0.0.0, port 0
Exclude Filter is:
destination: ip address 2.2.2.2, mask 255.255.255.0, port 23
source: ip address 0.0.0.0, mask 0.0.0.0, port 0
Total Netflow Data Export Packets are:
0 packets, 0 no packets, 0 records
Router#
Posted: Mon Jan 3 14:51:58 PST 2000
Copyright 1989-1999©Cisco Systems Inc.