|
|
These release notes describe the features, enhancements, and caveats for Release 3.0 and
Release 3.0 (2.0) of NetFlow FlowCollector.
These release notes include the following topics:
NetFlow FlowCollector provides fast, scalable, and economical data collection from multiple NetFlow export-enabled devices that include Cisco routers and Catalyst 5000 and Catalyst 6000 family switches. FlowCollector is a UNIX application supported on Solaris and HP-UX platforms. It:
FlowCollector is a key provider of time-based, granular data measurements to external applications. Service provider and enterprise customers can use FlowCollector as an integral component of their distributed data collection processes. Traffic accounting details gathered by FlowCollector will drive extensive new capabilities in the areas of network planning, accounting, billing, and network and application resource monitoring, with minimal impact on router performance and without extensive (and expensive) polling operations.
FlowCollector 3.0 operates with the following platforms:
 |
Note To prevent NetFlow data export packet loss, the workstation should be dedicated to the NetFlow data export device (router or switch) and should not be running other applications. |
FlowCollector requires at least 2 MB of disk space for its binary and configuration files.
FlowCollector generates output files containing aggregated data. These files require additional disk space; the exact amount depends on the flow arrival rate, collection interval, number of aggregation schemes specified, binary versus ASCII data file types, use of compression, and data file retention policies.
NetFlow functionality is currently available with the following Cisco devices:
|
Note The NetFlow FlowCollector Installation and User Guide includes specific information relating to the Catalyst 5000. This information also applies to the Catalyst 6000. |
See Table 1 to determine the compatibility among the different Cisco hardware platforms, Cisco IOS software releases, and NetFlow data export versions that are supported.
| Cisco IOS Release | Supported Cisco Hardware Platform(s) | Supported NetFlow Export Version(s) |
|---|---|---|
11.1 CA and | Cisco 7200, 7500, and RSP7000 | V1 and V5 |
11.2 and 11.2 P | Cisco 7200, 7500, and RSP7000 | V1 |
11.2 P | Cisco Route Switch Module (RSM) | V1 |
11.3 and 11.3 T | Cisco 7200, 7500, and RSP7000 | V1 |
12.0 | Cisco 1720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, and RSM | V1 and V5 |
12.0 T | Cisco 1720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM, MGX 8800 RPM, and BPX 8600 | V1 and V5 |
12.0(3)T and later | Cisco 16001, 1720, 25001, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM, MGX8800 RPM, and BPX 8650 | V1, V5, and V8 |
12.0(6)S | Cisco 12000 | V1, V5, and V8 |
12.0(8)T | Cisco AS5300 | V1, V5, and V8 |
--- | Cisco Catalyst 5000 family switches with NetFlow Feature Card (NFFC)2 | V7 |
--- | Cisco Catalyst 6000 family switches with Multilayer Switching Feature Card (MSFC) | V7 |
| 1Support for NetFlow Export V1, V5, and V8 on Cisco 1600 and 2500 platforms is targeted for Cisco IOS Release 12.0(5)T. NetFlow support for these platforms is not available in the Cisco IOS 12.0 mainline release. 2Multilayer Switching and NetFlow data export are supported in Catalyst 5000 family supervisor engine software Release 4.1(1) or later. |
The entire installation process is explained in detail in the NetFlow FlowCollector Installation and User Guide in Chapter 2, "Installing and Configuring FlowCollector." Installation troubleshooting information is located in the NetFlow FlowCollector Installation and User Guide in Appendix A, "Troubleshooting FlowCollector."
This section provides the following information:
You can upgrade to FlowCollector 3.0 from any previous version of FlowCollector. Carefully read all prompts during installation to ensure that existing configuration and data files are processed appropriately.
By default, FlowCollector 3.0 is installed in FlowCollector 2.0-compatible mode. This prevents potential problems with existing FlowCollector 2.0 installations. After installing FlowCollector, you can turn on all FlowCollector 3.0 features through the nf.resources file. See Chapter 2, "Installing and Configuring FlowCollector," in the NetFlow FlowCollector Installation and User Guide for complete installation details.
The following procedure shows an upgrade installation. If you are installing FlowCollector for the first time, the installation is basically the same, but with fewer prompts from the installation script (because there are no files from a previously installed version of FlowCollector). The installation script prompts you for responses to any required steps.
|
Note During an upgrade installation, existing configuration files and data files are detected and you are given the option of saving them with a .old extension. |
To install FlowCollector on a Solaris platform, perform the following steps:
Step 2 Copy the NFC3_0.SOL.tar file from the distribution CD-ROM to a locally mounted directory such as /tmp on the workstation.
Step 3 Extract the FlowCollector files from the tar file.
# tar -xvf NFC3_0.SOL.tar
Step 4 Run the installation script to begin the installation process.
# ./NFC3_0.setup.sh NFC3_0.SOL.Z
Step 5 Follow the prompts as they appear.
The following procedure shows an upgrade installation. If you are installing FlowCollector for the first time, the installation is basically the same as for an upgrade installation, but with fewer prompts from the installation script (because there are no files from a previously installed version of FlowCollector). The installation script prompts you for responses to any required steps.
|
Note During an upgrade installation, existing configuration files and data files are detected and you are given the option of saving them with a .old extension. |
To install FlowCollector on an HP-UX platform, perform the following steps:
Step 2 Copy the NFC3_0.HP_11.tar file from the distribution CD-ROM to a locally mounted directory on the workstation.
Step 3 Extract the FlowCollector files from the tar file.
# tar -xvf NFC3_0.HP_11.tar
Step 4 Run the installation script to begin the installation process.
# ./NFC3_0.setup.sh NFC3_0.HP_11.Z
Step 5 Follow the prompts as they appear.
Add the following environment variables to the startup files (.cshrc or .profile) of all users wanting to run the FlowCollector application. These environment variables identify the location of the FlowCollector directory structure and the nf.resources file:
For C shell users, the commands (using default installation values) are:
setenv NFC_DIR /opt/CSCOnfc setenv NFC_RESOURCEFILE $NFC_DIR/config/nf.resources
For Bourne or Korn shell users, the commands (using default installation values) are:
NFC_DIR=/opt/CSCOnfc; export NFC_DIR NFC_RESOURCEFILE=$NFC_DIR/config/nf.resources; export NFC_RESOURCEFILE
To run FlowCollector, you can be logged in as a user or as root.
To run FlowCollector, perform the following steps:
Step 2 Start the FlowCollector application.
$ $NFC_DIR/bin/nfcollector start all
FlowCollector now runs as several processes.
|
Note Typically, FlowCollector is started and allowed to run until there is some reason to stop it. The NetFlow user interface (NFUI) is separate from FlowCollector and dependent on FlowCollector for current application statistics and resource definitions---such as for threads, filters, and protocols. Once FlowCollector is running, anyone can start the NFUI and use it to review application statistics and resource definitions or to create and modify FlowCollector resource definitions. |
To stop FlowCollector, perform the following steps:
Step 2 Enter the following command to stop the FlowCollector application.
# $NFC_DIR/bin/nfcollector stop all
|
Note To stop FlowCollector, you must be logged in as root or as the user who started this FlowCollector session. |
During installation, you are given the option of removing the existing version of FlowCollector before installing the new version. To permanently remove FlowCollector from a workstation, use the commands that are native to your operating system to remove FlowCollector files and directories.
The following list describes the new features in FlowCollector Release 3.0 and Release 3.0 (2.0) and includes a reference to the NetFlow FlowCollector Installation and User Guide where details on the new feature can be located.
A new aggregation scheme named ASPort is included with Release 3.0 (2.0).
The output of the ASPort aggregation scheme consists of one record for each unique combination of source autonomous system number, destination autonomous system number, source source port, destination port, and protocol present in the flow data received by FlowCollector during the current collection period. Each output record contains the following fields:
Key fields: src_as, dst_as, srcport, dstport, protocol |
Value fields:packet count, byte count, flow count |
This section includes important information regarding the operation of FlowCollector 3.0.
When a FlowCollector workstation receives RawFlow data, FlowCollector always uses the same amount of disk space for that data regardless of the amount of RawFlow data that is received. Table 2 shows the maximum packet size of each datagram version. RawFlow data written by FlowCollector is a fixed size packet, depending on the version of the export datagram received, but regardless of the number of entries in the export flow packet. For example, if FlowCollector receives a V5 RawFlow datagram, it always writes 1464 bytes to disk; if it receives a V1 RawFlow datagram, it always writes 1168 bytes to disk, and so on.
| Datagram Version | Maximum Packet Size |
|---|---|
V1 | 1168 |
V5 | 1464 |
V7 | 1428 |
V8 - RouterAS | 1456 |
V8 - RouterProtoPort | 1456 |
V8 - RouterSrcPrefix | 1436 |
V8 - RouterDstPrefix | 1436 |
V8 - RouterPrefix | 1428 |
This section includes the caveats known to exist in FlowCollector Release 3.0.
|
Note These caveats have been addressed in FlowCollector Release 3.0 (2.0). |
chown bin nfc.log
chmod: can't access /opt/CSCOnfc/doc
/opt/CSCOnfc/doc: No such file or directory
/opt/CSCOnfc/doc: No such file or directory
This section includes corrections, changes, and additions to the NetFlow FlowCollector Installation and User Guide that occurred after the guide was printed.
Corrections exist to the descriptions of some of the NetFlow export datagram formats located in Appendix B of the NetFlow FlowCollector Installation and User Guide. This section provides the old entries and the corrected entries.
| Bytes | Contents | Old Description | New Description |
|---|---|---|---|
12-13 | input | SNMP index of input interface | Interface index (ifindex) of input interface |
14-15 | output | SNMP index of output interface | Interface index (ifindex) of output interface |
| Bytes | Contents | Old Description | New Description |
|---|---|---|---|
12-13 | input | SNMP index of input interface | Interface index (ifindex) of input interface |
14-15 | output | SNMP index of output interface | Interface index (ifindex) of output interface |
| Bytes | Contents | Old Description | New Description |
|---|---|---|---|
12-13 | input | SNMP index of input interface; always set to zero. | Interface index (ifindex) of input interface; always set to zero. |
14-15 | output | SNMP index of output interface | Interface index (ifindex) of output interface |
| Bytes | Contents | Old Description | New Description |
|---|---|---|---|
20-21 | src_as | Source autonomous system number, either origin or peer; always set to zero | Source autonomous system number, either origin or peer |
22-23 | dst_as | Destination autonomous system number, either origin or peer; always set to zero | Destination autonomous system number, either origin or peer |
24-25 | input | SNMP index of input interface; always set to zero | Interface index (ifindex) of input interface |
26-27 | output | SNMP index of output interface | Interface index (ifindex) of output interface |
| Bytes | Contents | Old Description | New Description |
20 | prot | IP protocol type (for example, | IP protocol type (for example, TCP = 6; UDP = 17) |
24-25 | srcport | TCP/UDP source port number; set to zero if flow mask is destination-only or source-destination | TCP/UDP source port number |
26-27 | dstport | TCP/UDP destination port number; set to zero if flow mask is destination-only or source-destination | TCP/UDP destination port number |
| Bytes | Contents | Old Description | New Description |
24 | dst_mask | Destination address prefix mask; always set to zero | Destination address prefix mask |
26-27 | dst_as | Destination autonomous system number, either origin or peer; always set to zero | Destination autonomous system number, either origin or peer |
28-29 | output | SNMP index of output interface | Interface index (ifindex) of output interface |
Table B-11 Version 8 RouterSrcPrefix Flow Record Format
| Bytes | Contents | Old Description | New Description |
24 | src_mask | Source address prefix mask; always set to zero | Source address prefix mask |
26-27 | src_as | Source autonomous system number, either origin or peer; always set to zero | Source autonomous system number, either origin or peer |
28-29 | input | SNMP index of input interface; always set to zero | Interface index (ifindex) of input interface |
Table B-12 Version 8 RouterPrefix Flow Record Format
| Bytes | Contents | Old Description | New Description |
28 | src_mask | Source address prefix mask; always set to zero | Source address prefix mask |
29 | dst_mask | Destination address prefix mask; always set to zero | Destination address prefix mask |
32-33 | src_as | Source autonomous system number, either origin or peer; always set to zero | Source autonomous system number, either origin or peer |
34-35 | dst_as | Destination autonomous system number, either origin or peer; always set to zero | Destination autonomous system number, either origin or peer |
36-37 | input | SNMP index of input interface; always set to zero | Interface index (ifindex) of input interface |
38-39 | output | SNMP index of output interface | Interface index (ifindex) of output interface |
Refer to the following documents for additional NetFlow information:
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can reach CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
|
Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com. |
Cisco documentation and additional literature are available in a CD-ROM package that ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Thu Feb 3 20:16:12 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.