NetFlow in Cisco-Capable devices.

NetFlow is a tool used to export flows of traffic that transit through an interface on a router.
NetFlow version 5, 8 and 9 support IPv4, only version 9 supports IPv6, the default transport used is UDP.

Flows should be analyzed locally in the router or sent to a NetFlow Server periodically to permit a deeper and more convenient analysis.

IMPORTANT NOTE: Check CPU Usage of the Cisco Device prior to enable NetFlow. NetFlow caching could be very CPU Intensive, in High-Traffic operating Devices!

Cisco commands used on NetFlow Configuration:

NetFlow server updated frequency (in minutes):

ip flow-cache timeout active 1

NetFlow Version (5, 8 and 9 support IPv4, only 9 supports IPv6):

ip flow-export version 9

Netflow server destination IP and port:

ip flow-export destination [server] [port]

Interface-Level command to enable Netflow for ingress and/or egress Flows:

ip flow ingress
ip flow egress

Source interface for communication with the Netflow server:

ip flow-export source [interface]

Some Verification and Configuration checks:

show ip flow export
show ip cache flow

Example to activate ingress and egress flows exportation every two minutes on interface Gi0/3, and updates the NetFlow server (NFDUMP on Ubuntu 12.04 LTS Server) using NetFlow version 9.

ip flow-cache timeout active 2
ip flow-export version 9
ip flow-export destination AAA.BBB.CCC.DDD 9995
!
interface Gi0/3
 ip flow ingress
 ip flow egress

Comments are closed.