Difference between revisions of "Cisco NetFlow"

From HackerNet
Jump to: navigation, search
Line 3: Line 3:
 
Komponenter:
 
Komponenter:
 
* Flow exporter
 
* Flow exporter
* Flow collector, t.ex. [[Ntopng]]
+
* Flow collector, t.ex. [[Pmacct]]
* Analysis application
+
* Analysis application, t.ex. [[Ntopng]], [[FastNetMon]]
  
 
=Konfiguration=
 
=Konfiguration=
Line 21: Line 21:
  
 
===ASR===
 
===ASR===
  ip flow-export destination 10.0.0.10 2055  
+
OBS en ASR kan inte sitt management-interface som source för NetFlow-exporten
  ip flow-export source gi0/0
+
  flow exporter COLLECTOR
ip flow-export version 9
+
  destination 10.0.0.10
 +
  transport udp 2055
 +
  source gi0/1
 +
  export-protocol netflow-v9
 +
flow monitor FLOW-MONITOR
 +
  record netflow ipv4 original-input
 +
  exporter COLLECTOR
 +
  cache timeout active 60
 +
  interface gi0/3
 +
  ip flow monitor FLOW-MONITOR input
 +
"Random Sampled NetFlow is more statistically accurate than Sampled NetFlow." - Cisco
 +
sampler SAMPLER-1
 +
  mode random 1 out-of 1000
 +
interface gi0/3
 +
  ip flow monitor FLOW-MONITOR sampler SAMPLER-1 input
  
  show ip flow export
+
Verify
 +
  show flow exporter
 +
show flow interface
 +
show flow monitor
 +
show flow exporter statistics
  
 
[[Category:Cisco]]
 
[[Category:Cisco]]

Revision as of 12:19, 20 April 2016

Netflow är ett Cisco-properitärt protokoll som används för att se vilka protokoll som används i ett nätverk och hur mycket trafik de genererar.

Komponenter:

Konfiguration

int gi0/0
 ip flow ingress
 ip flow egress

Top-talkers

ip flow-top-talkers
 sort-by bytes
 top 5

Show

show ip flow top-talkers 
show ip cache flow 

ASR

OBS en ASR kan inte sitt management-interface som source för NetFlow-exporten

flow exporter COLLECTOR
 destination 10.0.0.10
 transport udp 2055
 source gi0/1
 export-protocol netflow-v9
flow monitor FLOW-MONITOR
 record netflow ipv4 original-input
 exporter COLLECTOR
 cache timeout active 60
interface gi0/3
 ip flow monitor FLOW-MONITOR input

"Random Sampled NetFlow is more statistically accurate than Sampled NetFlow." - Cisco

sampler SAMPLER-1
 mode random 1 out-of 1000
interface gi0/3
 ip flow monitor FLOW-MONITOR sampler SAMPLER-1 input

Verify

show flow exporter
show flow interface
show flow monitor
show flow exporter statistics