Netflow är ett Cisco-properitärt protokoll som används för att se vilka protokoll som används i ett nätverk och hur mycket trafik de genererar.

Komponenter:

• Flow exporter
• Flow collector, t.ex. Pmacct
• Analysis application, t.ex. Ntopng, FastNetMon

Konfiguration

int gi0/0
 ip flow ingress
 ip flow egress

Top-talkers

ip flow-top-talkers
 sort-by bytes
 top 5

Show

show ip flow top-talkers 
show ip cache flow 

ASR

OBS en ASR kan inte sitt management-interface som source för NetFlow-exporten

flow exporter COLLECTOR
 destination 10.0.0.10
 transport udp 2055
 source gi0/1
 export-protocol netflow-v9
flow monitor FLOW-MONITOR
 record netflow ipv4 original-input
 exporter COLLECTOR
 cache timeout active 60
interface gi0/3
 ip flow monitor FLOW-MONITOR input

"Random Sampled NetFlow is more statistically accurate than Sampled NetFlow." - Cisco

sampler SAMPLER-1
 mode random 1 out-of 1000
interface gi0/3
 ip flow monitor FLOW-MONITOR sampler SAMPLER-1 input

Verify

show flow exporter
show flow interface
show flow monitor
show flow exporter statistics

Nexus

feature netflow

flow exporter COLLECTOR
 destination 10.0.0.10 use-vrf management
 export Version 9
 transport udp 2055
 source mgmt 0
flow monitor FLOW-MONITOR
 exporter COLLECTOR
 record netflow-original

Ska man samla in netflow på ett interface i ett F3-kort måste samplar användas.

sampler SAMPLER-1
 mode 1 out-of 5

Interface

interface Ethernet1/1
 ip flow monitor FLOW-MONITOR input sampler SAMPLER-1

Verify

show flow record netflow-original
show flow exporter
show flow monitor 
show flow interface