Netflow quick notes

Netflow quick notes for basic config.

NETFLOW EXPORT

Send NetFlow data to a collector:

From? (source)
Where? (destination, port)
How? (udp, sctp, backup)
Version? (1,5,9)

SAMPLING / FILTERING

Not all traffic is evaluated to generate NetFlow statistics. Sampling (one packet each N) of filtering (sampling only on a class of traffic).

applied to interface
applied to policy map (with optional filter)
“filter” is applied with “match” in the class map and netflow-samples in policy-map

AGGREGATION CACHE

Aggregate flows based on some criteria. Aggregated flow informations are sent to a specific destination.

ip flow-aggregation cache protocol-port 
 cache entries 2046 
 cache timeout inactive 200 
 cache timeout active 45 
 export destination 10.42.42.1 9992 
 enabled

TOP TALKERS

No need to export, NetFlow information are shown in the router itself.

Configuration:

enable
configure terminal
ip flow-top-talkers
top number
sort-by [bytes | packets
cache-timeout milliseconds
end

All information and configuration examples taken from NetFlow Configuration Guide on Cisco website.

Netflow quick notes

NETFLOW EXPORT

SAMPLING / FILTERING

AGGREGATION CACHE

TOP TALKERS

ifconfig.it