📊

Netflow

Version 5: limited to IPv4 flows

Version 9: template-based, IPv4, IPv6, MPLS, BGP.

Netflow Flow Export Format

Cisco Flexible NetFlow

Netflow 5 Configuration


ip flow-export version 5
ip flow-export destination 10.10.10.100 2055
ip flow-export source Loopback0
ip flow-cache timeout active 10
ip flow-cache timeout inactive 25
ip flow-top-talkers
	top 10
	
interface vlan 100
	ip flow ingress
	ip flow egress
	
show ip cache flow
show ip flow top-talkers
show ip flow export

Flexible Netflow Configuration

Flow Records - the definitions of what you want to capture


flow record MYRECORD
	match ipv4 destination address
	match ipv4 tos
	collect interface output
	collect counter bytes
	collect counter packets

Flow Exporter - tool to send the traffic to a remote system


flow exporter MYEXPORTER
	destination 10.10.10.100
	source Loopback0
	transport udp 2055
	export-protocol netflow-v9

Flow Monitor - applied to the interface to actually monitor traffic


flow monitor MYMOITOR
	record MYRECORD
	exporter MYEXPORTER

interface vlan 100
	ip flow monitor MYMONITOR input
	
ip flow-export version 9

Flow Sampler - used to limit the load on the router gathering data

Made with Bullet