Cisco Nexus 7000 NETFLOW Concepts and Configuration
One of the projects I’m working on right now which needs to be implement to enable NetFlow feature on a few pair of Nexus 7009s and export data to NTA(solarwinds).
NetFlow is all about capturing network traffic statistics and use those statistics for planning and traffic engineering.
Nexus supports NetFlow feature and it can be enabled using “feature netflow” command, but lets understand how NetFlow works first.
Cisco uses a process called NDE or NetFlow Data Export which exports the statistics gathered by NetFlow engine to a NetFlow Collector for storage and analysis.
Nexus identifies a flow as a collection of packets which use the same value for one of these fields:
- Ingress interface
- Src-Dst ip address
- Protocol Number
- TOS (Type of Service)
- Src-Dst port
Nexus 7000 NetFlow entry creation happens at the hardware layer and it does not involve the CPU.
Each I/O module has its own NetFlow Table and a NetFlow Client. When NetFlow is configured through CLI or XML services , NetFlow configuration then will be distributed to these NetFlow Clients.
NetFlow is supported by all M1, M2, M3, F1, F2,F3 and F4 cards using NX-OS 7.X and above.
SVI NetFlow is only supported when an L3 capable module is present in the switch.
NetFlow can be monitored constantly or can be monitored by taking samples. The benefit of using Sampled NetFlow is that it puts less load on the CPU vs. continues mode.
In order to configure NetFlow we need to follow a few steps.
- – Enable NetFlow feature
- – Create a Flow Record
- – Create a Flow Exporter
- – Create a Flow Monitor as assign it to an interface
NetFlow can be enabled like any other Nexus feature by running “feature netflow” in the config mode.
A Flow record is consisted of two types of statements :
- 1. Match statements based on ip protocols/tos , ipv4 src-dst , ipv6 src-dst , transport src-dst port , DataLink src-dst mac/ethertype or vlan
- 2. Collect statements based on counter(bytes/packets), flow dirrection, interface (input/output) and routing
Heere an example for a Flow Record which captures flow information based on ipv4 source and destination :
N7K01(config)#flow record IPV4-TRAFFIC
N7K01(config-flow-record)#match ipv4 source address
N7K01(config-flow-record)#match ipv4 destination address
N7K01(config-flow-record)#collect counters packets
N7K01(config-flow-record)#collect counters bytes
Next step is to create a Flow Exporter. Using an exporter we are telling the NetFlow engine where to send the statistics it captured based on the Flow Records.
I/O module CPU sends the flow information through Switched EOBC (Ethernet Out-Of-Band Channel) to the SUP module CPU. then the SUP module CPU will export the Flow to external NetFlow Collector through out of band mgmt0 or an inband destination via Virtual Output Queues.
here is a sample flow exporter configuration :
N7K01(config)#flow exporter OPNET
N7K01(config-flow-exporter)#destination 10.10.10.10 use-vrf management
N7K01(config-flow-exporter)#transport udp 2055
Nexus supports both NetFlow v5.0 and v9.0. you need to select the protocol version and port number based on what your NetFlow Collector application supports.
Next step is to create a flow monitor which correlates the NetFlow Exporter and NetFlow Records together and assign them to the interface.
Here is an example :
N7K01(config)#flow monitor FLOWMON
N7K01(config)#interface eth 1/16
N7K01(config-if)#ip flow monitor FLOWMON input
N7K01(config-if)#ip flow monitor FLOWMON output
As I mentioned before, using Sampled NetFlow it will have lower impact on the processor, here is sample configuration while having a Sampler configured:
N7K01(config-flow-sampler)#description sampler for eth1/16
N7K01(config-flow-sampler)#mode 1 out-of 1000
N7K01(config)#interface eth 1/16
N7K01(config-if)#ip flow monitor FLOWMON input sampler NF-SAMPLER
N7K01(config-if)#ip flow monitor FLOWMON output sampler NF-SAMPLER
SOLARWIND NTA EXAMPLE Configuration :
Example Nexus 7000 Config, flexible v9 specific – All NTA versions
flow record ipv4
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes
collect counter packets
flow exporter NetFlow-to-Orion
destination 10.10.10.10 (ip address of Orion server)
source vlan254 (interface with IP address Orion is managing the device with)
transport udp 2055 (Netflow collector port)
export-protocol Netflow version 9
template data timeout 60 (This will ensure the template is exported every 1 minute, default is 600 seconds)
flow monitor NetFlow-Monitor
description Original Netflow captures
cache timeout inactive 10
cache timeout active 1
vlan configuration 777
ip flow monitor NetFlow-Monitor input
Happy Labbbiiiiiiiiiiiiiiiiiiiing !