{"id":706,"date":"2017-06-02T22:00:37","date_gmt":"2017-06-02T21:00:37","guid":{"rendered":"http:\/\/www.balajibandi.com\/?p=706"},"modified":"2018-09-16T11:26:49","modified_gmt":"2018-09-16T10:26:49","slug":"cisco-nexus-7000-netflow-concepts-and-configuration","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=706","title":{"rendered":"Cisco Nexus 7000 NETFLOW Concepts and Configuration"},"content":{"rendered":"<h1><span style=\"text-decoration: underline;\"><strong><span style=\"color: #3366ff; text-decoration: underline;\">Cisco Nexus 7000 NETFLOW Concepts and Configuration<\/span><\/strong><\/span><\/h1>\n<p>&nbsp;<\/p>\n<p>One of the projects I\u2019m working on right now which needs to be implement to enable NetFlow feature on \u00a0a few pair of Nexus 7009s and export data to NTA(solarwinds).<\/p>\n<p>NetFlow is all about capturing network traffic statistics and use those statistics for planning and traffic engineering.<\/p>\n<p>Nexus supports NetFlow feature and it can be enabled using \u201c<strong><em>feature netflow<\/em><\/strong>\u201d command, but lets understand how NetFlow works first.<\/p>\n<p>Cisco uses a process called NDE or <strong>NetFlow Data Export<\/strong> which exports the statistics gathered by NetFlow engine to a NetFlow Collector for storage and analysis.<\/p>\n<p id=\"eYplzcD\"><img loading=\"lazy\" decoding=\"async\" width=\"551\" height=\"475\" class=\"alignnone size-full wp-image-708 \" src=\"http:\/\/www.balajibandi.com\/wp-content\/uploads\/2018\/09\/img_5b9e2eaa53d1b.png\" alt=\"\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2018\/09\/img_5b9e2eaa53d1b.png 551w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2018\/09\/img_5b9e2eaa53d1b-300x259.png 300w\" sizes=\"auto, (max-width: 551px) 100vw, 551px\" \/><\/p>\n<p>Nexus identifies a flow as a collection of packets which use the same value for one of these fields:<\/p>\n<ul>\n<li>Ingress interface<\/li>\n<li>Src-Dst ip address<\/li>\n<li>Protocol Number<\/li>\n<li>TOS (Type of Service)<\/li>\n<li>Src-Dst port<\/li>\n<\/ul>\n<p>Nexus 7000 NetFlow entry creation happens at the hardware layer and it does not involve the CPU.<\/p>\n<p>Each I\/O module has its own NetFlow Table and a NetFlow Client. When NetFlow is configured through CLI or XML services , NetFlow configuration then will be distributed to these NetFlow Clients.<\/p>\n<p>NetFlow is supported by all M1, M2, M3, F1, F2,F3 and F4 cards using NX-OS 7.X and above.<\/p>\n<p>SVI NetFlow is only supported when an L3 capable module is present in the switch.<\/p>\n<p>NetFlow can be monitored constantly or can be monitored by taking samples. The benefit of using Sampled NetFlow is that it puts less load on the CPU vs. continues mode.<\/p>\n<p>In order to configure NetFlow we need to follow a few steps.<\/p>\n<blockquote>\n<ol>\n<li>&#8211;\u00a0 Enable NetFlow feature<\/li>\n<li>&#8211; Create a Flow Record<\/li>\n<li>&#8211; Create a Flow Exporter<\/li>\n<li>&#8211; Create a Flow Monitor as assign it to an interface<\/li>\n<\/ol>\n<\/blockquote>\n<p>NetFlow can be enabled like any other Nexus feature by running\u00a0<em>\u201c<strong>feature netflow<\/strong>\u201d<\/em>\u00a0in the config mode.<\/p>\n<p>A Flow record is consisted of two types of statements :<\/p>\n<blockquote>\n<ol>\n<li>1. Match statements based on ip protocols\/tos , ipv4 src-dst , ipv6 src-dst , transport src-dst port , DataLink src-dst mac\/ethertype or vlan<\/li>\n<li>2. Collect statements based on counter(bytes\/packets), flow dirrection, interface (input\/output) and routing<\/li>\n<\/ol>\n<\/blockquote>\n<p>Heere an example for a Flow Record which captures flow information based on ipv4 source and destination :<\/p>\n<blockquote><p><em>N7K01(config)#feature netflow<br \/>\nN7K01(config)#flow record\u00a0IPV4-TRAFFIC<br \/>\nN7K01(config-flow-record)#match ipv4 source address<br \/>\nN7K01(config-flow-record)#match ipv4 destination address<br \/>\nN7K01(config-flow-record)#collect counters packets<br \/>\nN7K01(config-flow-record)#collect counters bytes<\/em><\/p><\/blockquote>\n<p>Next step is to create a Flow Exporter. Using an exporter we are telling the NetFlow engine where to send the statistics it captured based on the Flow Records.<\/p>\n<p>I\/O module CPU sends the flow information through Switched EOBC (Ethernet Out-Of-Band Channel) to the SUP module CPU. then the SUP module CPU will export the Flow to external NetFlow Collector through out of band mgmt0 or an inband destination via\u00a0Virtual Output Queues.<\/p>\n<p>here is a sample flow exporter configuration :<\/p>\n<blockquote><p><em>N7K01(config)#flow exporter OPNET<br \/>\nN7K01(config-flow-exporter)#destination 10.10.10.10 use-vrf management<br \/>\nN7K01(config-flow-exporter)#source mgmt0<br \/>\nN7K01(config-flow-exporter)#version 9<br \/>\nN7K01(config-flow-exporter)#transport udp 2055<\/em><\/p><\/blockquote>\n<p>Nexus supports both NetFlow v5.0 and v9.0. you need to select the protocol version and port number based on what your NetFlow Collector application supports.<\/p>\n<p>Next step is to create a flow monitor which correlates the NetFlow Exporter and NetFlow Records together and assign them to the interface.<\/p>\n<p>Here is an example :<\/p>\n<blockquote><p><em>N7K01(config)#flow monitor FLOWMON<\/em><br \/>\n<em>N7K01(config-flow-monitor)#exporter OPNET<\/em><br \/>\n<em>N7K01(config-flow-monitor)#record IPV4-TRAFFIC<\/em><br \/>\n<em>N7K01(config-flow-monitor)# exit<\/em><br \/>\n<em>N7K01(config)#interface eth 1\/16<\/em><br \/>\n<em>N7K01(config-if)#ip flow monitor FLOWMON input<\/em><br \/>\n<em>N7K01(config-if)#ip flow monitor FLOWMON output<\/em><\/p><\/blockquote>\n<p>As I mentioned before, using Sampled NetFlow \u00a0it will have lower impact on the processor, here is sample configuration while having a Sampler configured:<\/p>\n<blockquote><p><em>N7K01(config)#sampler NF-SAMPLER<br \/>\nN7K01(config-flow-sampler)#description sampler for eth1\/16<br \/>\nN7K01(config-flow-sampler)#mode 1 out-of 1000<br \/>\nN7K01(config-flow-sampler)#exit<br \/>\nN7K01(config)#interface eth 1\/16<br \/>\nN7K01(config-if)#ip flow monitor FLOWMON input sampler NF-SAMPLER<br \/>\nN7K01(config-if)#ip flow monitor FLOWMON output sampler NF-SAMPLER<\/em><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<p>SOLARWIND NTA EXAMPLE Configuration :<\/p>\n<p><span style=\"font-size: 1rem;\">Example Nexus 7000 Config, flexible v9 specific &#8211;\u00a0<\/span><span style=\"font-size: 1rem;\">All NTA versions<\/span><\/p>\n<div id=\"page-top\">\n<div id=\"topic\">\n<div id=\"pageText\">\n<div id=\"section_3\" class=\"mt-section\">\n<p>!<br \/>\nflow record ipv4<br \/>\nmatch ipv4 tos<br \/>\nmatch ipv4 protocol<br \/>\nmatch ipv4 source address<br \/>\nmatch ipv4 destination address<br \/>\nmatch transport source-port<br \/>\nmatch transport destination-port<br \/>\nmatch interface input<br \/>\ncollect interface output<br \/>\ncollect counter bytes<br \/>\ncollect counter packets<br \/>\n!<br \/>\nflow exporter NetFlow-to-Orion<br \/>\ndestination 10.10.10.10\u00a0(ip address of Orion server)<br \/>\nsource vlan254\u00a0(interface with IP address Orion is managing the device with)<br \/>\ntransport udp 2055\u00a0(Netflow collector port)<br \/>\nexport-protocol Netflow version 9<br \/>\ntemplate data timeout 60\u00a0(This will ensure the template is exported every 1 minute, default is 600 seconds)<br \/>\n!<br \/>\nflow monitor NetFlow-Monitor<br \/>\ndescription Original Netflow captures<br \/>\nrecord ipv4<br \/>\nexporter NetFlow-to-Orion<br \/>\ncache timeout inactive 10<br \/>\ncache timeout active 1<br \/>\n!<br \/>\nvlan configuration 777<br \/>\nip flow monitor NetFlow-Monitor input<br \/>\n!<\/p>\n<\/div>\n<p>Happy Labbbiiiiiiiiiiiiiiiiiiiing !<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cisco Nexus 7000 NETFLOW Concepts and Configuration &nbsp; One of the projects I\u2019m working on right now which needs to be implement to enable NetFlow feature on \u00a0a few pair of Nexus 7009s and export data to NTA(solarwinds). NetFlow is all about capturing network traffic statistics and use those statistics for planning and traffic engineering. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,25,2],"tags":[],"class_list":["post-706","post","type-post","status-publish","format-standard","hentry","category-ccie-rns","category-ccie-dc","category-cisco"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=706"}],"version-history":[{"count":1,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/706\/revisions"}],"predecessor-version":[{"id":709,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/706\/revisions\/709"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=706"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}