Cisco NetFlow is a IP traffic monitoring protocol used in Cisco IOS devices - mainly used for bandwidth monitoring and other reporting purposes, such as billings. A simple netflow configuration may look like this
1) To create flow export to a server:
ip flow-export destination {hostname|ip_address} {port no.}
2) Apply on interface:
interface {interface} {interface_number}
ip route-cache flow
As you can see, almost every traffic will be exported out. What if you want to monitor only a specific flow? Cisco now introduces Flexible Netflow, which export v9 and v5 (from Cisco 12.4(22)T). A simple configuration may now look like this:
(define the specific flow that you are interested in)
flow record app-traffic-analysis
description This flow record tracks TCP application usage
match transport tcp destination-port
match transport tcp source-port
match ipv4 destination address
match ipv4 source address
collect counter bytes
collect counter packets
(export to a netflow analyzer)
flow exporter export-to-server
destination 172.16.1.1
flow monitor my-flow-monitor
record app-traffic-analysis
exporter export-to-server
(apply on an interface)
interface Ethernet 1/0
ip flow monitor my-flow-monitor input
Of course, you would also need netflow analyzer software to process these collected data. There are several on the Internet that you can try out, including this free version ManageEngine Netflow Analyzer that supports up to 2 interfaces.
References:
Hello,
ReplyDeleteHere is another blog that explains how to setup Flexible NetFlow:
http://www.networkworld.com/community/node/57502
Jake