Category Archives: 6.4.c Implement and troubleshoot netflow

6.4.c Implement and troubleshoot netflow

6.4.c [i] Netflow v5, v9

Netflow is a feature that was introduced on Cisco routers that give the ability to collect IP network traffic as it enters or exits an interface . By analyzing the data that is provided by Netflow a network administrator can determine things such as the source and destination of the traffic, class of service, and the cause of congestion. Netflow consists of three components : flow caching, Flow Collector, and Data Analyzer.

A network flow can be defined in many ways. Cisco stanfollowing 7 values:

Ingress interface (SNMP ifIndex, can change upon reload)

Source IP address

Destination IP address

IP protocol

Source port for UDP or TCP, 0 for other protocols

Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols

IP Type of Service

The traditional show command for NetFlow is show ip cache flow also available are two forms of top talker commands. If the show ip cache flow command output shows same SrcIf (source interface ) and DstIf (destination interface), that would be indicative of a routing loop.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 6169-6171).  . Kindle Edition.

6.4.c Implement and troubleshoot netflow

6.4.c [ii] Local retrieval

You can specify retrieval of NetFlow information from a managed device (for example, a router) either by entering commands on that managed device or by entering SNMP commands from the NMS workstation to configure the router via the MIB. If the NetFlow information is configured from the NMS workstation, no access to the router is required and all configuration can be performed via SNMP. The NetFlow MIB request for information is sent from an NMS workstation via SNMP to the router and is retrieved from the router. This information can then be stored or viewed, thus allowing NetFlow information to be easily accessed and transported across a multi-vendor programming environment.

6.4.c Implement and troubleshoot netflow

6.4.c [iii] Export [configuration only]

Expired flows are grouped into “NetFlow export” datagrams for export from the NetFlow- enabled device. NetFlow export datagrams can consist of up to 30 flow records for Version 5 or Version 9 flow export. The NetFlow functionality is configured on a per-interface basis. To configure NetFlow export capabilities, you need to specify the IP address and application port number of the Cisco NetFlow or third-party flow collector. The flow collector is a device that provides NetFlow export data filtering and aggregation capabilities.

ip flow-export destination {ip-address | hostname} udp-port

It specifies the IP address, or hostname of the NetFlow collector, and the UDP port the NetFlow collector is listening on.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 6175-6181).  . Kindle Edition.