Downloads |
Table Of Contents
Prerequisites for Output Aggregate NetFlow
Restrictions for Output Aggregate NetFlow
Information About Output Aggregate NetFlow
NetFlow Aggregation of Output Flows on ISE and Engine 5 Line Cards
NetFlow Cache Aggregation Schemes
Export Formats for NetFlow Aggregation Schemes
NetFlow Support on Cisco 12000 Series ISE an E5 Line Cards
Configuring Output Aggregate NetFlow
Monitoring and Maintaining Output Aggregate NetFlow
Configuration Examples for Output Aggregate NetFlow
Configuring Output Aggregate NetFlow Example
Displaying Cache Information for Output Aggregate NetFlow Example
show ip cache flow aggregation
Output Aggregate NetFlow
Part Number OL-8713-01 (Rev A0), January 19, 2006
The Output Aggregate NetFlow feature is an extension of the NetFlow Aggregation accounting feature and allows you to gather flow information for IPv4 traffic on the output interfaces of Cisco 12000 series IP services engine (ISE) and Engine 5 (E5) line cards. The outgoing IPv4 traffic can arrive on the router in either Multiprotocol Label Switching (MPLS) or IPv4 format. The Output Aggregate NetFlow feature is performed in nonsampled mode, in which NetFlow data is collected by examining each packet in outgoing IPv4 traffic. This feature includes 11 aggregation schemes: autonomous system (AS), destination prefix, prefix, protocol port, source prefix, AS-Type of Service (ToS), destination prefix-ToS, prefix-port, prefix-ToS, protocol-port-ToS, and source prefix-ToS.
Note
The Output Aggregate NetFlow feature contains enhanced functionality to replace the Maximum Mask Aggregate Output NetFlow feature.
Feature History for Output Aggregate NetFlow
12.0(32)S
This feature was introduced on Cisco 12000 series IP services engine (ISE) and Engine 5 line cards.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions.
Contents
•
•
•
•
•
•
Prerequisites for Output Aggregate NetFlow
•
•
•
Restrictions for Output Aggregate NetFlow
•
•
•
•
The configuration of the Output Aggregate NetFlow feature on an individual ISE or E5 subinterface is not supported. However, if you configure Output Aggregate NetFlow on an ISE or E5 interface, NetFlow data is collected on all associated subinterfaces and reported in the configured aggregation scheme.
•
•
•
•
•
Information About Output Aggregate NetFlow
To configure the Output Aggregate NetFlow feature, you should understand the following concepts:
•
•
•
•
NetFlow Aggregation of Output Flows on ISE and Engine 5 Line Cards
On a Cisco 12000 series Internet router, the Output Aggregate NetFlow feature allows you to collect data about output flows on an ISE or E5 output interface. The specialized ISE and E5 hardware can capture aggregated flows without the additional step required on software-based platforms of first capturing nonaggregate flows, such as individual TCP or UDP sessions.
On an ISE or E5 line card, aggregated NetFlow data is collected in two steps:
1.
The performance of aggregate NetFlow (input and output) features depends on the amount of TCAM allocated for NetFlow.
–
–
To display the percentage of TCAM used by NetFlow and non-NetFlow features in the current configuration, enter the show controllers frfab alpha tcam carve command.
2.
To achieve greater flow aggregation on the router (accumulate more packets in each flow record before the flow records are exported), configure the size of the software cache to be larger than the size of the NetFlow TCAM. To configure the size of the software-based NetFlow cache, use the cache entries command in aggregation-cache configuration mode to specify the maximum number of entries.
Because each flow record requires two entries, you can compare the number of flow records supported in the hardware-based ISE or E5 NetFlow TCAM and the configured number in the software-based cache as follows:
–
–
The Output Aggregate NetFlow feature collects aggregate data in nonsampled mode about output flows that are received on the router in IP or MPLS format and transmitted in IPv4 format (if necessary, after MPLS label disposition) on an output ISE or E5 interface. Figure 1 shows a sample topology.
Figure 1 Provider and Customer Networks with Output Aggregate NetFlow
To capture the flow of traffic going to customer sites 2 and 3 of VPN 1 from the remote Site 1, you enable Output Aggregate NetFlow accounting on one or more ISE or E5 line cards on the provider edge router PE2 that are configured for the PE2-CE3 and PE2-CE5 links. The flows are stored in a global flow cache maintained by each NetFlow-enabled line card. You can use the show ip cache flow aggregation and show ip flow export commands to view the active output flow data.
On the PE2 router, an ISE or E5 line card exports the captured output flows to configured collector devices in the provider network, such as NetFlow FlowCollector or NetFlow Analyzer, for further processing and analysis.
NetFlow Cache Aggregation Schemes
Cisco IOS NetFlow aggregation allows you to configure the size of the software cache used by each aggregation scheme, as well as the cache ager timeout parameter, export destination IP address, and export destination UDP port. For the Output Aggregate NetFlow feature, as data flows expire in the hardware-based TCAM cache on an ISE or E5 line card, the flow records are moved to a software-based cache for a configured aggregation scheme on the line card.
The normal flow ager process runs on each software-based aggregation cache. The default aggregation cache size is 4096 bytes.
You configure a cache aggregation scheme through the use of arguments in the ip flow-aggregation cache command.
Note
The Output Aggregate NetFlow feature supports the following schemes for cache aggregation:
•
•
•
•
•
•
•
•
•
•
•
Note
For detailed information about cache aggregation schemes, refer to Configuring NetFlow Aggregation Caches and Schemes.
Export Formats for NetFlow Aggregation Schemes
Aggregate NetFlow exports information in UDP datagrams either in Version 8 or Version 9 export format.
•
•
To configure NetFlow to capture and export network traffic data, refer to NetFlow v9 Export Format and Configuring NetFlow to Capture and Export Network Traffic Data.
NetFlow Support on Cisco 12000 Series ISE an E5 Line Cards
In addition to the Output Aggregate NetFlow feature that is performed in nonsampled mode, the following types of NetFlow accounting are also supported on Cisco 12000 series ISE and E5 line cards:
•
•
•
•
Note
Configuring Output Aggregate NetFlow
This section describes the procedure for configuring the Output Aggregate NetFlow feature.
PREREQUISITES
Before you configure the Output Aggregate NetFlow feature, you may need to perform the following steps:
1.
hw-module slot number tcam carve region percentage
microcode reload slot-numberAs shown in the following example, enter the hw-module slot tcam carve command one time to configure the percentage reserved for each TCAM region. The NetFlow TCAM region is "tx_top_nf". For detailed information on the command syntax, refer to hw-module slot tcam carve.
Router(config)# hw-module slot 3 tcam carve tx_top_nf 35Router(config)# hw-module slot 3 tcam carve tx_144b 30Router(config)# hw-module slot 3 tcam carve tx_288b 20To display the amount of TCAM allocated for NetFlow and non-NetFlow features in the current ISE configuration, enter the show controllers frfab alpha tcam carve command.
Note
To reload the software and microcode on an ISE line card so that the newly configured TCAM region sizes take effect, use the microcode reload command. You must enter the microcode reload command only one time on an ISE line card, and only if you reconfigure TCAM regions on the line card.
For example, if you enable Output Aggregate NetFlow on an additional interface on the same line card after you have reconfigured TCAM use in certain regions and reloaded the microcode, you do not have to reload the microcode a second time.
After you enter the microcode reload command, the line card is reset. As a result, traffic forwarding is interrupted. The control protocols and interfaces are down until the line card reset is complete.
2.
ip flow-export version {5 | 9} [origin-as | peer-as]
ip flow-export destination ip-address udp-portWhere in the ip flow-export version command:
–
–
–
–
Where in the ip flow-export destination command:
–
–
To verify that the router is exporting NetFlow data, enter the show ip flow export command.
For more information about how to use the ip flow-export version and ip flow-export destination commands, refer to Configuring NetFlow to Capture and Export Network Traffic Data.
Note
Caution
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
Or
interface type slot/subslot/port
9.
DETAILED STEPS
Step 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
ip flow-aggregation cache {as | as-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}
Example:Router(config)# ip flow-aggregation cache prefix-tos
Enters NetFlow cache command mode to configure the specified aggregation scheme.
For detailed information on the command syntax, refer to ip flow-aggregation cache.
Step 4
cache entries number
Router(config-flow-cache)# cache entries 64000
Configures the number of cached entries allowed in the aggregation cache. The number of entries can be 1024 to 524288. The default is 4096.
For detailed information on the cache command syntax, refer to NetFlow Command Reference.
Step 5
export {destination ip-address | hostname} udp-port | version [8 | 9] | template [refresh-rate packets | timeout minutes]}
Example:Router(config-flow-cache)# export destination 10.42.41.1 9991
Enables the exporting of information from NetFlow aggregation caches.
•
•
•
•
•
Step 6
enable
Example:Router(config-flow-cache)# enable
Enables the aggregation scheme.
Step 7
exit
Example:Router(config-flow-cache)# exit
Exits NetFlow cache command mode and returns to global configuration mode.
Step 8
interface type slot/port
Example:Router(config)# interface pos 3/0
Or
interface type slot/subslot/port
Example:Router(config)# interface gigabitethernet 2/0/0
Specifies an interface and enters interface configuration mode.
•
•
•
Note
Step 9
ip route-cache flow output
Example:Router(config-if)# ip route-cache flow output
Enables the Output Aggregate NetFlow feature to collect data for egress traffic on the output interface in nonsampled mode.
Monitoring and Maintaining Output Aggregate NetFlow
To display information about the Output Aggregate NetFlow data collected in the configured aggregation cache, use the following show commands in privileged EXEC mode:
Configuration Examples for Output Aggregate NetFlow
This section contains the following configuration examples for Output Aggregate NetFlow:
•
•
Configuring Output Aggregate NetFlow Example
The following example shows how to enable the Output Aggregate NetFlow feature to collect NetFlow data in nonsampled mode for outgoing IPv4 traffic on the (ISE or E5) interface, POS 3/1, using an autonomous system (AS) aggregation scheme configured with a maximum capacity of 64000 entries:
Router# configure terminalRouter(config)# ip cache flow aggregation asRouter(config-flow-cache)# cache entries 64000Router(config-flow-cache)# enableRouter(config-flow-cache)# exitRouter(config)# interface pos 3/1Router(config-if)# ip route-cache flow outputDisplaying Cache Information for Output Aggregate NetFlow Example
The following example shows how to display detailed statistical and configuration information, and the contents of the Prefix-ToS aggregation cache used to collect NetFlow data for the Output Aggregate NetFlow feature on the ISE or E5 line card in slot 3:
Router> attach 3LC-Slot3> show ip cache verbose flow aggregation prefix-tos========= Line Card (Slot 3) =========IP Flow Switching Cache, 4096000 bytes2 active, 64000 inactive, 3 added70 ager polls, 0 flow alloc failuresActive flows timeout in 1 minutesInactive flows timeout in 10 secondsSrc If Src Prefix Dst If Dst Prefix TOS Flows PktsMsk AS Msk AS B/Pk ActivePO1/0 21.4.1.0 PO3/1* 21.7.0.0 E0 7105 37M/24 0 /16 0 40 18.5PO1/1 21.5.1.0 PO3/1* 21.5.1.1 E0 7104 37M/24 0 /32 0 40 18.5
Note
Table 1 describes the significant fields shown in this example.
Additional References
The following sections provide references related to the Output Aggregate NetFlow feature.
Related Documents
Description of the NetFlow application, including information about:
•
•
•
•
•
•
•
•
"Cisco IOS NetFlow Overview" chapter in the Cisco IOS NetFlow Configuration Guide, Release 12.4
NetFlow configuration commands for IPv4
Information and procedures for configuring NetFlow aggregation caches and cache aggregation schemes.
"Configuring NetFlow Aggregation Caches and Schemes" chapter in the Cisco IOS NetFlow Configuration Guide, Release 12.4
NetFlow statistics in ToS-based aggregation schemes
Netflow statistics for output IP flows of IPv4 traffic using deterministic sampling
Netflow statistics for output IP flows of packets undergoing MPLS label disposition (packets that arrive on a router as MPLS and are transmitted as IP)
NetFlow statistics for MPLS traffic in MPLS-enabled networks
NetFlow statistics collected in Prefix, Destination-Prefix, and Source-Prefix aggregation schemes using a minimum mask value
NetFlow statistics for output IP flows using a maximum source prefix or destination prefix mask to filter flows for the Prefix-ToS aggregation scheme
Hardware installation and software configuration of ISE and Engine 5 SPA interface processors (SIPs) and shared port adapters (SPAs) supported on the Cisco 12000 series Internet router
Cisco 12000 Series SIP and SPA Installation and Configuration Guides
Description of how to configure and use Version 9 data export
Information and procedures for configuring NetFlow to capture and export network traffic data
"Configuring NetFlow to Capture and Export Network Traffic Data" chapter in the Cisco IOS NetFlow Configuration Guide, Release 12.4
Standards
MIBs
•
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at:
RFCs
Technical Assistance
Command Reference
This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0S command reference publications.
•
cache
To configure operational parameters for NetFlow accounting aggregation caches, use the cache command in NetFlow aggregation cache configuration mode. To disable the NetFlow aggregation cache operational parameters for NetFlow accounting, use the no form of this command.
cache {entries number | timeout {active minutes | inactive seconds}}
no cache {entries | timeout {active | inactive}}
Syntax Description
Defaults
The default for cache entries is 4096.
The default for active cache entries is 30 minutes.
The default for inactive cache entries is 15 seconds.Command Modes
NetFlow aggregation cache configuration
Command History
Usage Guidelines
Before you can use the cache command, you must have NetFlow accounting configured on the router.
Examples
The following example shows how to set the NetFlow aggregation cache entry limits and timeout values for the NetFlow protocol-port aggregation cache:
Router(config)# ip flow-aggregation cache protocol-portRouter(config-flow-cache)# cache entries 64000Router(config-flow-cache)# cache timeout inactive 100Router(config-flow-cache)# cache timeout active 45Router(config-flow-cache)# enabledRelated Commands
export destination
To enable the exporting of NetFlow accounting information from NetFlow aggregation caches, use the export destination command in NetFlow aggregation cache configuration mode. To disable the export of NetFlow accounting information from NetFlow aggregation caches, use the no form of this command.
export {destination ip-address | hostname} udp-port | version [8 | 9] | template [refresh-rate packets | timeout minutes]}
no export {destination ip-address | hostname} udp-port | version | template [refresh-rate | timeout]}
Syntax Description
Defaults
A NetFlow aggregation cache export destination is not set.
Command Modes
NetFlow Aggregation cache configuration
Command History
12.0(11)S
This command was introduced on Cisco 12000 series Internet routers.
12.0(24)S
The version, template, refresh-rate, and timeout keywords were added.
Usage Guidelines
Before you can use the export destination command, you must have NetFlow accounting configured on the router.
Determining the Appropriate Export Version For Your Requirements
NetFlow aggregation caches export data in UDP datagrams using either the Version 9 or Version 8 export formats. Table 2 describe how to determine the most appropriate export format version for your requirements.
NetFlow Version 9 Data Export Format Overview
The NetFlow Version 9 Export Format feature, which was introduced in Cisco IOS Release 12.0(24)S:
•
•
•
Using Version 9 export, you can:
•
•
Third-party business partners who produce applications that provide NetFlow Collection Engine or display services for NetFlow do not need to recompile their applications each time a new NetFlow technology is added. Instead, with the NetFlow v9 Export Format feature, they can use an external data file that documents the known template formats and field types.
In NetFlow Version 9:
•
•
•
•
NetFlow Version 9 Template-Based Flow Record Format
NetFlow Version 9 export format is template based. A template describes a NetFlow record format and attributes of the fields (such as type and length) within the record. The router assigns each template an ID, which is communicated to the NetFlow Collection Engine along with the template description. The template ID is used for all further communication from the router to the NetFlow Collection Engine.
NetFlow Version 9 Export Flow Records
The basic output of NetFlow is a flow record. In the NetFlow Version 9 export format, a flow record follows the same sequence of fields used in the template definition. The template to which NetFlow flow records belong is determined by the prefixing of the template ID to the group of NetFlow flow records that belong to a template. For a description of existing NetFlow flow-record formats, see the NetFlow Services Solutions Guide.
NetFlow Version 9 Export Packet
In NetFlow Version 9, an export packet consists of the packet header and flowsets. The packet header identifies the new version and provides other information. There are two types of flowsets:
•
•
When the NetFlow Collection Engine receives a template flowset, it stores the flowset and export source address so that subsequent data flowsets that match the flowset ID and source combination are parsed according to the field definitions in the template flowset. Version 9 supports NetFlow Collection Engine Version 4.0.
For a description of the Version 9 packet headers, template flowsets, and data flowsets, see the Cisco IOS NetFlow Version 9 Flow-Record Format white paper.
NetFlow Version 8 Data Export Format Overview
The Version 8 data export format is the NetFlow export format used when the router-based NetFlow aggregation feature is enabled on Cisco IOS router platforms. The Version 8 format allows for export datagrams to contain a subset of the Version 5 export data that is based on the configured aggregation cache scheme. For example, a certain subset of the Version 5 export data is exported for the destination prefix aggregation scheme, and a different subset is exported for the source-prefix aggregation scheme.
The Version 8 export format was introduced in Cisco IOS Release 12.0(11)S for the Cisco IOS NetFlow Aggregation feature. An additional six aggregation schemes that also use Version 8 format are defined in the NetFlow ToS-Based Router Aggregation feature introduced in Cisco IOS Release 12.0(15)S.
The Version 8 datagram consists of a header with the version number (which is 8) and time stamp information, followed by one or more records corresponding to individual entries in the NetFlow cache.
Table 3 lists the NetFlow Version 8 export packet header field names and definitions.
For Version 8 data exports, the maximum number of aggregated flow records and the maximum size in bytes of each UDP datagram are shown in Table 4.
Examples
The following example shows how to configure 2 export destinations for a NetFlow accounting protocol-port aggregation cache scheme:
Router(config)# ip flow-aggregation cache protocol-portRouter(config-flow-cache)# export destination 10.41.41.1 9992Router(config-flow-cache)# export destination 172.16.89.1 5555Router(config-flow-cache)# enabledThe following example shows how to configure the Version 9 template and the Version 9 template refresh-rate and timeout parameters for a NetFlow accounting protocol-port aggregation cache scheme:
Router(config)# ip flow-aggregation cache protocol-portRouter(config-flow-cache)# version 9Router(config-flow-cache)# export template refresh-rate 100Router(config-flow-cache)# export template timeout 120Router(config-flow-cache)# enabledRelated Commands
hw-module slot tcam carve
To reconfigure the percentage of ternary content addressable memory (TCAM) on an ISE hardware-forwarding ASIC that is used by a particular ingress or egress feature, use the hw-module slot tcam carve command in global configuration mode. The no form of this command has no effect.
hw-module slot number tcam carve region percentage
Syntax Description
number
Slot number of a line card.
region
Region in TCAM reserved for a software feature.
percentage
Percentage of TCAM reserved for the specified software region.
Defaults
The default percentage reserved for each feature region differs according to Cisco IOS release.
Command Modes
Global configuration
Command History
Usage Guidelines
For the Output Aggregate NetFlow feature, use the hw-module slot tcam carve command to reconfigure the percentage of TCAM used by the NetFlow hardware cache on an ISE line card. To display the percentage of TCAM used in the default configuration by NetFlow and non-NetFlow features, enter the show controllers frfab alpha tcam carve command.
For example, you can increase the TCAM capacity for handling an increased number of output flows and decrease the percentage allocated to other features on a NetFlow-enabled ISE line card. Enter the hw-module slot tcam carve command to configure the percentage reserved for each TCAM region.
For the new TCAM region sizes to take effect, you must enter the microcode reload slot-number command. This command reloads the software and microcode on the specified line card. Only enter the microcode reload command one time on a line card, and only if you reconfigure TCAM regions on a line card. For example, if you enable Output Aggregate NetFlow on an additional interface on the same line card after you have reconfigured TCAM usage for certain regions and reloaded the microcode, you do not have to reload the microcode a second time.
Note
Examples
The following example shows how to:
•
•
Router> attach 3
LC-Slot3# show controllers frfab alpha tcam carve
Id Region % Curr/Carve/Dflt Mask Blocks Masks Value Cells
Total/Used(%) Total/Used(%) Total/Used(%)
-----------------------------------------------------------------------------
0 RX_TOP_NF 34.99/35.00/35.00 2867/0 0.00% 5734/0 0.00% 91744/0 0.00%
1 RX_TOP_72b 0.98/ 1.00/ 1.00 324/0 0.00% 324/0 0.00% 2592/0 0.00%
2 RX_TOP_144b 0.98/ 1.00/ 1.00 81/2 2.46% 162/4 2.46% 2592/64 2.46%
3 RX_TOP_288b 0.98/ 1.00/ 1.00 20/0 0.00% 81/1 1.23% 2592/32 1.23%
4 RX_72b 3.99/ 4.00/ 4.00 1308/0 0.00% 1308/0 0.00% 10464/0 0.00%
5 RX_144b 19.99/20.00/20.00 1638/0 0.00% 3276/0 0.00% 52416/0 0.00%
6 RX_288b 29.99/30.00/30.00 614/0 0.00% 2457/0 0.00% 78624/0 0.00%
7 RX_IPv6_128 3.99/ 4.00/ 4.00 327/0 0.00% 654/1 0.15% 10464/16 0.15%
136 RX_IPv6_mca 0.98/ 1.00/ 1.00 20/0 0.00% 81/1 1.23% 2592/32 1.23%
137 RX_BOT_72b 0.98/ 1.00/ 1.00 324/1 0.30% 324/1 0.30% 2592/8 0.30%
138 RX_BOT_144b 0.98/ 1.00/ 1.00 81/1 1.23% 162/2 1.23% 2592/32 1.23%
139 RX_BOT_288b 1.09/ 1.00/ 1.00 22/0 0.00% 90/1 1.11% 2880/32 1.11%
140 TX_TOP_NF 0.98/ 1.00/ 1.00 81/0 0.00% 162/0 0.00% 2592/0 0.00%
141 TX_TOP_72b 0.98/ 1.00/ 1.00 324/0 0.00% 324/0 0.00% 2592/0 0.00%
142 TX_TOP_144b 0.98/ 1.00/ 1.00 81/0 0.00% 162/0 0.00% 2592/0 0.00%
143 TX_TOP_288b 0.98/ 1.00/ 1.00 20/0 0.00% 81/1 1.23% 2592/32 1.23%
144 TX_72b 3.99/ 4.00/ 4.00 1308/0 0.00% 1308/0 0.00% 10464/0 0.00%
145 TX_144b 39.99/40.00/40.00 3276/0 0.00% 6552/0 0.00% 104832/0 0.00%
146 TX_288b 43.99/44.00/44.00 901/0 0.00% 3604/0 0.00% 115328/0 0.00%
147 TX_V6Cmp128 4.99/ 5.00/ 5.00 409/0 0.00% 818/0 0.00% 13088/0 0.00%
276 TX_BOT_72b 0.98/ 1.00/ 1.00 324/1 0.30% 324/1 0.30% 2592/8 0.30%
277 TX_BOT_144b 0.98/ 1.00/ 1.00 81/0 0.00% 162/0 0.00% 2592/0 0.00%
278 TX_BOT_288b 1.09/ 1.00/ 1.00 22/0 0.00% 90/0 0.00% 2880/0 0.00%
-----------------------------------------------------------------------------
Unused regions with 0% current/carved/default are not shown
LC-Slot3# exit
Router> enable
Router(config)# hw-module slot 3 tcam carve tx_top_nf 40
Router(config)# hw-module slot 3 tcam carve tx_144b 10
Router(config)# hw-module slot 3 tcam carve tx_288b 25
Router(config)# microcode reload 3
Related Commands
ip flow-aggregation cache
To enable NetFlow accounting aggregation cache schemes, use the ip flow-aggregation cache command in global configuration mode. To disable NetFlow accounting aggregation cache schemes, use the no form of this command.
ip flow-aggregation cache {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}
no ip flow-aggregation cache {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Global configuration
Command History
12.0(11)S
This command was introduced on Cisco 12000 series Internet routers.
12.0(15)S
This command was modified to include the ToS aggregation scheme keywords.
Usage Guidelines
Before you can use the ip flow-aggregation cache command, you must have NetFlow accounting configured on your router. The export destination command supports a maximum of 2 concurrent export destinations.
Note
The ToS aggregation cache scheme keywords enable NetFlow accounting aggregation cache schemes that include the ToS byte in their export records. The ToS byte is an 8-bit field in the IP header. The ToS byte specifies the quality of service for a datagram during its transmission through the Internet.
You can enable only one aggregation cache configuration scheme per command line. In source-prefix aggregation mode, only the source mask is configurable. In destination-prefix aggregation mode, only the destination mask is configurable.
To enable aggregation (whether or not an aggregation cache is fully configured), you must enter the enabled command in aggregation cache configuration mode. (You can use the no form of this command to disable aggregation. The cache configuration remains unchanged even if aggregation is disabled.)
Examples
The following example shows how to configure a NetFlow accounting autonomous system aggregation cache scheme:
Router(config)# ip flow-aggregation cache asRouter(config-flow-cache)# enabledThe following example shows how to configure multiple export destinations for the NetFlow accounting destination-prefix aggregation cache scheme:
Router(config)# ip flow-aggregation cache destination-prefixRouter(config-flow-cache)# export destination 10.0.101.254 9991Router(config-flow-cache)# export destination 172.16.10.2 9991Router(config-flow-cache)# enabledThe following example shows how to enable a NetFlow accounting autonomous system ToS aggregation cache scheme:
Router(config)# ip flow-aggregation cache as-tosRouter(config-flow-cache)# enabledRelated Commands
ip route-cache flow output
To enable the Output Aggregate NetFlow feature in nonsampled mode on an ISE or Engine 5 interface, use the ip route-cache flow output command. To disable the Output Aggregate NetFlow feature, use the no form of this command.
ip route-cache flow output
no ip route-cache flow output
Syntax Description
This command has no arguments or keywords.
Defaults
This command is not enabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use the ip route-cache flow output command to enable the nonsampled aggregate collection of NetFlow statistics for output IPv4 traffic flows on a Cisco 12000 series ISE or Engine 5 interface configured for the Output Aggregate NetFlow feature.
You cannot enable NetFlow data collection in sampled and nonsampled mode at the same time on an ISE or E5 output interface.
To export NetFlow data (traffic statistics) to a remote workstation for further processing, use the ip flow-export version command in global configuration mode.
Examples
The following example shows how to enable the Output Aggregate NetFlow feature to collect NetFlow data in nonsampled mode for outgoing IPv4 traffic on the interface, POS 3/1, using an autonomous system aggregation scheme configured for a maximum of 64,000 entries:
Router# configure terminalRouter(config)# ip cache flow aggregation asRouter(config-flow-cache)# cache entries 64000Router(config-flow-cache)# enableRouter(config-flow-cache)# exitRouter(config)# interface pos 3/1Router(config-if)# ip route-cache flow outputRelated Commands
show ip cache flow aggregation
To display the NetFlow accounting aggregation cache statistics, use the show ip cache flow aggregation command in user EXEC or privileged EXEC mode.
show ip cache [prefix mask] [type number] [verbose] flow aggregation {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
12.0(11)S
This command was introduced on Cisco 12000 series Internet routers.
12.0(15)S
This command was modified to include new show output for ToS aggregation schemes.
Examples
The following is a sample display of a Prefix-ToS aggregation cache configured on the line card in slot 3 using the show ip cache flow aggregation command:
Router> attach 3Router(LC-Slot3)# show ip cache verbose flow aggregation prefix-tos========= Line Card (Slot 3) =========IP Flow Switching Cache, 4096000 bytes2 active, 6400 inactive, 3 added70 ager polls, 0 flow alloc failuresActive flows timeout in 1 minutesInactive flows timeout in 10 secondsSrc If Src Prefix Dst If Dst Prefix TOS Flows PktsMsk AS Msk AS B/Pk ActivePO1/0 21.4.1.0 PO3/1* 21.7.0.0 E0 7105 37M/24 0 /16 0 40 18.5PO1/1 21.5.1.0 PO3/1* 21.5.1.1 E0 7104 37M/24 0 /32 0 40 18.5
Note
Related Commands
show ip flow export
To display the status and the statistics for NetFlow accounting data export, including the main cache and all other enabled caches, use the show ip flow export command in user EXEC or privileged EXEC mode.
show ip flow export [template]
Syntax Description
template
(Optional) Shows the data export statistics (such as template timeout and refresh rate) for the template-specific configurations.
Command Modes
User EXEC
Privileged EXECCommand History
12.0(11)S
This command was introduced on Cisco 12000 series Internet routers.
12.0(24)S
The template keyword was added.
Examples
The following is sample output from the show ip flow export command:
Router# show ip flow exportFlow export v5 is disabled for main cacheVersion 5 flow recordsCache for as aggregation:Exporting flows to 10.1.1.1 (1000) 10.2.1.1 (2000)Exporting using source IP address 10.3.1.111 flows exported in 8 udp datagrams0 flows failed due to lack of export packet0 export packets were sent up to process level0 export packets were dropped due to no fib0 export packets were dropped due to adjacency issues0 export packets were dropped due to fragmentation failures0 export packets were dropped due to encapsulation fixup failures0 export packets were dropped enqueuing for the RP0 export packets were dropped due to IPC rate limiting0 export packets were dropped due to output dropsTable 5 describes the significant fields shown in the display.
Related Commands
Copyright © 2006 Cisco Systems, Inc. All rights reserved.
