• No results found

Tech Note #015. General requirements

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Tech Note #015. General requirements"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Mazu Networks, Inc. 125 CambridgePark Dr. Cambridge, MA 02140 Phone (617) 354-9292 Fax (617) 354-9272 www.mazunetworks.com

Tech Note #015

Product: Profiler Version: 5.5 Date: 8/18/05

Configuring NetFlow for Profiler

This note presents examples for configuring Cisco 6500 and 7500 series routers to provide NetFlow data to Profiler. This information is intended only as a guideline, and future changes to Cisco software may obsolete these examples. Please contact Cisco Systems or your Cisco reseller for specific information or assistance.

General requirements

The general requirements for setting up routers to send NetFlow data to Profiler are as follows:

• Routers should be configured for NetFlow V1, V5 or V7 with no aggregation.

• Routers should export NetFlow to the Profiler or Regional Gateway Management interface and use the destination port that is configured on the Mazu equipment. The default is udp/2003.

• Routers using Cisco IOS should be synched to an NTP server. The timestamps on the network equipment and Mazu equipment should be relatively close. For example,

Router(config)#ntp server 172.31.0.12 Router#show ntp associations

address ref clock st when poll reach delay offset Disp ~127.127.7.1 127.127.7.1 4 28 64 377 0.0 0.00 0.0 *~172.31.0.12 18.145.0.30 2 48 64 377 2.7 -0.77 0.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

Router#show clock

14:29:21.682 EDT Fri Aug 12 2005

• The active timeout setting for flows should be set to 60 seconds.

• The inactive timeout setting can be left at the default setting of 15 seconds. It must be less than 60 seconds.

• When NetFlow is to be used on a Cisco 6500 switch equipped with both MSFC and SUP1 modules, it must be enabled on both the router level and the switch level. The “route once, switch many” concept applies to this hardware configuration.

A new flow is first routed by the MSFC module before being placed in the MLS cache and being switched. Therefore, it is important for Profiler to receive NetFlow data from both modules to avoid missing any data. A similar concept applies to a chassis with SUP2 or 720 modules.

(2)

Configuring 7500 series router

The following example uses the IOS command line interface to configure a 7500 series router. The commands are similar for most of the software routing platforms.

1. Configure NDE (Netflow Data Export):

ip flow-export <ip_address> < udp_port> <version>

where ip_address and udp_port arethe Profiler IP address and UDP port, respectively, and version is the NetFlow version.

For example,

Router(config)# ip flow-export 10.0.0.100 2003 5

2. Enable NetFlow at the interface level on each interface where you want to collect statistics:

interface <type> <slot>/<port-adapter> For example,

Router(config)# interface fastethernet 0/1 Router(config-if)# ip route-cache flow 3. Set the Netflow timers. For example,

Router(config)# ip flow-cache timeout active 1

# This breaks up long-lived flows into one-minute segments.

Router(config)#ip flow-cache timeout inactive 15

# This ensures that flows that have finished are exported in a timely manner # (15 seconds).

Configuring 6500 series switches running native IOS

The following example uses the native IOS command line interface to configure the SUP and MSFC modules of a 6500 series switch. This example is based on the Cisco

documentation for Cat6500 w/ SUP2/720 running IOS 12.2. For further information, refer to http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration _guide_chapter09186a0080160a2b.html.

At the switch level (SUP2)

mls netflow # Enables Netflow on the PFC

mls nde sender version 5 # Turns on Netflow, sets version

# (verify options; this may have to be version 7)

mls flow ip interface-full # Sets an appropriate flow mask

mls nde interface # Populates egress interface fields - not needed

mls aging normal 32 # Netflow inactive timeout in seconds

(3)

At the routing module (MSFC)

ip flow-export source loopback 0 # Define Netflow source address (not needed).

# Otherwise, Netflow egress interface is used.

ip flow-export version 5 # Define Netflow version

ip flow-export destination 10.0.0.100 2003

# Profiler IP address and UDP port

ip flow-cache timeout inactive 15 # Inactive timeout in seconds

# May be version specific

ip flow-cache timeout active 1 # Active timeout in minutes

# May be version specific

Then for each interface or interface grouping where NetFlow accounting is required (three types of interfaces), perform the following setup, as applicable:

interface <type> <slot>/<port> For example,

Router(config)# interface fastethernet 0/1 # Enable NetFlow from this interface

Router(config-if)# ip route-cache flow

OR

interface vlan <vlan_id> For example,

Router(config)# interface vlan 3 # Enable NetFlow from this interface

Router(config-if)# ip route-cache flow

OR

interface port-channel <channel_id> For example,

Router(config)# interface port-channel 3 # Enable NetFlow from this interface

Router(config-if)# ip route-cache flow

Configuring 6500 series switches in Hybrid mode

The following example configures the SUP and MSFC modules of a 6500 series switch running in the Hybrid mode.

At the switch level (SUP)

1. Enable NDE (Netflow Data Export):

set mls nde enable

2. Set the NDE destination:

set mls nde enable <collector_ip> <udp_port_number>

(4)

For example,

set mls nde enable 10.0.0.100 2003

3. Set Netflow timers:

set mls agingtime 16 # Inactive timeout

set mls agingtime fast 32 0 # Inactive timeout for aggressive aging

set mls agingtime long-duration 64 # Active timeout

4. Set the flow mask to full to avoid losing resolution by mapping multiple flows to the cache entry:

set mls flow full

At the routing module (MSFC)

1. Configure NDE (Netflow Data Export):

ip flow-export <ip_address> < udp_port> <version>

where ip_address and udp_port are the Profiler IP address and UDP port, respectively, and version is the NetFlow version.

For example,

Router(config)# ip flow-export 10.0.0.100 2003 5

2. Enable NetFlow at the interface level on each interface where you want to collect statistics:

interface <type> <slot>/<port-adapter>

For example,

Router(config)# interface fastethernet 0/1 Router(config-if)# ip route-cache flow 3. Set the Netflow timers. For example,

Router(config)# ip flow-cache timeout active 1

# This breaks up long-lived flows into one-minute segments.

Router(config)#ip flow-cache timeout inactive 15

# This ensures that flows that have finished are exported in a timely manner (15 seconds).

Determining the source of NetFlow data

To identify the source of a NetFlow data stream from within Profiler:

1. Log in on the Profiler CLI and stop mazuctl

/etc/init.d/mazuctl stop

2. Run tcpdump

tcpdump –t –n –T cnfp udp port 2003

(this assumes the Mazu default Netflow port of udp/2003)

3. In the tcpdump output, examine the source addresses of the NDE messages or the format of the Netflow data exported.

4. Restart mazuctl

(5)

Determining the flow rate from all NetFlow sources

To determine the flow-rate from all Netflow sources, examine the following files (in v5.0 or v5.5):

• /click/flow_collector_1/collector/flowcount

# Number of flows seen so far during this updateperiod, changing counter that is reset every updateperiod.

• /click/flow_collector_1/collector/counts

# Total number of flow seen during the previous timeperiod

For Additional Information

For questions on specific Netflow configuration options or commands, please contact Cisco Systems or your Cisco reseller. For questions on Mazu Profiler, contact Mazu Technical Support at:

References

Download now ( PDF - 5 Page - 41.09 KB )

Related documents

Modeling complex metabolic reactions, ecological systems, and financial and legal networks with MIANN models based on Markov-Wiener node descriptors

Modeling complex metabolic reactions, ecological systems, and financial and legal networks with MIANN models based on Markov-Wiener node descriptors.. Aliuska

FOR FURTHER INFORMATION, PLEASE REFER TO THE SDS

This document should be taken as a safety guide for the product and its recommended uses, but is in no way an absolute authority. Please consult the relevant legislation

Local Champions: The Solar GCC Alliance is for:

Associate Member USD 1,500 • As part of our mission to encourage collaboration in the development of the solar industry across the region, Solar GCC is offering an additional

Snes Rarity List

speaking, there isn't a whole lot of difference between D and F, but there are very big differences between A+ and A-. However, generally speaking, if you have a game that falls

Using the Cisco IOS Command Line Interface

The following example shows how to access global configuration mode: c6200# configure terminal.. Enter configuration commands, one

How to Configure BGP Tech Note

In the next 4 steps, you will configure redistribution rules, edit your virtual router, and then create a redistribution profile that distributes the internal network (in this

Using the Command Line Interface (CLI)

For example, trying to list the help for the interface command while at the global configuration level produces this result:.. ProCurve# speed-duplex help Invalid

Chapter 2 Using the Command Line Interface

User Level EXEC Command Privileged Level EXEC Command Global Level CONFIG Command Interface Level CONFIG Command Loopback Interface CONFIG Command Virtual Interface CONFIG Command