Flexible NetFlow can be used to support the implementation of Cisco Network Based Application Recognition (NBAR) technology. To configure a network device to use Flexible NetFlow, perform with the following configuration steps:
These tasks are described in the following sections, using an example configuration to illustrate how to complete the tasks from the Cisco IOS command line interface (CLI).
Important: The network device you want to configure must be running a Cisco IOS release that supports Cisco IOS Flexible NetFlow.
The following example illustrates how to configure a Flexible NetFlow enabled device to utilize Flexible NetFlow in support of NBAR and Network Traffic Analysis application monitoring. For more information see the Cisco IOS Flexible NetFlow configuration guide.
To create a flow monitor:
Router> enable
Router# configure terminal
Router(config)# flow monitor application-mon
Router(config-flow-monitor)# description app traffic analysis
Router(config-flow-monitor)# cache timeout active 60
There are two methods to define a flow record to use Flexible NetFlow. The first, and simplest to configure option, is to run a command on the Cisco device to configure sources with a predefined format as follows:
(Option 1) To define a flow record:
record netflow ipv4 original-inputrecord netflow ipv6 original-input- or -record netflow original-input
(Option 2) To define a flow record:
Router > enable
Router# configure terminal
Router(config)# flow monitor application-mon
Router(config-flow-monitor)# flow record nbar-appmon
Router(config-flow-record)# description NBAR Flow Monitor
match keyword.Router(config-flow-record)# match ipv6 tos
Router(config-flow-record)# match ipv6 protocol
Router(config-flow-record)# match ipv6 source address
Router(config-flow-record)# match ipv6 destination address
Router(config-flow-record)# match transport source-port
Router(config-flow-record)# match transport destination-port
Router(config-flow-record)# match interface input
Router(config-flow-record)# match application name
Note: By using the application name as a match parameter, you can utilize Network Based Application Recognition (NBAR) to collect statistics and report on network usage by individual applications.
collect keyword.Router(config-flow-record)# collect interface output
Router(config-flow-record)# collect counter bytes
Router(config-flow-record)# collect counter packets
Router(config-flow-record)# collect transport tcp flags
(for networks using the BGP protocol, include the following two commands)
Router(config-flow-record)# collect routing source as
Router(config-flow-record)# collect routing destination as
Router(config)# flow monitor application-mon
Router(config-flow-monitor)# record nbar-appmon
When the record is complete, you can create the flow exporter. This component exports records from the flow monitor on the network device to the flow collector, in this case Flow Monitor.
To create a flow exporter:
Router > enable
Router# configure terminal
Router(config)# flow exporter export-to-ipswitch-flow-monitor
Router(config-flow-exporter)# description Flexible NF v9
Router(config-flow-exporter)# destination <Collector IP Address>
Router(config-flow-exporter)# transport udp 9999
Note: Port 9999 is the default port for Flow Monitor
Router(config-flow-exporter)# template data timeout
Router# configure terminal
Router(config)# exporter export-to-ipswitch_flow_monitor