Configuring Flexible NetFlow on a Cisco Device

Flexible NetFlow is a performance-optimized NetFlow implementation. You can also use it for Cisco Network Based Application Recognition (NBAR) summaries. To configure a network device to use Flexible NetFlow, perform with the following configuration steps:

  1. Create a flow monitor
  2. Define the flow record (use one of the two configuration methods)
  3. Create a flow exporter

These tasks are described in the following sections, using an example configuration to illustrate how to complete the tasks from the Cisco IOS command-line interface (CLI).

Important: The network device you want to configure must be running a Cisco IOS release that supports Cisco IOS Flexible NetFlow.

Important: For details, see the Cisco documentation for configuring Flexible NetFlow.

Creating a flow monitor

The following example illustrates how to configure a Flexible NetFlow enabled device to utilize Flexible NetFlow in support of NBAR and Network Traffic Analysis application monitoring. For more information, see the Cisco documentation for configuring Flexible NetFlow.

To create a flow monitor:

  1. Enter the privileged EXEC mode, then enter the global configuration mode.

    Router> enable

    Router# configure terminal

  2. Create a flow monitor and enter the flow monitor configuration mode.

    Router(config)# flow monitor application-mon

    Router(config-flow-monitor)# description app traffic analysis

    Router(config-flow-monitor)# cache timeout active 60

Defining a flow record

There are two methods to define a flow record to use Flexible NetFlow. The first, and simplest to configure option, is to run a command on the Cisco device to configure sources with a predefined format as follows:

(Option 1) To define a flow record:

(Option 2) To define a flow record:

  1. Enter the privileged EXEC mode, then enter the global configuration mode.

    Router > enable

    Router# configure terminal

  2. Enter the flow monitor configuration mode.

    Router(config)# flow monitor application-mon

  3. Name the record and enter a description.

    Router(config-flow-monitor)# flow record nbar-appmon

    Router(config-flow-record)# description NBAR Flow Monitor

  4. Define key boxes, using the match keyword.

    Router(config-flow-record)# match ipv6 tos

    Router(config-flow-record)# match ipv6 protocol

    Router(config-flow-record)# match ipv6 source address

    Router(config-flow-record)# match ipv6 destination address

    Router(config-flow-record)# match transport source-port

    Router(config-flow-record)# match transport destination-port

    Router(config-flow-record)# match interface input

    Router(config-flow-record)# match application name

    Note: By using the application name as a match parameter, you can utilize Network Based Application Recognition (NBAR) to collect statistics and report on network usage by individual applications.

  5. Define nonkey boxes, using the collect keyword.

    Router(config-flow-record)# collect interface output

    Router(config-flow-record)# collect counter bytes

    Router(config-flow-record)# collect counter packets

    Router(config-flow-record)# collect transport tcp flags
    (for networks using the BGP protocol, include the following two commands)

    Router(config-flow-record)# collect routing source as

    Router(config-flow-record)# collect routing destination as

  6. Enter the flow monitor configuration mode and configure the flow monitor to use the newly configured record.

    Router(config)# flow monitor application-mon

    Router(config-flow-monitor)# record nbar-appmon

Creating a flow exporter

When the record is complete, you can create the flow exporter. This component exports records from the flow monitor on the network device to the flow collector, in this case Flow Monitor.

To create a flow exporter:

  1. Enter the privileged EXEC mode, then enter the global configuration mode.

    Router > enable

    Router# configure terminal

  2. Create and describe the flow exporter.

    Router(config)# flow exporter export-to-progress-flow-monitor

    Router(config-flow-exporter)# description Flexible NF v9

  3. Set the destination flow collector IP address.

    Router(config-flow-exporter)# destination <Collector IP Address>

  4. Define the PDU type and destination port.

    Router(config-flow-exporter)# transport udp 9999

    Note: Port 9999 is the default port for Flow Monitor

  5. Set options for exporter operation.

    Router(config-flow-exporter)# template data timeout

  6. Enter the global configuration mode and configure the flow monitor to use the new flow exporter.

    Router# configure terminal

    Router(config)# exporter export-to-progress_flow_monitor

See Also

Configure Flow Export on Source Devices

Configure Flow Export

Configure sFlow Export on HP Devices

Configuring NetFlow for Meraki

Configuring NetFlow for Aruba