Both Cisco 6500 & 7600 serve as Core devices on a network to distribute large amount of traffic. The high volume of packets and packet rates of traffic on some device links which leads to more utilization of CPU and memory for performing traffic analysis in this scenario. One solution to avoid this problem is sampling. Sampling defines that instead of every packet, 1 out of N packets (where N is the sampling rate) is captured and sent to the NetFlow Analyzer for traffic analytics. Based on the information in 1 packet, the traffic pattern for the rest of the packets is constructed.
The sampling rate is indicated in a header field of NetFlow version 5 (same sampling rate for all interfaces) or in option records of NetFlow version 9 (sampling rate can be set per interface). Based on the information about sampling rate in the header and the actual information on traffic in the packet, NetFlow Analyzer will show traffic stats for each interface.
NetFlow Sampling:-
Following is the configuration that has to be done on the Cisco 6500 & 7600 device to export sample based NetFlow:
MLS Configuration :-
Cisco(config)#mls netflow //This enables NetFlow on the Supervisor.
Cisco(config)#mls nde sender version 5
Cisco(config)#mls aging long 64 //This breaks up long-lived flows into (roughly) one-minute segments.
Cisco(config)#mls aging normal 32 //This ensures that flows that have finished are exported in a timely manner.
Cisco(config)#mls flow ip interface-full
Cisco(config)#mls nde interface
Cisco(config)#mls sampling packet-based 1024 //Enables sampling on MLS with 1 out of N packets sampled
The next two commands will help to enable NetFlow data export for bridged traffic which is optional. You can specify the list of VLANs here to enable bridged traffic.
Cisco(config)#ip flow ingress layer2-switched vlan <vlanlist>
Cisco(config)#ip flow export layer2-switched vlan <vlanlist>
MSFC Configuration :-
Cisco(config)#ip flow-export destination {hostname|ip_address} 9996 // The hostname or IP address of the server where NetFlow Analyzer is installed
Cisco(config)#ip flow-export source {interface} // the interface through which NetFlow packets are
exported. eg: Cisco(config)#FastEthernet 0/0
Cisco(config)#ip flow-export version 5
Cisco(config)#ip flow-cache timeout active 1
Cisco(config)#ip flow-cache timeout inactive 15
Cisco(config)#snmp-server ifindex persist
Enabling Sample based NetFlow on Interface level:
Repeat the below mentioned command on all layer 3 interfaces :
Cisco(config)#interface XXXX
Cisco(config-if)#ip flow ingress
Cisco(config-if)#mls netflow sampling
NetFlow Analyzer receives the exported sampled NetFlow v5 or v9 packets and parses them to know the sampling rate for traffic statistics calculation. In some cases the exported NetFlow packets does not contain sampling rate, In those case, we can manually specify the sample rate in the product. Visit this link for more information.
Thanks and Regards
Praveen Kumar
Download | Interactive Demo | Product overview video | Twitter | Customers|
