Netflow - Cisco Nexus 7000 Series Configuration Manual

NetFlow

NetFlow
NetFlow identifies packet flows for both ingress and egress IP packets and provide statistics based on these
packet flows. NetFlow does not require any change to either the packets themselves or to any networking
device.
Netflow Overview
NetFlow uses flows to provide statistics for accounting, network monitoring, and network planning. A flow
is a unidirectional stream of packets that arrives on a source interface (or VLAN) and has the same values for
the keys. A key is an identified value for a field within the packet. You create a flow using a flow record to
define the unique keys for your flow.
Cisco NX-OS supports the Flexible NetFlow feature that enables enhanced network anomalies and security
detection. Flexible NetFlow allows you to define an optimal flow record for a particular application by selecting
the keys from a large collection of predefined fields.
All key values must match for the packet to count in a given flow. A flow might gather other fields of interest,
depending on the export record version that you configure. Flows are stored in the NetFlow cache.
You can export the data that NetFlow gathers for your flow by using a flow exporter and export this data to
a remote NetFlow collector. Cisco NX-OS exports a flow as part of a NetFlow export User Datagram Protocol
(UDP) datagram under the following circumstances:
• The flow has been inactive or active for too long.
• The flow cache is getting full.
• One of the counters (packets or bytes) has exceeded its maximum value.
• You have forced the flow to export.
The flow record determines the size of the data to be collected for a flow. The flow monitor combines the
flow record and flow exporter with the NetFlow cache information.
Cisco NX-OS can gather NetFlow statistics in either full or sampled mode. Cisco NX-OS analyzes all packets
on the interface or subinterface for full NetFlow mode. For sampled mode, you configure the rate at which
Cisco NX-OS analyzes packets.
Flow Records
A flow record defines the keys that NetFlow uses to identify packets in the flow as well as other fields of
interest that NetFlow gathers for the flow. You can define a flow record with any combination of keys and
fields of interest. Cisco NX-OS supports a rich set of keys. A flow record also defines the types of counters
gathered per flow. You can configure 32-bit or 64-bit packet or byte counters.
The key fields are specified with the match keyword. The fields of interest and counters are specified under
the collect keyword.
Cisco NX-OS enables the following match fields as the defaults when you create a flow record:
• match interface input
• match interface output
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide
368
Configuring NetFlow