Cflowd Configuration Overview
The implementation of cflowd supports the option to analyze traffic flow. The implementation
also supports the use of traffic/access list (ACL) filters to limit the type of traffic that is analyzed.
Traffic Sampling
Traffic sampling does not examine all packets received by a router. Command parameters allow
the rate at which traffic is sampled and sent for flow analysis to be modified. The default sampling
rate is every 1000th packet. Excessive sampling over an extended period of time, for example,
more than every 1000th packet, can burden router processing resources.
The following data is maintained for each individual flow in the raw flow cache:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Page 488
Source IP address
Destinations IP address
Source port
Destination port
Input interface
Output interface
IP protocol
TCP flags
First timestamp (of the first packet in the flow)
Last timestamp (timestamp of last packet in the flow prior to expiry of the flow)
Source AS number for peer and origin (taken from BGP)
Destination AS number for peer and origin (taken from BGP)
IP next hop
BGP next hop
ICMP type and code
IP version
Source prefix (from routing)
Destination prefix (from routing)
MPLS label stack from label 1 to 6
7450 ESS OS Router Configuration Guide