Netflow

• statistics, billing, monitoring, security (DoS protection)
• flow identification:
  1. input logical interface
  2. src/dst IP
  3. src/dst port
  4. L3 protocol
  5. ToS
• UDP
• cache:
  1. normal
  2. immediate: for real-time small flows
  3. permanent: no flow timeout

(config)# ip flow-export destination <IP> <PORT>
(config)# ip flow-export version <N>
(config)# ip flow-export source <INTF>

(config)# flow exporter
(config)# flow monitor

; MPLS-aware Netflow, P* – tracked labels numbers, 1 ≡ top of stack
(config)# ip flow-cache mpls label-positions <P1> <P2> <P3>

(config-if)# ip flow ingress|egress
(config-if)# ip flow monitor
(config-if)# ip route-cache flow [input]

# show ip cache flow
# show ip cache verbose flow

# show ip flow export
# show ip flow interfaces

; NX-OS
# show hardware flow ip

Sampled Netflow

(config)# feature netflow
(config)# sampler <NAME>
(config-flow-sampler)# mode <N> out-of <M>

(config-if)# ip flow monitor <MONITOR> input|output sampler <NAME>