Both Cisco 6500 & 7600 serve as Core devices on a
network to distribute large amount of traffic. The high volume of packets and
packet rates of traffic on some device links which leads to more utilization of
CPU and memory for performing traffic analysis in this scenario. One solution
to avoid this problem is sampling. Sampling defines that instead of every
packet, 1 out of N packets (where N is the sampling rate) is captured and sent
to the NetFlow Analyzer for traffic analytics. Based on the information in 1
packet, the traffic pattern for the rest of the packets is constructed.
The sampling rate is indicated in a header field of NetFlow
version 5 (same sampling rate for all interfaces) or in option records of
NetFlow version 9 (sampling rate can be set per interface). Based on the
information about sampling rate in the header and the actual information on
traffic in the packet, NetFlow Analyzer will show traffic stats for each
interface.
NetFlow Sampling:-
Following is the configuration that has to be done on the
Cisco 6500 & 7600 device to export sample based NetFlow:
MLS Configuration :-
Cisco(config)#mls netflow
//This enables NetFlow on the Supervisor.
Cisco(config)#mls nde sender version 5
Cisco(config)#mls aging long 64 //This breaks up long-lived flows into
(roughly) one-minute segments.
Cisco(config)#mls aging normal 32 //This ensures that
flows that have finished are exported in a timely manner.
Cisco(config)#mls flow ip interface-full
Cisco(config)#mls nde interface
Cisco(config)#mls sampling packet-based 1024 //Enables sampling on MLS with 1 out of N
packets sampled
The next two commands will help to enable NetFlow data
export for bridged traffic which is optional. You can specify the list of VLANs
here to enable bridged traffic.
Cisco(config)#ip flow ingress layer2-switched vlan
Cisco(config)#ip flow export layer2-switched vlan
MSFC Configuration :-
Cisco(config)#ip flow-export destination
hostname 9996 // The
hostname or IP address of the server where NetFlow Analyzer is installed
Cisco(config)#ip flow-export source interface // the
interface through which NetFlow packets are
exported. eg: Cisco(config)#FastEthernet
0/0
Cisco(config)#ip flow-export version 5
Cisco(config)#ip flow-cache timeout active 1
Cisco(config)#ip flow-cache timeout inactive 15
Cisco(config)#snmp-server ifindex persist
Enabling Sample based NetFlow on Interface level:
Repeat the below mentioned command on all layer 3 interfaces
:
Cisco(config)#interface XXXX
Cisco(config-if)#ip flow ingress
Cisco(config-if)#mls netflow sampling
NetFlow Analyzer receives
the exported sampled NetFlow v5 or v9 packets and parses them to know
the sampling rate for traffic statistics calculation. In some cases the exported NetFlow packets does not contain sampling rate, In those case, we can manually specify the sample rate in the product. Visit this link for more information.
Thanks and Regards
Praveen Kumar
Download | Interactive
Demo | Product overview video | Twitter |
Customers|
You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com
The original article/video can be found at NetFlow Sampling on Cisco 6500 & 7600 series device