Saturday, March 5, 2011

Nexus 7000 NetFlow Configuration

Just reached home from a Catalyst 6500 - Nexus 7000 migration.
Got a small task to migrate the ip route-cache flow interface subcommand on the Cat6K SVIs to the Nexus 7000.
Google led me to http://docwiki.cisco.com/wiki/Cisco_NX-OS/IOS_Netflow_Comparison

After some reading and configuration testing / fine-tuning, below is the configuration that satisfied me.

feature netflow

flow record Netflow-Record-1
  description Custom-Flow-Record
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match transport source-port
  match transport destination-port
  collect counter bytes
  collect counter packets

flow monitor Netflow-Monitor-1
  record Netflow-Record-1

int vlan1, vlan2, vlan3
  ip flow monitor Netflow-Monitor-1 input
  ip flow monitor Netflow-Monitor-1 output

Below shows the configuration steps on a Nexus 7000:

n7010-sw01# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
n7010-sw01(config)# feature netflow
n7010-sw01(config)#
n7010-sw01(config)# flow record Netflow-Record-1
n7010-sw01(config-flow-record)# description Custom-Flow-Record
n7010-sw01(config-flow-record)# match ipv4 source address
n7010-sw01(config-flow-record)# match ipv4 destination address
n7010-sw01(config-flow-record)# match ip protocol
n7010-sw01(config-flow-record)# match transport source-port
n7010-sw01(config-flow-record)# match transport destination-port
n7010-sw01(config-flow-record)# collect counter bytes
n7010-sw01(config-flow-record)# collect counter packets
n7010-sw01(config-flow-record)# exit
n7010-sw01(config)#
n7010-sw01(config)# flow monitor Netflow-Monitor-1
n7010-sw01(config-flow-monitor)# record Netflow-Record-1
n7010-sw01(config-flow-monitor)# exit
n7010-sw01(config)#
n7010-sw01(config)# int vlan1, vlan2, vlan3
n7010-sw01(config-if)# ip flow monitor Netflow-Monitor-1 input
n7010-sw01(config-if)# ip flow monitor Netflow-Monitor-1 output
n7010-sw01(config-if)# end
n7010-sw01#

Issue the show hardware flow ip command to obtain the output similar to the show ip cache flow command.

n7010-sw01# sh hardware flow ip

slot  1
=======


D - Direction; L4 Info - Protocol:Source Port:Destination Port
IF - Interface: ()ethernet, (S)vi, (V)lan, (P)ortchannel, (T)unnel
TCP Flags: Ack, Flush, Push, Reset, Syn, Urgent

D IF    SrcAddr         DstAddr         L4 Info         PktCnt     TCP Flags
-+-----+---------------+---------------+---------------+----------+-----------
I S1    128.001.004.080 172.026.021.099 006:02135:08088 0000001686 A . P . . .
I S1    128.001.004.080 172.026.021.099 006:02133:08088 0000001700 A . P . . .
I S1    128.001.005.019 192.168.010.026 006:02189:08080 0000000034 A . P . . .
I S2    192.168.010.026 128.001.005.019 006:08080:02189 0000000042 A . P . . .
I S1    128.001.007.091 128.001.006.202 001:00000:00771 0000000014 . . . . . .
I S1    128.001.005.019 192.168.010.026 006:02196:08080 0000000043 A . P . . .
I S2    192.168.010.026 128.001.005.019 006:08080:02196 0000000058 A . P . . .
I S1    128.001.005.019 192.168.010.026 006:02188:08080 0000000055 A . P . . .
I S2    192.168.010.026 128.001.005.019 006:08080:02188 0000000083 A . P . . .
I S3    128.001.041.202 224.000.000.018 112:08450:00007 0000000067 . . . . . .
I S1    128.001.002.002 224.000.000.018 112:08449:00007 0000000067 . . . . . .
I S1    128.001.005.019 192.168.010.026 006:02200:08080 0000000057 A . P . . .
I S2    192.168.010.026 128.001.005.019 006:08080:02200 0000000081 A . P . . .
I S1    128.001.007.090 128.001.006.202 001:00000:00771 0000000014 . . . . . .
I S1    128.001.002.012 172.020.002.040 006:03397:01442 0000000029 A . P . . .
I S1    128.001.002.002 128.001.048.002 017:00514:00514 0000000008 . . . . . .
I S1    128.001.002.003 128.001.048.002 017:00514:00514 0000000008 . . . . . .
I S3    128.001.045.139 172.020.002.040 006:01201:01442 0000000010 A . P . . .
I S1    128.001.002.012 172.020.002.060 006:04561:00080 0000000152 A . P . S .
I S1    172.020.001.027 128.001.006.202 017:00123:00123 0000000008 . . . . . .
I S1    172.020.001.027 128.001.006.201 017:00123:00123 0000000008 . . . . . .
I S3    128.001.045.092 172.020.002.024 006:01115:00445 0000001170 A . P . . .
I S1    128.001.003.058 172.026.021.033 006:01994:08080 0000000003 . . . . S .
I S1    128.001.006.118 128.001.006.002 017:00123:00123 0000000001 . . . . . .
I S1    128.001.004.211 172.020.002.040 006:01136:01442 0000000001 A . . . . .
I S1    128.001.005.019 192.168.010.026 006:02204:08080 0000000016 A . P . S .
I S2    192.168.010.026 128.001.005.019 006:08080:02204 0000000019 A . P . S .
I S3    128.001.045.224 172.020.009.024 006:01429:00445 0000000040 A F P . S .
I S1    128.001.003.058 172.026.021.033 006:01997:08080 0000000002 . . . . S .
I S1    128.001.005.055 172.026.021.033 006:02112:08088 0000000006 A F P . S .
I S3    128.001.046.021 172.020.003.011 006:01090:00257 0000000003 A . P . . .
I S1    128.001.004.047 172.026.002.104 006:49321:01355 0000000004 A . P . . .
I S1    172.020.001.023 128.001.048.002 017:00514:00514 0000000002 . . . . . .
I S1    128.001.003.058 172.026.021.033 006:02000:08080 0000000002 . . . . S .
I S1    128.001.007.088 172.020.002.013 006:01299:00080 0000000007 A F P . S .
I S1    128.001.005.019 192.168.010.026 006:02202:08080 0000000002 A . P . . .
I S2    192.168.010.026 128.001.005.019 006:08080:02202 0000000002 A . P . . .
I S1    128.001.003.058 172.026.021.033 006:02003:08080 0000000002 . . . . S .
I S1    128.001.004.047 172.020.002.040 006:50967:01442 0000000010 A . P . . .
I S1    128.001.005.055 172.026.021.033 006:02116:08088 0000000006 A F P . S .
I S1    128.001.007.088 172.020.002.013 006:01300:00080 0000000003 A F . . S .
I S1    128.001.005.041 172.020.002.103 006:01284:00443 0000000002 A . P R . .
I S1    128.001.005.041 172.020.002.103 006:01292:00443 0000000007 A . P . S .
I S3    128.001.045.152 172.020.002.040 006:01212:01442 0000000001 A . . . . .
I S1    128.001.005.055 172.026.021.033 006:02114:08088 0000000006 A F P . S .
I S1    128.001.005.168 172.020.002.040 006:02022:01442 0000000002 A . P . . .
I S1    128.001.005.019 050.016.235.173 006:02205:00843 0000000003 . . . . S .
I S2    050.016.235.173 128.001.005.019 006:00843:02205 0000000003 A . . R . .
I S1    128.001.004.080 172.026.021.099 006:02176:08088 0000000005 A F P . S .
I S1    128.001.005.019 050.016.235.173 006:02206:08890 0000000003 . . . . S .
I S2    050.016.235.173 128.001.005.019 006:08890:02206 0000000003 A . . R . .
I S1    128.001.004.080 172.026.021.099 006:02177:08088 0000000005 A F P . S .
I S1    128.001.003.058 172.026.021.033 006:02006:08080 0000000001 . . . . S .
I S1    172.020.001.027 172.020.008.068 017:00123:00123 0000000001 . . . . . .
O S1    172.026.021.099 128.001.004.080 006:08088:02133 0000002653 A . P . . .
O S1    172.026.021.099 128.001.004.080 006:08088:02135 0000002514 A . P . . .
O S2    128.001.005.019 192.168.010.026 006:02200:08080 0000000057 A . P . . .
O S1    192.168.010.026 128.001.005.019 006:08080:02200 0000000081 A . P . . .
O S2    128.001.005.019 192.168.010.026 006:02189:08080 0000000035 A . P . . .
O S1    192.168.010.026 128.001.005.019 006:08080:02189 0000000042 A . P . . .
O S2    128.001.005.019 192.168.010.026 006:02196:08080 0000000043 A . P . . .
O S1    192.168.010.026 128.001.005.019 006:08080:02196 0000000058 A . P . . .
O S2    128.001.005.019 192.168.010.026 006:02188:08080 0000000055 A . P . . .
O S1    192.168.010.026 128.001.005.019 006:08080:02188 0000000083 A . P . . .
O S1    172.020.002.040 128.001.002.012 006:01442:03397 0000000048 A . P . . .
O S3    172.020.002.040 128.001.045.139 006:01442:01201 0000000009 A . P . . .
O S1    172.020.002.060 128.001.002.012 006:00080:04561 0000000096 A . P . S .
O S2    172.020.003.101 010.165.001.013 017:01883:31000 0000000011 . . . . . .
O S1    172.020.001.027 128.001.006.201 017:00123:00123 0000000008 . . . . . .
O S2    128.001.005.019 192.168.010.026 006:02204:08080 0000000016 A . P . S .
O S1    192.168.010.026 128.001.005.019 006:08080:02204 0000000019 A . P . S .
O S3    172.020.009.024 128.001.045.224 006:00445:01429 0000000037 A F P . S .
O S3    172.020.002.024 128.001.045.092 006:00445:01115 0000001395 A . P . . .
O S1    172.020.002.040 128.001.004.211 006:01442:01136 0000000001 A . . . . .
O S1    172.020.002.103 128.001.005.041 006:00443:01284 0000000001 . . . R . .
O S1    172.020.002.103 128.001.005.041 006:00443:01292 0000000007 A F P . S .
O S3    172.020.002.040 128.001.045.152 006:01442:01212 0000000001 A . . . . .
O S1    172.026.021.033 128.001.005.055 006:08088:02114 0000000005 A F P . S .
O S1    172.020.002.040 128.001.005.168 006:01442:02022 0000000001 A . P . . .
O S2    128.001.005.019 050.016.235.173 006:02205:00843 0000000003 . . . . S .
O S1    050.016.235.173 128.001.005.019 006:00843:02205 0000000003 A . . R . .
O S1    172.026.021.099 128.001.004.080 006:08088:02176 0000000005 A F P . S .
O S2    128.001.005.019 050.016.235.173 006:02206:08890 0000000003 . . . . S .
O S1    050.016.235.173 128.001.005.019 006:08890:02206 0000000003 A . . R . .
O S1    172.026.021.099 128.001.004.080 006:08088:02177 0000000005 A F P . S .
O S1    172.017.010.107 172.020.001.015 017:00137:00137 0000000005 . . . . . .
O S1    172.020.008.068 172.020.001.027 017:00123:00123 0000000001 . . . . . .
O S1    172.026.021.033 128.001.005.055 006:08088:02112 0000000005 A F P . S .
O S3    172.020.003.011 128.001.046.021 006:00257:01090 0000000003 A . . . . .
O S1    172.026.002.104 128.001.004.047 006:01355:49321 0000000002 A . P . . .
O S2    172.020.004.049 065.055.184.155 006:03135:00443 0000000003 . . . . S .
O S1    172.020.003.011 128.001.006.201 006:03610:18192 0000000003 . . . . S .
O S1    172.020.002.013 128.001.007.088 006:00080:01299 0000000006 A F P . S .
O S2    128.001.005.019 192.168.010.026 006:02202:08080 0000000002 A . P . . .
O S1    192.168.010.026 128.001.005.019 006:08080:02202 0000000002 A . P . . .
O S1    172.025.002.006 172.020.001.015 017:00137:00137 0000000005 . . . . . .
O S1    172.020.002.040 128.001.004.047 006:01442:50967 0000000009 A . P . . .
O S1    172.026.021.033 128.001.005.055 006:08088:02116 0000000006 A F P . S .
O S1    172.020.002.013 128.001.007.088 006:00080:01300 0000000003 A . . R S .

slot  2
=======


D - Direction; L4 Info - Protocol:Source Port:Destination Port
IF - Interface: ()ethernet, (S)vi, (V)lan, (P)ortchannel, (T)unnel
TCP Flags: Ack, Flush, Push, Reset, Syn, Urgent

D IF    SrcAddr         DstAddr         L4 Info         PktCnt     TCP Flags
-+-----+---------------+---------------+---------------+----------+-----------
I S2    128.001.022.005 224.000.000.002 017:01985:01985 0000000067 . . . . . .
I S1    128.001.004.211 128.001.006.202 001:00000:00771 0000000014 . . . . . .
I S1    128.001.006.210 128.001.006.202 006:01477:00023 0000000080 A . P . . .
I S1    128.001.006.201 224.000.000.002 017:01985:01985 0000000067 . . . . . .
I S3    128.001.046.005 224.000.000.002 017:01985:01985 0000000067 . . . . . .
n7010-sw01#

Issue the clear hardware flow ip command to reset the counters.

n7010-sw01# clear hardware flow ip

slot  1
=======


slot  2
=======

n7010-sw01#

Just for the sake of completeness, below shows a sample output of the show ip cache flow command on a Cat6K.

Cat6K-MSFC#sh ip cache flow
IP packet size distribution (186066824 total packets):
   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
   .003 .279 .224 .083 .033 .050 .261 .024 .010 .002 .005 .001 .000 .000 .000

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
   .000 .000 .000 .007 .008 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes
  315 active, 65221 inactive, 44984247 added
  1066017127 ager polls, 0 flow alloc failures
  last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-Telnet       29844      0.0         1    48      0.0      10.0      15.2
TCP-FTP           7547      0.0         1    55      0.0       0.4      14.2
TCP-FTPD            80      0.0         1   894      0.0       5.5      13.2
TCP-WWW        2387684      0.5         1    88      0.9       3.0      13.8
TCP-SMTP         24604      0.0         1    72      0.0       1.3      15.2
TCP-X             4295      0.0         1    60      0.0       3.9      15.2
TCP-other     18312810      4.2         1   192      6.5       4.2      14.4
UDP-DNS         619797      0.1         8    66      1.2       6.9      15.3
UDP-NTP        3258897      0.7         1    76      0.7       0.0      15.4
UDP-TFTP         14604      0.0         1    48      0.0       0.0      15.4
UDP-Frag          5707      0.0         2    61      0.0      20.2      15.3
UDP-other     18851303      4.3         6   146     27.8       5.5      15.4
ICMP           1438190      0.3         2   114      0.7       6.4      15.4
IP-other         26231      0.0       852    56      5.2    1618.5       2.9
Total:        44981593     10.4         4   137     43.3       5.4      14.9

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Vl3           128.1.45.126    Vl22          172.20.2.11     06 0424 01BD     1
Vl1           128.1.5.68      Null          128.1.47.34     06 0D49 238C     3
Vl3           128.1.45.59     Vl17          172.17.1.35     06 065C 0402     1
Vl3           128.1.45.117    Vl17          172.26.21.139   06 0B58 1F90     1
Vl3           128.1.44.72     Vl17          172.26.2.100    06 0469 061B     1
Vl1           128.1.5.236     Vl1           172.20.1.29     06 0A58 238C     2
Vl1           128.1.5.236     Vl1           172.20.1.30     06 0A59 238C     1
Vl3           128.1.44.30     Vl17          172.30.8.44     06 06DD 0051     2
Vl3           128.1.44.233    Vl22          172.20.2.11     06 0F2D 01BD     1
Vl1           172.20.1.32     Vl3           128.1.45.20     06 05D6 0977     4
Vl3           128.1.44.27     Vl22          172.20.2.29     06 086E 06B1     1
Vl1           172.20.1.28     Vl28          172.20.8.18     06 09D0 086C     1
Vl3           128.1.46.21     Vl23          172.20.3.11     06 0935 0101     3
Vl3           128.1.45.59     Vl17          172.17.1.33     11 007B 007B     1
Vl1           128.1.3.155     Vl17          10.31.148.220   06 0D3D 0708     3
Vl3           128.1.47.68     Null          128.1.47.255    11 008A 008A     1
Vl3           128.1.47.30     Null          128.1.47.255    11 008A 008A     1
Vl3           188.87.5.10     Null          188.87.5.255    11 008A 008A     1
Vl1           128.1.2.2       Null          224.0.0.18      70 0000 0000  1479
Vl3           128.1.44.225    Null          128.1.47.255    11 008A 008A     1
Vl3           128.1.44.225    Null          128.1.47.255    11 0089 0089     1
Vl1           128.1.4.224     Null          128.1.7.255     11 0089 0089    14
--- output omitted ---

Viola and thanks for reading... ^_^
Posted by Yap Chin Hoong at 9:17 AM
Labels: , ,

1 comment:

Subscribe to: Post Comments (Atom)