The following example shows the configuration of NetFlow on a Cisco 7600. The flow records from both the PFC and the MSFC are exported to the collector with the IP address 10.48.71.129 and UDP port 9991. NetFlow is configured with the interface-full flow mask, to export the flow records with NetFlow version 5, and to exclude the flow records whose destination IP address is part of the 10.10.10.0/24 network. The command mls nde sender version 5 is specific to the flow records accounted on the PFC, and the command ip flow-export version 5 is specific to the flow records accounted on the MSFC.
7600(config)# mls flow ip interface-full 7600(config)# mls netflow 7600(config)# mls nde sender version 5 7600(config)# mls nde flow exclude destination 10.10.10.0 255.255.255.0 7600(config)# interface GigabitEthernet1/8 7600(config-if)# ip flow ingress 7600(config)# interface Vlan1 7600(config-if)# ip flow ingress 7600(config)# ip flow-export version 5 7600(config)# ip flow-export destination 10.48.71.129 9991
The NetFlow cache contains the flow records, PFC, and MSFC, with a clear separation in the output. This happens because the flows are monitored at two different logical entities and because the flows are classified according to two different sets of key-fields. Note also the Null interface for the flow records monitored by the MSFC.
7600# show ip cache flow
----------------------------------------------------------------------
MSFC:
IP packet size distribution (58 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .982 .000 .000 .000 .000 .000 .000 .000 .000 .017 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
11 active, 65525 inactive, 11 added
193 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 270664 bytes
11 active, 16373 inactive, 11 added, 11 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Vl1 0.0.0.0 Null 255.255.255.255 11 0044 0043 1
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
07C1 7 Vl1 10.48.77.118 Null 224.0.0.2 11 07C1
07C1 8 Vl1 10.48.73.58 Null 224.0.0.10 58 0000
0000 5
----------------------------------------------------------------------
PFC:
Displaying Hardware entries in Module 5
SrcIf SrcIPaddress DstIPaddress Pr SrcP
DstP Pkts
Vl1 10.48.71.129 10.48.72.208 tcp 62816
telnet 0 -- 0.0.0.0 0.0.0.0
0 0 0 6
The show mls nde and show ip flow export commands display the NetFlow export information for the PFC and MSFC, respectively. The fact that the two exports use the same source IP address (10.48.72.208) allows the export from NetFlow version 5 from both the PFC and the MSFC.
7600# show mls nde Netflow Data Export enabled Exporting flows to 10.48.71.129 (9992) Exporting flows from 10.48.72.208 (56986) Version: 5 Include Filter not configured Exclude Filter is: destination: ip address 10.10.10.0, mask 255.255.255.0 Total Netflow Data Export Packets are: 0 packets, 0 no packets, 0 records Total Netflow Data Export Send Errors: IPWRITE_NO_FIB = 0 IPWRITE_ADJ_FAILED = 0 IPWRITE_PROCESS = 0 IPWRITE_ENQUEUE_FAILED = 0 IPWRITE_IPC_FAILED = 0 IPWRITE_OUTPUT_FAILED = 0 IPWRITE_MTU_FAILED = 0 IPWRITE_ENCAPFIX_FAILED = 0 Netflow Aggregation Disabled 7600# show ip flow export Flow export v5 is enabled for main cache Exporting flows to 10.48.71.129 (9992) Exporting using source IP address 10.48.72.208 Version 5 flow records 50826 flows exported in 23589 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures 0 export packets were dropped enqueuing for the RP 0 export packets were dropped due to IPC rate limiting