Cisco NX-OS/IOS Netflow Comparison
From DocWiki
Objective
This tech note outlines the main differences in NetFlow between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the NX-OS documentation on Cisco.com for a complete list of supported features.
Netflow Overview
NetFlow provides flow-based statistics collection that is useful for troubleshooting, traffic analysis, performance monitoring, and security threat prevention. Cisco NX-OS supports a flexible architecture that allows a user to collect different data for different applications per interface, whereas the Cisco IOS Software supports one flow mask and export pair for the entire chassis.
Important Cisco NX-OS and Cisco IOS Software Differences
In Cisco NX-OS:
- NetFlow command-line interface (CLI) configuration and verification commands are not available until you enable the NetFlow feature with the feature netflow command.
- Two flow modes are supported: full and sampled.
- Sampled mode supports packet-based sampling (1-64 out of 1-8192).
- In sampled mode, the sampling occurs before the NetFlow cache is populated.
- Each line-card module supports 512,000 NetFlow cache entries.
- Layer 2 NetFlow based on MAC addresses is not supported at this time.
- A flexible architecture is used that consist of flow records, flow exports, and flow monitors.
- Cisco NX-OS supports more key and non-key fields for creating flow records and can collect additional information such as TCP flags and system uptime.
- NetFlow Versions 5 and 9 Export features are supported (Version 9 is recommended).
- A source interface must be configured for each flow export.
- Cisco NX-OS defaults to User Datagram Protocol (UDP) port 9995 for NetFlow Data Export.
- Cisco NX-OS provides more granular aging timers (session timer and aggressive threshold).
- The default aging timer values are different than in Cisco IOS Software.
- The NetFlow feature supports stateful process restarts.
Things You Should Know
The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring and managing NetFlow.
- If the feature netflow command is removed, all relevant NetFlow configuration information is also removed.
- NetFlow consumes hardware resources (ternary content-addressable memory [TCAM], CPU, etc.), so understanding the resource utilization on a device is important before enabling NetFlow.
- Sampling mode preserves CPU and NetFlow cache entries in high-traffic environments.
- A traffic direction needs to be specified when a flow monitor is applied to an interface.
- The active-aging flow timeout is 1800 seconds by default
- The inactive-aging flow timeout is 15 seconds by default.
- The fast-aging flow timeout is disabled by default.
- The aggressive-aging flow threshold is disabled by default.
- TCP session aging is disabled by default.
Configuration Comparison
The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are several significant differences: Cisco NX-OS allows NetFlow to be enabled and disabled globally, and it uses a more flexible architecture that allows different statistics to be collected for different applications. The Cisco IOS Software syntax shown here is from Cisco IOS Software Release 12.2(18)SXH.
| Cisco IOS CLI | Cisco NX-OS CLI | |
|---|---|---|
| Enabling the NetFlow Feature |
| Cisco IOS Software does not have the ability to enable or disable NetFlow. | feature netflow |
|---|
| Configuring a NetFlow Flow Record (Custom) |
| Cisco IOS Softfware does not have the ability to create custom NetFlow records. A system wide flow mask is defined. The following example uses interface-full.
mls flow ip interface-full mls nde sender version 5 | flow record Netflow-Record-1
description Custom-Flow-Record match ipv4 source address match ipv4 destination address match transport destination-port collect counter bytes collect counter packets |
|---|
| Configuring a NetFlow Flow Export |
| ip flow-export source GigabitEthernet2/2
ip flow-export version 9 ip flow-export destination 192.168.11.2 2000 | flow exporter Netflow-Exporter-1
description Production-Netflow-Exporter destination 192.168.11.2 source Ethernet2/2 version 9 |
|---|
| Configuring a NetFlow Monitor with a Custom Record |
| Cisco IOS Software does not have the ability to create flow monitors that associate NetFlow records to NetFlow exporters. | flow monitor Netflow-Monitor-1
description Applied Inbound-Eth-2/1 record Netflow-Record-1 exporter Netflow-Exporter-1 |
|---|
| Configuring a NetFlow Monitor with an Original Record |
| Cisco IOS Software does not have the ability to create flow monitors that associate NetFlow records to NetFlow exporters. | flow monitor Netflow-Monitor-2
description Use Predefined “Original-Netflow-Record” record netflow-original exporter Netflow-Exporter-1 |
|---|
| Applying a NetFlow Monitor to an Interface |
| interface gigabitethernet 6/1
ip flow ingress | interface Ethernet2/1
ip flow monitor Netflow-Monitor-1 input |
|---|
| Adjusting NetFlow Timers |
| mls aging fast
mls aging long 120 mls aging normal 32 | flow timeout active 120
flow timeout inactive 32 flow timeout fast 32 threshold 100 flow timeout session flow timeout aggressive threshold 75 |
|---|
| Configuring a NetFlow Sampler |
| mls sampling packet-based 64 8000
mls flow int-full mls nde sender version 5 | sampler NF-Sampler-1
description Sampler-for-Int-Eth-2/1 mode 1 out-of 1000 |
|---|
| Applying a NetFlow Sampler to an Interface |
| interface GigabitEthernet2/1
mls netflow sampling | interface Ethernet2/1
ip flow monitor NF-Mntr-1 input sampler NF-Sampler-1 |
|---|
Verification Command Comparison
The following table compares some useful show commands for verifying and troubleshooting NetFlow.
| Cisco NX-OS Netflow | Cisco IOS Software Netflow | Command Description |
|---|---|---|
| show flow exporter | show mls nde | Displays the configured exporter maps |
| show flow interface | - | Displays interfaces configured for NetFlow |
| show flow monitor | - | Displays information about monitor maps |
| show flow record | - | Displays information about record maps |
| show flow timeout | - | Displays the NetFlow timeout value |
| show hardware flow aging | show mls netflow aging | Displays the NetFlow table aging timeout value |
| show hardware flow entry | show mls netflow ip flow | Displays flow-specific information |
| show hardware flow ip | show mls netflow ip | Displays the IP NetFlow table |
| show hardware flow sampler | show mls sampling | Displays the NetFlow sampling configuration |
| show hardware flow utilization module | show mls netflow table summary | Displays NetFlow table utilization per module |
| show sampler | show flow-sampler | Displays information about sampler maps |
