how to configure NetFlow data accounting on your routing devices.

Today in this tutorial i am going to show you how to configure Netflow on cisco router to understand and monitoring the network behaviour including what where when and how network traffic is flowing and hence netflow helps us to understand the network behaviour and help us to utilize the network more efficiently.

What is NetFlow?

NetFlow enables you to collect traffic flow statistics on your routing devices.

NetFlow is performed independently on each routers. Using NetFlow Data Export (NDE), you can export data to a remote workstation for data collection and further processing.

Note NetFlow does consume additional memory and CPU resources; therefore, it is important to understand the resources required on your router before enabling NetFlow.

How does NetFlow give you network information?

First we need to know What is an IP Flow?

Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.

Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.

IP Packet attributes used by NetFlow are :

• IP source address

• IP destination address

• Source port

• Destination port

• Layer 3 protocol type

• Class of Service

.Router or Switch interface

All packets with the same source/destination IP address, source/destination ports, protocol interface and class of service are grouped into a flow and then packets and bytes are tallied. This methodology of fingerprinting or determining a flow is scalable because a large amount of network information is condensed into a database of NetFlow information called the NetFlow cache.

Now see below diagram in which i have configure netflow on router R1 to monitor network flows.

NetflowConfiguration on router R1:

r1(config)#int fa0/0
r1(config-if)#ip flow ingress
r1(config-if)#ip flow egress
r1(config-if)#exit

r1(config)#ip flow-export destination 1.0.0.255 2055
r1(config)#ip flow version 9
r1(config)#ip flow-export source fa0/0

Now monitor network statistics aftre netflow configuration.

Now i am going to ing pc with router and server also with router and after that i will see the network statistics shown by router after netflow configuration.

r1#show ip cache flow

IP packet size distribution (5 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.600 .400 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

2 active, 4094 inactive, 4 added

5 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 34056 bytes

0 active, 1024 inactive, 0 added, 0 added to flow

0 alloc failures, 0 force free

1 chunk, 1 chunk added

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

ICMP 2 0.0 1 42 0.0 0.0 261.0

Total: 2 0.0 1 42 0.0 0.0 261.0

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Fa0/0 1.0.0.2 Local 1.0.0.1 01 0000 0000 2

Fa0/0 1.0.0.255 Local 1.0.0.1 01 0000 0000 1

Comments

Yousif HaQi says:

3 Sep 2015 at 7:27 pm

how is it possilbe to put a usable ip address using a broadcast ip address (x.x.x.255 ) ?
thanks for the response in advance

LikeLiked by 1 person

Reply
Ishmael Josie says:

7 Feb 2020 at 9:17 pm

Please I want you to send me the training videos. This is my what’s app number +231777523900

LikeLike

Reply
- satish tiwary says:
  
  8 Feb 2020 at 7:00 am
  
  Ok i will tray to create a video on netflow configuration on my Youtube channel: slashrootdotin
  
  LikeLike
  
  Reply

Learn Linux CCNA CEH IPv6 Cyber-Security Online

Top Posts & Pages

Blog Stats

Google Translation

Blog Stats