Documentation forNetFlow Traffic Analyzer
Analyzing network traffic and bandwidth is a key capability of SolarWinds Observability Self-Hosted (formerly Hybrid Cloud Observability) and is available in the Advanced edition. NetFlow Traffic Analyzer (NTA) is also available in a standalone module.

Enable NetFlow on Catalyst 6500 and 7600 series

The following sections provide the procedures required to enable NetFlow and NetFlow Data Export (NDE) on Catalyst 6500 Series switches and the 7600 Series.

  • You must enable NetFlow on every monitored Multilayer Switch Feature Card (MSFC) Layer 3 interface to support NetFlow Data Export from both the Policy Feature Card (PFC) and the MSFC.
  • You must enable NDE on the MSFC to support NDE on the PFC.

This information is provided as a guide for enabling NetFlow to work with NTA. Consult your Cisco product documentation for details about configuring NetFlow and Netflow export on Cisco Catalyst 6500 and 7600 Series devices.

Enable NetFlow and NDE on the Multilayer Switch Feature Card (MSFC)

The MSFC maintains a table of NetFlow data representing software-routed data flows through the device. The following procedure for enabling NetFlow and NDE on the MSFC should be performed on every monitored Layer 3 interface.

  1. Log in to the device, and enter global configuration mode.
  2. Type interface {vlan vlan_ID} | {type slot/port} | {port-channel port_channel_number} to select a Layer 3 interface to configure.

    • type can be any of the following: ethernet, fastethernet, gigabitethernet, tengigabitethernet
    • type can also be any of the following, if the device is running Supervisor Engine 2: ge-wan, pos, atm

  3. Type ip flow ingress to enable NetFlow.
  4. Type exit to exit interface configuration mode and return to global configuration mode.
  5. Type ip flow-export source {{vlan vlan_ID} | {type slot/port} | {port-channel number} | {loopback number}} to configure the interface used as the source of the NDE packets containing statistics from the MSFC.
  6. Repeat this procedure for each additional interface on which you want to enable NetFlow and NDE.
  7. Type end to exit global configuration mode and return to privileged EXEC mode.
  8. Type ip flow-export source {{vlan vlan_ID} | {type slot/port} | {port-channel number} | {loopback number}} to configure the interface used as the source of the NDE packets containing statistics from the MSFC.

    You must select an interface configured with an IP address.

Enable NetFlow and NDE on the Policy Feature Card (PFC)

  1. Log in to the device, and enter global configuration mode.
  2. Enter mls netflow to enable NetFlow on the PFC.
  3. Entermls nde sender version 5|9 to enable NDE from the PFC and configure the NDE version.

    • NTA accepts data in NetFlow version 5 and version 9 formats.
    • NDE from the PFC uses the source interface configured for the MSFC.

Configure the destination for NDE data streams

Provide the IP address and UDP port number you have or plan to specify when you install NTA. Export redundancy is available with the NetFlow Multiple Export Destinations feature. This feature allows for the designation of multiple destinations for NDE data streams by successively calling the following function for different destinations. Multiple destinations establishes backup for all NDE streams.

  1. Log in to the device, and enter global configuration mode.
  2. Type ip flow-export destination ip_address udp_port_number with the appropriate IP address and UDP port for the installation of NTA. For example:

    ip flow-export destination 12.36.43.7 2055

    • NetFlow Multiple Export Destinations: To configure redundant NDE data streams, you can enter the ip flow-export destination command twice and configure a different destination in each command.
    • Configuring two destinations increases the RP CPU utilization, as you are exporting the data records twice.
    • The destination address and UDP port number are saved in NVRAM and are preserved if NDE is disabled and re-enabled or if the device is power cycled.

Set the aging interval for NDE

The aging interval determines the cutoff point at which the device exports current NetFlow data.

  1. Log in to the device, and enter global configuration mode.
  2. Type mls aging normal 64 to export data every 64 seconds. The default value is five minutes.
  3. Type mls aging long 64 to export data approximately every two minutes. The default value is 32 minutes.

Display the NDE address and port configuration for verification

  1. Enter privileged EXEC mode on your device.
  2. Type show mls nde to display the NDE configuration.
  3. Type show ip flow export to display the NDE source interface configuration.