Documentation forNetFlow Traffic Analyzer
Analyzing network traffic and bandwidth is a key capability of SolarWinds Observability Self-Hosted (formerly Hybrid Cloud Observability) and is available in the Advanced edition. NetFlow Traffic Analyzer (NTA) is also available in a standalone module.

Cisco Nexus 7000/7010

This device require a Flexible NetFlow configuration. The following example creates a custom flow record and flow monitor, and applies the monitor to appropriate interfaces. Each section in the example—flow record, flow exporter, flow monitor, and configuration on interfaces—includes notes that explain what the commands are doing.

Sample flexible NetFlow configuration

Flow record

flow record OrionNetFlow
match ip tos
match ip protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input (Auto Added)
match interface output (Auto Added)
match flow direction (Auto Added)
collect counter bytes
collect counter packets

The flow record part of this configuration example creates the record called OrionNetFlow and uses the match (ipv4, interface, transport) and collect (counter) commands to define the key fields in the record by which flow data will be processed. For more information on these commands, see this Cisco command reference.

Flow exporter

flow exporter NetFlow-to-Orion
destination 10.10.10.10
source vlanXXX
transport udp 2055
version 9
template data timeout 60

The template data timeout 60 command ensures that the template is exported every one minute. The default setting is 60 seconds.

The flow exporter part of the configuration examples defines the following:

  • An exporter called NetFlow-to-Orion.
  • The destination, which is the IP address of the SolarWinds Platform server, to which flow data will be exported.
  • The source called vlanXXX from which flow data will be exported.
  • The transport protocol (UDP) and port (2055) through which the flow data will pass.
  • The NetFlow export protocol, version 9, that the NetFlow collector should expect and use to process the data.

Flow monitor

flow monitor NetFlow-Monitor
description xxxx
exporter NetFlow-to-Orion
record OrionNetFlow

Configuration on interfaces

Apply the monitor to the appropriate interfaces.

interface Ethernet2/1
ip flow monitor NetFlow-Monitor input
ip flow monitor NetFlow-Monitor output

The flow monitor part of the configuration example defines the following:

  • A monitor called NetFlow-Monitor that uses the record and exporter commands to bind the flow record (OrionNetFlow) to the flow exporter (NetFlow-to-Orion) you already created.
  • The interface command defines the interface, called Ethernet2/1, to which the flow monitor NetFlow Monitor applies and ip flow monitor command specifies the capture of both ingress (input) and egress (output) data.

You can enter a VLAN range prior to entering the command above. For example, vlan 1 - 3967 instead of each VLAN separately.

Full configuration

The overall configuration without annotations looks like this:

flow record OrionNetFlow
match ip tos
match ip protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input (Auto Added)
match interface output (Auto Added)
match flow direction (Auto Added)
collect counter bytes
collect counter packets

flow exporter NetFlow-to-Orion
destination 10.10.10.10
source vlanXXX
transport udp 2055
version 9
template data timeout 60

flow monitor NetFlow-Monitor
description xxxx
exporter NetFlow-to-Orion
record OrionNetFlow

interface Ethernet2/1
ip flow monitor NetFlow-Monitor input
ip flow monitor NetFlow-Monitor output