Cisco NGA 3000 series
The following configuration example creates a custom flow record and flow monitor for a Cisco NetFlow Generation Appliance 3000 series. Each section in the example includes notes that explain what the commands are doing.
Flow record
flow record IPv4 OrionNetFlow match ip tos match ip protocol match source match destination match transport source-port match transport destination-port match input-interface match output-interface collect counter bytes collect counter packets exit ! !
The flow record part of this configuration example creates the record called ipv4 OrionNetFlow and uses the match and collect commands to define the key fields in the record by which flow data will be processed. For more information on these commands, see the Command Reference Guide for Cisco NetFlow Generation Appliance.
Flow collector
flow collector Orion address 10.199.15.37 dscp 0 transport udp destination-port 2055 exit !
The flow collector part of this configuration example creates the record called Orion, sets the IPv4 address of the collector where NGA will send NetFlow packets to, sets the dscp value of the NetFlow packets and the UDP port that the collector device is listening on for NetFlow packets.
Flow exporter
flow exporter Netflow-to-Orion version v9 template-period 1 option-period 1 policy multi-destination destination Orion exit
The flow exporter part of the configuration examples defines the following:
- An exporter called NetFlow-to-Orion.
- The
destination, which is the IP address of the SolarWinds Platform server, to which the flow data will be exported. - The format of NetFlow packets:
version v9. - The frequency in minutes for sending NetFlow data templates to collectors in the exporter:
template-period 1. - The frequency in minutes that the exporter sends option template and option data to collector devices:
option-period 1. - The exporter will send the same NetFlow packet to all collectors set in the exporter:
policy multi-destination.
Flow monitor
flow monitor NetFlow-Monitor exporter Netflow-to-Orion record OrionNetFlow dataport 1,2,3,4 tunnel inner cache size 25 cache type standard cache timeout active 60 cache timeout inactive 30 cache timeout session disable exit ! flow monitor NetFlow-Monitor enable
The flow monitor part of the configuration example defines the following:
- A monitor called NetFlow-Monitor that uses the
recordandexportercommands to bind the flow record (OrionNetFlow) to the flow exporter (NetFlow-to-Orion) you already created. - The
dataporton which the flow monitor will receive packets and populate flow records. - If there are tunneled packets that have more than one set of IP addresses, the monitor tracks the innermost IP addresses:
tunnel inner. - The monitor instance is allocated 25% of total cache memory before flows age out and are forwarded to the exporter:
cache size 25. - The timeout in seconds for exporting flow statistics for flows which are continuously active:
cache-timeout active. - The maximum time in seconds a non-updated flow will stay in the cache before it is deleted and forwarded to the flow exporter:
cache-timeout inactive.
The flow monitor enable command activates the flow monitor, which is in the Inactive state by default.
Full configuration
The overall configuration without annotations looks like this:
flow record IPv4 OrionNetFlow match ip tos match ip protocol match source match destination match transport source-port match transport destination-port match input-interface match output-interface collect counter bytes collect counter packets exit ! ! flow collector Orion address 10.199.15.37 dscp 0 transport udp destination-port 2055 exit ! flow exporter Netflow-to-Orion version v9 template-period 1 option-period 1 policy multi-destination destination Orion exit ! flow monitor NetFlow-Monitor exporter Netflow-to-Orion record OrionNetFlow dataport 1,2,3,4 tunnel inner cache size 25 cache type standard cache timeout active 60 cache timeout inactive 30 cache timeout session disable exit ! flow monitor NetFlow-Monitor enable