Cisco ASR1001 Netflow: различия между версиями
Sirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
| Строка 6: | Строка 6: | ||
=NetFlow на ASR1001x= |
=NetFlow на ASR1001x= |
||
[[Media:Cisco NetFlow Configuration.pdf|Cisco NetFlow Configuration.pdf]] |
[[Media:Cisco NetFlow Configuration.pdf|Cisco NetFlow Configuration.pdf]] |
||
| + | |||
| + | |||
| + | Cisco ASR 1000 NetFlow Configuration |
||
| + | Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Cisco Bug Search Tool and the release notes for your platform and software release. |
||
| + | Flexible NetFlow is supported on Catalyst 3560-X and 3750-X (Cat3k-X) Series Switches on the 10GE Service Module. Previously unsupported on the platform, the service module can enable hardware-supported, line-rate NetFlow on all traffic that traverses the module. |
||
| + | 1. Create a Flow Record (specify the fields to export) |
||
| + | A flow record defines the information that NetFlow gathers, such as packets in the flow and the types of counters gathered per flow. You specify a series of “match” and “collect” commands that tell the router which fields to include in the outgoing NetFlow PDU. |
||
| + | The “match” fields are the “key” fields. They are used to determine the uniqueness of the flow. The “collect” fields are just extra info that to include to provide more detail to the collector for reporting and analysis. |
||
| + | The fields marked with required below, are fields required for StealthWatch to accept and build a flow record. |
||
| + | asr1k(config)# flow record LANCOPE1 |
||
| + | asr1k(config-flow-record)#match ipv4 protocol |
||
| + | asr1k(config-flow-record)#match ipv4 source address asr1k(config-flow-record)#match ipv4 destination address asr1k(config-flow-record)#match transport source-port asr1k(config-flow-record)#match transport destination-port asr1k(config-flow-record)#match interface input |
||
| + | asr1k(config-flow-record)#match ipv4 tos |
||
| + | asr1k(config-flow-record)#collect interface output |
||
| + | asr1k(config-flow-record)#collect counter bytes |
||
| + | asr1k(config-flow-record)#collect counter packets |
||
| + | asr1k(config-flow-record)#collect timestamp sys-uptime firstrequired; for calculating duration asr1k(config-flow-record)#collect timestamp sys-uptime lastrequired; for calculating duration |
||
| + | asr1k(config-flow-record)#collect flow sampler asr1k(config-flow-record)#collect routing next-hop address |
||
| + | ipv4 asr1k(config-flow-record)#collect ipv4 dscp |
||
| + | asr1k(config-flow-record)#collect ipv4 ttl minimum asr1k(config-flow-record)#collect ipv4 ttl maximum asr1k(config-flow-record)#collect transport tcp flags asr1k(config-flow-record)#collect routing destination as |
||
| + | optional; used to obtain sampling rate |
||
| + | optional; used for |
||
| + | closest interface determination |
||
| + | optional; used to generate QoS reports optional; provides pathing info |
||
| + | optional; provides pathing info |
||
| + | optional; security anaysis |
||
| + | optional; enable if you use BGP |
||
Версия 15:21, 8 июля 2024
NetFlow на ASR1001x
Cisco NetFlow Configuration.pdf
Cisco ASR 1000 NetFlow Configuration
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Cisco Bug Search Tool and the release notes for your platform and software release.
Flexible NetFlow is supported on Catalyst 3560-X and 3750-X (Cat3k-X) Series Switches on the 10GE Service Module. Previously unsupported on the platform, the service module can enable hardware-supported, line-rate NetFlow on all traffic that traverses the module.
1. Create a Flow Record (specify the fields to export)
A flow record defines the information that NetFlow gathers, such as packets in the flow and the types of counters gathered per flow. You specify a series of “match” and “collect” commands that tell the router which fields to include in the outgoing NetFlow PDU.
The “match” fields are the “key” fields. They are used to determine the uniqueness of the flow. The “collect” fields are just extra info that to include to provide more detail to the collector for reporting and analysis.
The fields marked with required below, are fields required for StealthWatch to accept and build a flow record.
asr1k(config)# flow record LANCOPE1
asr1k(config-flow-record)#match ipv4 protocol
asr1k(config-flow-record)#match ipv4 source address asr1k(config-flow-record)#match ipv4 destination address asr1k(config-flow-record)#match transport source-port asr1k(config-flow-record)#match transport destination-port asr1k(config-flow-record)#match interface input
asr1k(config-flow-record)#match ipv4 tos
asr1k(config-flow-record)#collect interface output
asr1k(config-flow-record)#collect counter bytes
asr1k(config-flow-record)#collect counter packets
asr1k(config-flow-record)#collect timestamp sys-uptime firstrequired; for calculating duration asr1k(config-flow-record)#collect timestamp sys-uptime lastrequired; for calculating duration
asr1k(config-flow-record)#collect flow sampler asr1k(config-flow-record)#collect routing next-hop address
ipv4 asr1k(config-flow-record)#collect ipv4 dscp
asr1k(config-flow-record)#collect ipv4 ttl minimum asr1k(config-flow-record)#collect ipv4 ttl maximum asr1k(config-flow-record)#collect transport tcp flags asr1k(config-flow-record)#collect routing destination as
optional; used to obtain sampling rate
optional; used for
closest interface determination
optional; used to generate QoS reports optional; provides pathing info
optional; provides pathing info
optional; security anaysis
optional; enable if you use BGP
