Downloads |
Table Of Contents
Prerequisites for NetFlow BGP Next Hop Support
Restrictions for NetFlow BGP Next Hop Support
Information About NetFlow BGP Next Hop Support
How to Configure NetFlow BGP Next Hop Support
Configuring NetFlow BGP Next Hop Accounting
Configuration Examples for NetFlow BGP Next Hop Support
Configuring NetFlow BGP Next Hop Accounting: Example
Verifying the NetFlow BGP Next Hop Configuration: Example
show ip cache flow aggregation
NetFlow BGP Next Hop Support
The NetFlow Border Gateway Protocol (BGP) Next Hop Support feature lets you measure network traffic on a per BGP next hop basis. Without the NetFlow BGP Next Hop Support feature, NetFlow exports only IP next hop information (which provides only the next router); this feature adds BGP next hop information to the data export.
The NetFlow BGP Next Hop Support feature lets you track which service provider the traffic is going through. This functionality is useful if you have arrangements with several other service providers for fault-protected delivery of traffic. The feature lets you charge customers more per packet when traffic has a more costly destination—you can pass on some of the cost associated with expensive trans-oceanic links or charge more when traffic is sent to another ISP with which you have an expensive charge agreement.
This feature uses only the NetFlow Version 9 export format for its data export.
History for NetFlow BGP Next Hop Support
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
This document includes the following sections:
•
Prerequisites for NetFlow BGP Next Hop Support
•
•
•
•
Prerequisites for NetFlow BGP Next Hop Support
Before you can configure the NetFlow BGP Next Hop Support feature, you must configure
•
•
•
Restrictions for NetFlow BGP Next Hop Support
Recursive Load Sharing
The NetFlow cache does not capture the BGP next hop when the route to that BGP next hop is recursively load-shared via several IGP links. Instead, the NetFlow cache captures (as the BGP next hop) the effective simple next hop from a random selection of one of the load-shared routes to which the BGP route recurses.
Memory Impact
For BGP-controlled routes, the NetFlow BGP Next Hop Support feature adds 16 bytes to each NetFlow flow record. This increases memory requirements by 16 bytes times the number of flow cache entries that have BGP-controlled prefixes.
Performance Impact
Because the BGP next hop is fetched from the CEF path only once per flow, the performance impact of the NetFlow BGP Next Hop Support feature is minimal.
Information About NetFlow BGP Next Hop Support
To configure the NetFlow BGP Next Hop Support feature, you must understand the following concept:
Aggregation
The Cisco IOS NetFlow Aggregation feature summarizes NetFlow export data on a router before the data is exported to the NetFlow Collection Engine (formerly called NetFlow FlowCollector). The NetFlow BGP Next Hop Support feature provides the BGP next hop and its related aggregation scheme and provides BGP next hop information within each NetFlow record.
How to Configure NetFlow BGP Next Hop Support
See the following sections for configuration tasks for the NetFlow BGP Next Hop Support feature. Each task in the list is identified as either required or optional.
•
•
•
Configuring NetFlow BGP Next Hop Accounting
This section shows how to configure NetFlow BGP next hop accounting for the main cache and aggregation caches. You can enable the export of origin AS information or peer AS information, but not both.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Verifying the Configuration
This section shows how to verify successful configuration of NetFlow BGP next hop accounting.
SUMMARY STEPS
1.
2.
DETAILED STEPS
Troubleshooting Tips
If there are no BGP-specific flow records in the NetFlow cache, make sure that CEF or dCEF switching is enabled and that the destination for NetFlow data export is configured. Also check the routing table for BGP routes.
Configuration Examples for NetFlow BGP Next Hop Support
This section provides the following configuration examples:
•
•
Configuring NetFlow BGP Next Hop Accounting: Example
The following example shows how to configure NetFlow BGP next hop accounting with origin AS and BGP next hop statistics:
Router> enablePassword:Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# ip flow-export Version 9 origin-as bgp-nexthopRouter(config)# endRouter#3w1d:%SYS-5-CONFIG_I: Configured from console by consoleRouter# exitVerifying the NetFlow BGP Next Hop Configuration: Example
The following example shows how to use the show ip cache verbose flow command to verify that NetFlow BGP next hop accounting is enabled:
Router> show ip cache verbose flowIP packet size distribution (120 total packets):1-32 64 96 128 160 192 224 256 288 320 352 384 416 448480.000 .000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000.000512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000IP Flow Switching Cache, 17826816 bytes8 active, 262136 inactive, 8 added26 ager polls, 0 flow alloc failuresActive flows timeout in 30 minutesInactive flows timeout in 15 secondsIP Sub Flow Cache, 1081480 bytes8 active, 65528 inactive, 8 added, 8 added to flow0 alloc failures, 0 force free1 chunk, 1 chunk addedlast clearing of statistics neverProtocol Total Flows Packets Bytes Packets Active(Sec)Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow/FlowSrcIf SrcIPaddress DstIf DstIPaddress Pr TOS FlgsPktsPort Msk AS Port Msk AS NextHop B/PkActiveMUL:M_Opaks M_Obytes BGP:BGP_NextHopEt0/0/2 12.0.0.2 Et0/0/4 13.0.0.5 01 00 10200000 /8 0 0800 /8 0 11.0.0.6 1000.0BGP:26.0.0.6Et0/0/2 12.0.0.2 Et0/0/4 15.0.0.7 01 00 10200000 /8 0 0800 /8 0 11.0.0.6 1000.0BGP:26.0.0.6Et0/0/2 12.0.0.2 Et0/0/4 15.0.0.7 01 00 10200000 /8 0 0000 /8 0 11.0.0.6 1000.0BGP:26.0.0.6Router> exitThe following example shows how to use the show ip cache flow aggregation bgp-nexthop-tos command to verify that NetFlow BGP next hop accounting is enabled:
Router> show ip cache flow aggregation bgp-nexthop-tosIP Flow Switching Cache, 278544 bytes1 active, 4095 inactive, 1 added8 ager polls, 0 flow alloc failuresActive flows timeout in 30 minutesInactive flows timeout in 15 secondsIP Sub Flow Cache, 17224 bytes1 active, 1023 inactive, 1 added, 1 added to flow0 alloc failures, 0 force free1 chunk, 1 chunk addedSrc If Src AS Dst If Dst AS TOS Flows Pkts B/PkActiveBGP NextHopEt0/0/2 0 Et0/0/4 0 00 9 36 408.2BGP:26.0.0.6Router> exitAdditional References
The following sections provide references related to NetFlow BGP Next Hop Support:
•
•
Related Documents
Standards
MIBs
•
•
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
Technical Assistance
Command Reference
This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 T command reference publications.
•
ip flow-aggregation cache
To enable NetFlow accounting aggregation cache schemes, use the ip flow-aggregation cache command in global configuration mode. To disable NetFlow accounting aggregation cache schemes, use the no form of this command.
ip flow-aggregation cache {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}
no ip flow-aggregation cache {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}
Syntax Description
Command Default
This command is not enabled by default.
Command Modes
Global configuration
Command History
Usage Guidelines
You must have NetFlow accounting configured on your router before you can use this command. The export destination command supports a maximum of two concurrent export destinations.
The ToS aggregation cache scheme keywords enable NetFlow accounting aggregation cache schemes that include the ToS byte in their export records. The ToS byte is an 8-bit field in the IP header. The ToS byte specifies the quality of service for a datagram during its transmission through the Internet.
You can enable only one aggregation cache configuration scheme per command line. The following rules apply to configuring source and destination masks.
•
•
•
To enable aggregation (whether or not an aggregation cache is fully configured), you must enter the enabled command in aggregation cache configuration mode. (You can use the no form of this command to disable aggregation. The cache configuration remains unchanged even if aggregation is disabled.)
Examples
The following example shows how to configure a NetFlow accounting autonomous system aggregation cache scheme:
Router(config)# ip flow-aggregation cache asRouter(config-flow-cache)# enabledThe following example shows how to configure a minimum prefix mask of 16 bits for the NetFlow accounting destination-prefix aggregation cache scheme:
Router(config)# ip flow-aggregation cache destination-prefixRouter(config-flow-cache)# mask destination minimum 16Router(config-flow-cache)# enabledThe following example shows how to configure a minimum prefix mask of 16 bits for the NetFlow accounting source-prefix aggregation cache scheme:
Router(config)# ip flow-aggregation cache source-prefixRouter(config-flow-cache)# mask source minimum 16Router(config-flow-cache)# enabledThe following example shows how to configure multiple export destinations for the NetFlow accounting autonomous system ToS aggregation cache scheme:
Router(config)# ip flow-aggregation cache as-tosRouter(config-flow-cache)# export destination 172.17.24.65 9991Router(config-flow-cache)# export destination 172.16.10.2 9991Router(config-flow-cache)# enabledRelated Commands
ip flow-export
To enable the export of information in NetFlow cache entries, use the ip flow-export command in global configuration mode. To disable the export of information, use the no form of this command.
ip flow-export [destination ip-address udp-port] | [source {ip-address | interface-name}] | [version {1 | [{5 | 9} [origin-as | peer-as] [bgp-nexthop]]}] | [template {refresh-rate packets | timeout-rate minutes} [options {export-stats | refresh-rate packets | timeout-rate minutes}]]
no ip flow-export [destination ip-address udp-port] | [source {ip-address | interface-name}] | [version {1 | [{5 | 9} [origin-as | peer-as] [bgp-nexthop]]}] | [template {refresh-rate packets | timeout-rate minutes} [options {export-stats | refresh-rate packets | timeout-rate minutes}]]
Syntax Description
Command Default
Export of information in NetFlow cache entries is disabled. You can specify origin AS accounting or peer AS export accounting, but not both.
Command Modes
Global configuration
Command History
Usage Guidelines
A NetFlow cache entry contains a lot of information. When flow switching is enabled with the ip route-cache flow command, you can use the ip flow-export command to configure the router to export the flow cache entries to a destination (such as a system running the NetFlow Collection Engine) when flows expire. This configuration can be useful for statistics, billing, and security.
Version 5 and version 9 formats include the source and destination AS addresses and source and destination prefix masks. Also, version 9 includes BGP next hop information. Because this change might appear on your router as a maintenance release, support for version 1 format is maintained with the version 1 keyword.
Caution
For more information on version 1 and version 5 data format, see the "NetFlow Data Format" section in the "Configuring NetFlow Switching" chapter of the Cisco IOS Switching Services Configuration Guide. For more information on version 9 data format, see the Cisco IOS NetFlow Version 9 Flow-Record Format white paper.
Examples
The following example shows how to configure the router to export the NetFlow cache entry to UDP port 125 on the workstation at 134.22.23.7 when the flow expires using version 1 format:
Router(config)# ip flow-export 134.22.23.7 125The following example shows how to configure the router to export the NetFlow cache entry to UDP port 2048 on the workstation at 134.22.23.7 when the flow expires using version 5 format and includes the peer AS information:
Router(config)# ip flow-export 134.22.23.7 2048 version 5 peer-asRelated Commands
show ip cache flow aggregation
To display the NetFlow accounting aggregation cache statistics, use the show ip cache flow aggregation command in user EXEC or privileged EXEC mode.
show ip cache [prefix mask] [type number] [verbose] flow aggregation {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is a sample display of an autonomous system aggregation cache with the show ip cache flow aggregation as command:
Router# show ip cache flow aggregation asIP Flow Switching Cache, 278544 bytes2 active, 4094 inactive, 13 added178 ager polls, 0 flow alloc failuresSrc If Src AS Dst If Dst AS Flows Pkts B/Pk ActiveFa1/0 0 Null 0 1 2 49 10.2Fa1/0 0 Se2/0 20 1 5 100 0.0The following is a sample display of an autonomous system aggregation cache for the prefix mask 10.0.0.1 255.0.0.0 with the show ip cache flow aggregation as command:
Router# show ip cache 10.0.0.1 255.0.0.0 flow aggregation asIP Flow Switching Cache, 278544 bytes2 active, 4094 inactive, 13 added178 ager polls, 0 flow alloc failuresSrc If Src AS Dst If Dst AS Flows Pkts B/Pk Activee1/2 0 Null 0 1 2 49 10.2e1/2 0 e1/2 20 1 5 100 0.0The following is a sample display of an autonomous system aggregation cache for 10.0.0.1 255.0.0.0 Ethernet1/2 with the show ip cache verbose flow aggregation as command:
Router# show ip cache 10.0.0.1 255.0.0.0 e1/2 verbose flow aggregation asIP Flow Switching Cache, 278544 bytes2 active, 4094 inactive, 13 added178 ager polls, 0 flow alloc failuresSrc If Src AS Dst If Dst AS Flows Pkts B/Pk Activee1/2 0 Null 0 1 2 49 10.2e1/2 0 e1/2 20 1 5 100 0.0The following is a sample display of an autonomous system ToS aggregation cache with the show ip cache verbose flow aggregation as-tos command:
Router# show ip cache verbose flow aggregation as-tosIP Flow Switching Cache, 278544 bytes4 active, 4092 inactive, 103 added1609 ager polls, 0 flow alloc failuresSrc If Src AS Dst If Dst AS TOS Flows Pkts B/Pk ActiveEt1/2 50 Fd4/0 40 CC 1 3568 28 17.8Et1/2 0 Fd4/0 40 C0 15 17K 28 17.8Et1/1 50 Fd4/0 40 55 1 3748 28 17.8Fd4/0 0 Null 0 C0 1 2 49 0.9The following is a sample display of a protocol port ToS aggregation cache with the show ip cache verbose flow aggregation protocol-port-tos command:
Router# show ip cache verbose flow aggregation protocol-port-tosIP Flow Switching Cache, 278544 bytes4 active, 4092 inactive, 102 added1584 ager polls, 0 flow alloc failuresProt Src If SrcPort Dst If DstPort TOS Flows Pkts B/Pk Active0x01 Et1/2 0000 Fd4/0 0000 C0 15 17K 28 17.80x01 Et1/2 0000 Fd4/0 0000 CC 1 3568 28 17.80x01 Et1/1 0000 Fd4/0 0000 55 1 3748 28 17.80x06 Fd4/0 00B3 Null 2AF9 C0 1 2 49 0.9The following is a sample display of a source prefix ToS aggregation cache with the show ip cache verbose flow aggregation source-prefix-tos command:
Router# show ip cache verbose flow aggregation source-prefix-tosIP Flow Switching Cache, 278544 bytes4 active, 4092 inactive, 105 added1683 ager polls, 0 flow alloc failuresSrc If Src Prefix Msk AS TOS Flows Pkts B/Pk ActiveEt1/1 52.0.0.0 /8 50 55 1 3748 28 17.8Et1/2 52.0.0.0 /8 50 CC 1 3568 28 17.8Et1/2 0.0.0.0 /0 0 C0 15 17K 28 17.8Fd4/0 20.20.20.1 /32 0 C0 1 2 49 0.9The following is a sample display of a destination prefix ToS aggregation cache with the show ip cache verbose flow aggregation destination-prefix-tos command:
Router# show ip cache verbose flow aggregation destination-prefix-tosIP Flow Switching Cache, 278544 bytes4 active, 4092 inactive, 86 added1480 ager polls, 0 flow alloc failuresDst If Dst Prefix Msk AS TOS Flows Pkts B/Pk ActiveLocal 31.31.31.1 /32 0 C0 1 2 49 0.9Fd4/0 42.0.0.0 /8 40 55 1 3748 28 17.8Fd4/0 42.0.0.0 /8 40 CC 1 3568 28 17.8Fd4/0 42.0.0.0 /8 40 C0 15 17K 28 17.8The following is a sample display of a prefix ToS aggregation cache with the show ip cache verbose flow aggregation prefix-tos command:
Router# show ip cache verbose flow aggregation prefix-tosIP Flow Switching Cache, 278544 bytes4 active, 4092 inactive, 4 added14 ager polls, 0 flow alloc failuresSrc If Src Prefix Dst If Dst Prefix TOS Flows PktsMsk AS Msk AS B/Pk ActiveEt1/2 0.0.0.0 Fd4/0 42.0.0.0 C0 15 3933/0 0 /8 40 28 3.9Et1/1 52.0.0.0 Fd4/0 42.0.0.0 55 1 826/8 50 /8 40 28 3.9Et1/2 52.0.0.0 Fd4/0 42.0.0.0 CC 1 787/8 50 /8 40 28 3.9The following is a sample display of a prefix port aggregation cache with the show ip cache verbose flow aggregation prefix-port command:
Router# show ip cache verbose flow aggregation prefix-portIP Flow Switching Cache, 278544 bytes4 active, 4092 inactive, 105 added1679 ager polls, 0 flow alloc failuresSrc If Src Prefix Dst If Dst Prefix TOS Flows PktsPort Msk Port Msk Pr B/Pk ActiveFd4/0 20.20.20.1 Local 31.31.31.1 C0 1 200B3 /32 2AF9 /32 06 49 0.9Et1/2 0.0.0.0 Fd4/0 42.0.0.0 C0 15 17K0000 /0 0000 /8 01 28 17.8Et1/1 52.0.0.0 Fd4/0 42.0.0.0 55 1 37480000 /8 0000 /8 01 28 17.8Et1/2 52.0.0.0 Fd4/0 42.0.0.0 CC 1 35680000 /8 0000 /8 01 28 17.8Table 3 describes the significant fields shown in the output of the show ip cache verbose flow aggregation command.
Related Commands
show ip cache verbose flow
To display a detailed summary of the NetFlow accounting statistics, use the show ip cache verbose flow command in user EXEC or privileged EXEC mode.
show ip cache verbose flow
Syntax Description
This command has no keywords or arguments.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Use the show ip cache verbose flow command to display flow record fields in the NetFlow cache in addition to the fields that are displayed with the show ip cache flow command. The values in the additional fields that are shown depend on the NetFlow features that are enabled and the flags that are set in the flow.
Note
Some of the content in the display of the show ip cache verbose flow command uses multiline headings and multiline data fields. Figure 1 shows how to associate the headings with the correct data fields when there are two lines of headings and two lines of data fields. The first line of the headings is associated with the first line of data fields. The second line of the headings is associated with the second line of data fields.
When other features such as IP Multicast are configured, the number of lines in the headings and data fields increases. The method for associating the headings with the correct data fields remains the same.
Figure 1 How to Use the Multiline Headings and Multiline Data Fields in the Display Output from the show ip cache verbose flow Command
NetFlow Multicast Support
When the NetFlow Multicast Support feature is enabled, the show ip cache verbose flow command displays the number of replicated packets and the packet byte count for NetFlow multicast accounting. When you configure the NetFlow Version 9 Export Format feature, this command displays additional NetFlow fields in the header.
MPLS-aware NetFlow
When you configure the MPLS-aware NetFlow feature, you can use the show ip cache verbose flow command to display both the IP and MPLS portions of MPLS flows in the NetFlow cache on a router line card. To display only the IP portion of the flow record in the NetFlow cache when MPLS-aware NetFlow is configured, use the show ip cache flow command.
NetFlow BGP Nexthop
The NetFlow bgp-nexthop command can be configured when either the Version 5 export format or the Version 9 export format is configured. The following caveats apply to the bgp-nexthop command:
•
•
Displaying Detailed NetFlow Cache Information on Platforms Running Distributed Cisco Express Forwarding
On platforms running Distributed Cisco Express Forwarding (dCEF), NetFlow cache information is maintained on each line card or Versatile Interface Processor. If you want to use the show ip cache verbose flow command to display this information on a distributed platform, you must enter the command at a line card prompt.
Cisco 7500 Series Platform
To display detailed NetFlow cache information on a Cisco 7500 series router that is running distributed dCEF, enter the following sequence of commands:
Router# if-con slot-numberLC-slot-number# show ip cache verbose flowFor Cisco IOS Releases 12.3(4)T, 12.3(6), and 12.2(20)S and later, enter the following command to display detailed NetFlow cache information:
Router# execute-on slot-number show ip cache verbose flowCisco 12000 Series Platform
To display detailed NetFlow cache information on a Cisco 12000 Series Internet Router, enter the following sequence of commands:
Router# attach slot-numberLC-slot-number# show ip cache verbose flowFor Cisco IOS Releases 12.3(4)T, 12.3(6), and 12.2(20)S and later, enter the following command to display detailed NetFlow cache information:
Router# execute-on slot-number show ip cache verbose flowExamples
The following example shows output from the show ip cache verbose flow command:
Router# show ip cache verbose flowIP packet size distribution (25229 total packets):1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.000 .000 .000 .206 .793 .000 .000 .000 .000 .000 .000The preceding output shows the percentage distribution of packets by size. In this display, 20.6 percent of the packets fall in the 1024-byte size range and 79.3 percent fall in the 1536-byte range.
The next section of the output can be divided into three sections. The section and the table corresponding to each are as follows:
•
•
•
IP Flow Switching Cache, 278544 bytes6 active, 4090 inactive, 17 added505 ager polls, 0 flow alloc failuresActive flows timeout in 1 minutesInactive flows timeout in 10 secondsIP Sub Flow Cache, 25736 bytes12 active, 1012 inactive, 39 added, 17 added to flow0 alloc failures, 0 force free1 chunk, 1 chunk addedlast clearing of statistics neverProtocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow /FlowTCP-Telnet 1 0.0 362 940 2.7 60.2 0.0TCP-FTP 1 0.0 362 840 2.7 60.2 0.0TCP-FTPD 1 0.0 362 840 2.7 60.1 0.1TCP-SMTP 1 0.0 361 1040 2.7 60.0 0.1UDP-other 5 0.0 1 66 0.0 1.0 10.6ICMP 2 0.0 8829 1378 135.8 60.7 0.0Total: 11 0.0 1737 1343 147.0 33.4 4.8SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveEt0/0.1 10.251.138.218 Et1/0.1 172.16.10.2 06 80 00 650015 /0 0 0015 /0 0 0.0.0.0 840 10.8MAC: (VLAN id) aaaa.bbbb.cc03 (005) aaaa.bbbb.cc06 (006)Min plen: 840 Max plen: 840Min TTL: 59 Max TTL: 59IP id: 0Et0/0.1 172.16.6.1 Et1/0.1 172.16.10.2 01 00 00 48800000 /0 0 0000 /0 0 0.0.0.0 1354 20.1MAC: (VLAN id) aaaa.bbbb.cc03 (005) aaaa.bbbb.cc06 (006)Min plen: 772 Max plen: 1500Min TTL: 255 Max TTL: 255ICMP type: 0 ICMP code: 0IP id: 2943 FO: 185Et0/0.1 10.10.13.1 Et1/0.1 172.16.10.2 06 80 00 650017 /0 0 0017 /0 0 0.0.0.0 940 10.8MAC: (VLAN id) aaaa.bbbb.cc03 (005) aaaa.bbbb.cc06 (006)Min plen: 940 Max plen: 940Min TTL: 59 Max TTL: 59IP id: 0Et0/0.1 10.89.38.215 Et1/0.1 172.16.10.2 06 80 00 650014 /0 0 0014 /0 0 0.0.0.0 840 10.8MAC: (VLAN id) aaaa.bbbb.cc03 (005) aaaa.bbbb.cc06 (006)Min plen: 840 Max plen: 840Min TTL: 59 Max TTL: 59IP id: 0Et0/0.1 10.10.14.1 Et1/0.1 172.16.10.2 06 80 00 660019 /0 0 0019 /0 0 0.0.0.0 1040 11.0MAC: (VLAN id) aaaa.bbbb.cc03 (005) aaaa.bbbb.cc06 (006)Min plen: 1040 Max plen: 1040Min TTL: 59 Max TTL: 59IP id: 0Et0/0.1 172.16.6.1 Et1/0.1 172.16.10.2 01 00 10 9750000 /0 0 0800 /0 0 0.0.0.0 1500 20.1MAC: (VLAN id) aaaa.bbbb.cc03 (005) aaaa.bbbb.cc06 (006)Min plen: 1500 Max plen: 1500Min TTL: 255 Max TTL: 255ICMP type: 8 ICMP code: 0IP id: 2944Et0/0.1 10.106.1.1 Et1/0.1 172.16.10.2 01 00 00 19500000 /0 0 0000 /0 0 0.0.0.0 1354 8.6MAC: (VLAN id) aaaa.bbbb.cc03 (005) aaaa.bbbb.cc06 (006)Min plen: 772 Max plen: 1500Min TTL: 59 Max TTL: 59ICMP type: 0 ICMP code: 0IP id: 13499 FO: 185R3#Table 4 describes the significant fields shown in the NetFlow cache section of the output.
Table 5 describes the significant fields shown in the activity by protocol section of the output.
Table 5 Field Descriptions in the Activity by Protocol Section of the Output
Protocol
IP protocol and the well-known port number. (Refer to http://www.iana.org, Protocol Assignment Number Services, for the latest RFC values.)
Note
Total Flows
Number of flows in the cache for this protocol since the last time the statistics were cleared.
Flows/Sec
Average number of flows for this protocol per second; equal to the total flows divided by the number of seconds for this summary period.
Packets/Flow
Average number of packets for the flows for this protocol; equal to the total packets for this protocol divided by the number of flows for this protocol for this summary period.
Bytes/Pkt
Average number of bytes for the packets for this protocol; equal to the total bytes for this protocol divided by the total number of packets for this protocol for this summary period.
Packets/Sec
Average number of packets for this protocol per second; equal to the total packets for this protocol divided by the total number of seconds for this summary period.
Active(Sec)/Flow
Number of seconds from the first packet to the last packet of an expired flow divided by the number of total flows for this protocol for this summary period.
Idle(Sec)/Flow
Number of seconds observed from the last packet in each nonexpired flow for this protocol until the time at which the show ip cache verbose flow command was entered divided by the total number of flows for this protocol for this summary period.
Table 6 describes the significant fields in the NetFlow record section of the output.
Table 6 Field Descriptions for the NetFlow Record Section of the Output
SrcIf
Interface on which the packet was received.
Port Msk AS
Source port number (displayed in hexadecimal format), IP address mask, and autonomous system number. The value of this field is always set to 0 in MPLS flows.
SrcIPaddress
IP address of the device that transmitted the packet.
DstIf
Interface from which the packet was transmitted.
Note
Port Msk AS
Destination port number (displayed in hexadecimal format), IP address mask, and autonomous system. This is always set to 0 in MPLS flows.
DstIPaddress
IP address of the destination device.
NextHop
The BGP next-hop address. This is always set to 0 in MPLS flows.
Pr
IP protocol "well-known" port number, displayed in hexadecimal format. (Refer to http://www.iana.org, Protocol Assignment Number Services, for the latest RFC values.)
ToS
Type of service, displayed in hexadecimal format.
B/Pk
Average number of bytes observed for the packets seen for this protocol.
Flgs
TCP flags, shown in hexadecimal format (result of bitwise OR of TCP flags from all packets in the flow).
Pkts
Number of packets in this flow.
Active
Time the flow has been active.
MAC
Source and destination MAC addresses from the Layer 2 frames in the flow.
VLAN id
Source and destination VLAN IDs from the Layer 2 frames in the flow.
Min plen
Minimum packet length for the packets in the flows.
Note
Max plen
Maximum packet length for the packets in the flows.
Note
Min TTL
Minimum Time-To-Live (TTL) for the packets in the flows.
Note
Max TTL
Maximum TTL for the packets in the flows.
Note
IP id
IP identifier field for the packets in the flow.
ICMP type
Internet Control Message Protocol (ICMP) type field from the ICMP datagram in the flow.
ICMP code
ICMP code field from the ICMP datagram in the flow.
FO
This is the value of the fragment offset field from the first fragmented datagram in the second flow.
The value is: 185
The following example shows the NetFlow output of the show ip cache verbose flow command in which the sampler, class-id, and general flags are set. What is displayed for a flow depends on what flags are set in the flow. If the flow was captured by a sampler, the output shows the sampler ID. If the flow was marked by Modular QoS CLI (MQC), the display includes the class ID. If any general flags are set, the output includes the flags.
Router# show ip cache verbose flowSrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveBGP: BGP NextHopEt1/0 10.8.8.8 Et0/0* 10.9.9.9 01 00 10 30000 /8 302 0800 /8 300 10.3.3.3 100 0.1BGP: 2.2.2.2 Sampler: 1 Class: 1 FFlags: 01Table 7 describes the significant fields shown in the NetFlow output for a sampler, for an MQC policy class, and for general flags.
The following example shows the NetFlow output for the show ip cache verbose flow command when NetFlow BGP next-hop accounting is enabled:
Router# show ip cache verbose flow...SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveBGP:BGP_NextHopEt0/0/2 10.0.0.2 Et0/0/4 10.0.0.5 01 00 10 200000 /8 0 0800 /8 0 10.0.0.6 100 0.0BGP:26.0.0.6Et0/0/2 10.0.0.2 Et0/0/4 10.0.0.7 01 00 10 200000 /8 0 0800 /8 0 10.0.0.6 100 0.0BGP:26.0.0.6Et0/0/2 10.0.0.2 Et0/0/4 10.0.0.7 01 00 10 200000 /8 0 0000 /8 0 10.0.0.6 100 0.0BGP:26.0.0.6Table 8 describes the significant fields shown in the NetFlow BGP next-hop accounting lines of the output.
Table 8 show ip cache verbose flow Field Descriptions in NetFlow BGP Next-Hop Accounting Output
BGP:BGP_NextHop
Destination address for the BGP next hop
The following example shows the NetFlow output for the show ip cache verbose flow command when NetFlow multicast accounting is configured:
Router# show ip cache verbose flow...SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActiveIPM:OPkts OBytesIPM: 0 0Et1/1/1 10.0.0.1 Null 192.168.1.1 01 55 10 1000000 /8 0 0000 /0 0 0.0.0.0 28 0.0IPM: 100 2800Et1/1/1 10.0.0.1 Se2/1/1.16 192.168.1.1 01 55 10 1000000 /8 0 0000 /0 0 0.0.0.0 28 0.0IPM: 0 0Et1/1/2 10.0.0.1 Et1/1/4 192.168.2.2 01 55 10 1000000 /8 0 0000 /0 0 0.0.0.0 28 0.1Et1/1/2 10.0.0.1 Null 192.168.2.2 01 55 10 1000000 /8 0 0000 /0 0 0.0.0.0 28 0.1IPM: 100 2800Table 9 describes the significant fields shown in the NetFlow multicast accounting lines of the output.
The following example shows the output for both the IP and MPLS sections of the flow record in the NetFlow cache when MPLS-aware NetFlow is enabled:
Router# show ip cache verbose flow...SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs PktsPort Msk AS Port Msk AS NextHop B/Pk ActivePO3/0 10.1.1.1 PO5/1 10.2.1.1 01 00 10 90100 /0 0 0200 /0 0 0.0.0.0 100 0.0Pos:Lbl-Exp-S 1:12305-6-0 (LDP/10.10.10.10) 2:12312-6-1Table 10 describes the significant fields for the IP and MPLS sections of the flow record in the output.
Related Commands
Glossary
BGP—Border Gateway Protocol. Interdomain routing protocol that replaces exterior border gateway protocol (EBGP). BGP exchanges reachability information with other BGP systems. It is defined by RFC 1163.
BGP next hop—IP address of the next hop to be used to reach a specific destination.
CEF—Cisco Express Forwarding. Layer 3 IP switching technology that optimizes network performance and scalability for networks with large and dynamic traffic patterns.
dCEF—distributed Cisco Express Forwarding. Type of CEF switching in which line cards (such as VIP line cards) maintain an identical copy of the forwarding information base (FIB) and adjacency tables. The line cards perform the express forwarding between port adapters; this relieves the route/switch processor of involvement in switching.
fast switching—Cisco feature in which a route cache expedites packet switching through a router.
FIB—forwarding information base. Table containing the information needed to forward IP datagrams. At a minimum, this table contains the interface identifier and next hop information for each reachable destination network prefix. The FIB is distinct from the routing table (also called the routing information base), which holds all routing information received from routing peers.
flow—Set of packets with the same source IP address, destination IP address, source and destination ports, and type of service, and the same interface on which flow is monitored. Ingress flows are associated with the input interface, and egress flows are associated with the output interface.
NetFlow—Cisco IOS acceleration and accounting feature that maintains per-flow information.
NetFlow Aggregation—A NetFlow feature that lets you summarize NetFlow export data on an IOS router before the data is exported to a NetFlow data collection system such as the NetFlow FlowCollector. This feature lowers bandwidth requirements for NetFlow export data and reduces platform requirements for NetFlow data collection devices.
NetFlow Collection Engine (formerly NetFlow FlowCollector)—Cisco application that is used with NetFlow on Cisco routers and Catalyst 5000 series switches. The NetFlow Collection Engine collects packets from the router that is running NetFlow and decodes, aggregates, and stores them. You can generate reports on various aggregations that can be set up on the NetFlow Collection Engine.
NetFlow v9—NetFlow export format Version 9. A flexible and extensible means to carry NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.
ToS—type of service byte. Second byte in the IP header that indicates the desired quality of service for a particular datagram.
Note
© 2003- 2005 Cisco Systems, Inc. All rights reserved.
