Guest

Cisco IOS Software Releases 12.2 S

NetFlow Subinterface Support

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

NetFlow Subinterface Support

Feature Overview

What Is NetFlow?

Benefits

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Enabling NetFlow on a Subinterface

Enabling NetFlow on an Interface

Managing NetFlow Statistics

Verifying NetFlow Statistics on a Subinterface

Monitoring and Maintaining NetFlow Subinterfaces

Configuration Examples

Enabling NetFlow on a Subinterface Example

Enabling NetFlow on an Interface Example

Command Reference

ip flow ingress

show ip interface

Glossary


NetFlow Subinterface Support

Feature History

Release
Modification

12.2(14)S

This feature was introduced.

12.2(15)T

This feature was integrated into Cisco IOS Release 12.2 T.


This document describes the NetFlow Subinterface Support feature and includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Monitoring and Maintaining NetFlow Subinterfaces

Configuration Examples

Command Reference

Glossary

Feature Overview

The NetFlow Subinterface Support feature provides the ability to enable NetFlow on a per-subinterface basis. In a scenario in which your network contains thousands of subinterfaces and you want to collect export records from only a few subinterfaces, you can fine-tune your collection of data to only specified subinterfaces. The result is lower bandwidth requirements for NetFlow Data Export (NDE) and reduced platform requirements for NetFlow data-collection devices.

Using the NetFlow Subinterface Support feature, you can enable NetFlow on selected subinterfaces using the ip flow ingress command. If you configure the ip flow ingress command on a few selected subinterfaces and then configure the ip route-cache flow command on the main interface, enabling the main interface will overwrite the ip flow ingress command and data collection will start from the main interface as well as all the subinterfaces. In a scenario in which you configure the ip flow ingress command and then configure the ip route-cache flow command on the main interface, you can restore subinterface data collection by using the no ip route-cache flow command. This configuration will disable data collection from the main interface and restore data collection to the subinterfaces you originally configured with the ip flow ingress command.

What Is NetFlow?

NetFlow allows you to collect traffic flow statistics on your routing devices. NetFlow is based on identifying packet flows for ingress IP packets. It does not involve any connection-setup protocol either between routers or to any other networking device or end station and does not require any change externally—either to the traffic or packets themselves or to any other networking device. NetFlow is completely transparent to the existing network, including end stations and application software and network devices such as LAN switches. Also, NetFlow performs independently on each internetworking device; it need not be operational on each router in the network. Using NDE, you can export data to a remote workstation for data collection and further processing. Network planners can selectively invoke NDE on a router or on a per-subinterface basis to gain traffic performance, control, or accounting benefits in specific network locations.

Benefits

The NetFlow Subinterface Support feature provides the following benefits:

Reduced bandwidth requirement—NetFlow subinterface support reduces the bandwidth required between routing devices and NetFlow management workstations.

Reduced NetFlow workstation requirements—NetFlow subinterfaces support reduces the amount of flows sent to the workstation for processing.

Related Documents

Cisco IOS Command Reference Master Index, Release 12.2

Cisco IOS Switching Services Command Reference, Release 12.2

Cisco IOS Switching Services Configuration Guide, Release 12.2

NetFlow Minimum Prefix Mask for Router-Based Aggregation, Cisco IOS Release 12.1(2)T new feature document

NetFlow Performance Analysis white paper 

NetFlow Services Solutions Guide 

NetFlow ToS-Based Router Aggregation, Cisco IOS Release 12.1(4)T new feature document

Network Data Analyzer Installation and User Guide, Release 3.0

Release Notes for FlowCollector, Release 3.0

Release Notes for Network Data Analyzer, Release 3.0

Sampled NetFlow, Cisco IOS Release 12.0(11)S new feature document

Supported Platforms

Cisco 7200 series

Cisco 7400 series

Cisco 7500 series

Determining Platform Support Through Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Availability of Cisco IOS Software Images

Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.

Supported Standards, MIBs, and RFCs

Standards

None

MIBs

No new or modified MIBS are supported by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

RFCs

None

Prerequisites

We recommend you configure NetFlow on the main interface if you are already collecting data from the majority of its subinterfaces. If NetFlow is not configured on the main interface, NetFlow will perform additional checks for the status of each subinterface that will require more CPU processing time and bandwidth.

Configuration Tasks

See the following sections for the configuration tasks for the NetFlow Subinterface Support feature. Each task in the list is identified as either required or optional.

Enabling NetFlow on a Subinterface (required)

Enabling NetFlow on an Interface (optional)

Managing NetFlow Statistics (optional)

Verifying NetFlow Statistics on a Subinterface (optional)

Enabling NetFlow on a Subinterface

To enable NetFlow on a subinterface, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# interface type/slot.subinterface-number

Selects the subinterface on which to enable NetFlow.

Step 2 

Router(config-subif)# ip flow ingress

Enables NetFlow on a subinterface.

Enabling NetFlow on an Interface

To enable NetFlow on an interface, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# interface type/slot

Selects the interface on which to enable NetFlow.

Step 2 

Router(config-if)# ip route-cache flow

Enables NetFlow on a main interface.

Managing NetFlow Statistics

You can display and clear NetFlow statistics. NetFlow statistics consist of IP packet size distribution, IP flow switching cache information, and flow information such as the protocol, total flow, flows per second, and so on. The resulting information can be used to determine information about your router traffic. To manage NetFlow statistics, use the following commands in privileged EXEC mode as needed:

Command
Purpose

Router# show ip cache flow

Displays the NetFlow statistics.

Router# clear ip flow stats

Clears the NetFlow statistics.


Verifying NetFlow Statistics on a Subinterface

To display NetFlow statistics on a subinterface, use the following commands in global configuration mode:

Command
Purpose

Router# show ip cache flow

Displays NetFlow statistics on an interface.

Router# show ip interface

Displays the usability status of interfaces configured for IP.


Monitoring and Maintaining NetFlow Subinterfaces

To view the configured NetFlow subinterface, use the following show commands in EXEC mode as needed:

Command
Purpose

Router# show ip cache flow

Displays the cache configuration.

Router# show ip flow export

Displays the cache flow statistics.

Router# show ip interface

Displays the usability status of interfaces configured for IP.


Configuration Examples

This section provides the following configuration examples:

Enabling NetFlow on a Subinterface Example

Enabling NetFlow on an Interface Example

Enabling NetFlow on a Subinterface Example

The following configuration example shows how to configure NetFlow on Fast Ethernet subinterface 6/3.0: 

Router(config)# interface FastEthernet6/3.0

Router(config-subif)# ip flow ingress

Enabling NetFlow on an Interface Example

Router(config)# interface 6/3

Router(config-if)# ip route-cache flow

Command Reference

This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

ip flow ingress

show ip interface

ip flow ingress

To configure NetFlow on a subinterface, use the ip flow ingress command in subinterface configuration mode. To disable NetFlow on a subinterface, use the no form of this command.

ip flow ingress

no ip flow ingress

Syntax Description

This command has no arguments or keywords.

Defaults

This command is not configured by default.

Command Modes

Subinterface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2 T.


Usage Guidelines

If you configure the ip flow ingress command on a few selected subinterfaces and then configure the ip route-cache flow command on the main interface, enabling the main interface will overwrite the ip flow ingress command and data collection will start from the main interface as well as all the subinterfaces. In a scenario in which you configure the ip flow ingress command and then configure the ip route-cache flow command on the main interface, you can restore subinterface data collection by using the no ip route-cache flow command. This configuration will disable data collection from the main interface and restore data collection to the subinterfaces you originally configured with the ip flow ingress command.

Examples

The following example shows how to configure NetFlow on a Fast Ethernet subinterface 6/3.0: 

Router(config)# interface FastEthernet6/3.0

Router(config-subif)# ip flow ingress

Related Commands

Command
Description

ip route-cache flow

Enables NetFlow for IP routing.

show ip cache flow

Displays a summary of NetFlow statistics.

show ip interface

Displays the usability status of interfaces configured for IP.


show ip interface

To display the usability status of interfaces configured for IP, use the show ip interface command in EXEC mode.

show ip interface [type number]

Syntax Description

type

(Optional) Interface type.

number

(Optional) Interface number.


Command Modes

EXEC

Command History

Release
Modification

10.0

This command was introduced.

12.0(3)T

This command was expanded to include the status of ip wccp redirect out and ip wccp redirect exclude add in commands.

12.2(14)S

This command was expanded to display the status of NetFlow on a subinterface.

12.2(15)T

The command output enhancements introduced in Cisco IOS Release 12.2(14)S were integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

The Cisco IOS software automatically enters a directly connected route in the routing table if the interface is usable. A usable interface is one through which the software can send and receive packets. If the software determines that an interface is not usable, it removes the directly connected routing entry from the routing table. Removing the entry allows the software to use dynamic routing protocols to determine backup routes to the network, if any.

If the interface can provide two-way communication, the line protocol is marked "up." If the interface hardware is usable, the interface is marked "up."

If you specify an optional interface type, you will see only information on that specific interface.

If you specify no optional arguments, you will see information on all the interfaces.

When an asynchronous interface is encapsulated with PPP or Serial Line Internet Protocol (SLIP), IP fast switching is enabled. A show ip interface command on an asynchronous interface encapsulated with PPP or SLIP displays a message indicating that IP fast switching is enabled.

Examples

The following is sample output from the show ip interface command: 

Router# show ip interface


Ethernet0 is up, line protocol is up

  Internet address is 192.195.78.24, subnet mask is 255.255.255.240

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1500 bytes

  Helper address is not set

  Secondary address 131.192.115.2, subnet mask 255.255.255.0

  Directed broadcast forwarding is enabled

  Multicast groups joined: 224.0.0.1 224.0.0.2

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is enabled

  IP CEF switching is enabled

  IP Subif flow switching turbo vector

  IP multicast fast switching is enabled

  IP route-cache flags are Fast, Flow init, CEF, Ingress Flow

  IP SSE switching is disabled

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  Probe proxy name replies are disabled

  WCCP Redirect outbound is enabled

	  WCCP Redirect exclude is disabled

Table 1 describes the significant fields shown in the display.

Table 1 show ip interface Field Descriptions 

Field
Description

Ethernet0 is up

If the interface hardware is usable, the interface is marked "up." For an interface to be usable, both the interface hardware and line protocol must be up.

line protocol is up

If the interface can provide two-way communication, the line protocol is marked "up." For an interface to be usable, both the interface hardware and line protocol must be up.

Internet address and subnet mask

IP Internet address and subnet mask of the interface.

Broadcast address

Displays the broadcast address.

Address determined by...

Indicates how the IP address of the interface was determined.

MTU

Displays the MTU value set on the interface.

Helper address

Displays a helper address, if one has been set.

Secondary address

Displays a secondary address, if one has been set.

Directed broadcast forwarding

Indicates whether directed broadcast forwarding is enabled.

Multicast groups joined

Indicates the multicast groups this interface is a member of.

Outgoing access list

Indicates whether the interface has an outgoing access list set.

Inbound access list

Indicates whether the interface has an incoming access list set.

Proxy ARP

Indicates whether Proxy Address Resolution Protocol (ARP) is enabled for the interface.

Security level

Specifies the IP Security Option (IPSO) security level set for this interface.

Split horizon

Indicates that split horizon is enabled.

ICMP redirects

Specifies whether redirect messages will be sent on this interface.

ICMP unreachables

Specifies whether unreachable messages will be sent on this interface.

ICMP mask replies

Specifies whether mask replies will be sent on this interface.

IP fast switching

Specifies whether fast switching has been enabled for this interface. It is generally enabled on serial interfaces, such as this one.

IP route-cache flags Fast, Flow init, CEF, Ingress Flow

Specifies whether NetFlow has been enabled on an interface. Displays "Flow init" to specify that NetFlow is enabled on the interface. Displays "Ingress Flow" to specify that NetFlow is enabled on a subinterface using the ip flow ingress command. Specifies "Flow" to specify that NetFlow is enabled on a main interface using the ip route-cache flow command.

IP SSE switching

Specifies whether IP silicon switching engine (SSE) is enabled.

Router Discovery

Specifies whether the discovery process has been enabled for this interface. It is generally disabled on serial interfaces.

IP output packet accounting

Specifies whether IP accounting is enabled for this interface and what the threshold (maximum number of entries) is.

TCP/IP header compression

Indicates whether compression is enabled or disabled.

Probe proxy name

Indicates whether HP Probe proxy name replies are generated.

WCCP Redirect outbound is enabled

Indicates the status of whether packets received on an interface are redirected to a cache engine. Displays "enabled" or "disabled."

WCCP Redirect exclude is disabled

Indicates the status of whether packets targeted for an interface will be excluded from being redirected to a cache engine. Displays "enabled" or "disabled."


Glossary

flow—A series of packets that has the same source IP address, destination IP address, protocol, TOS byte, and source and destination ports if applicable.

NetFlow—A Cisco IOS acceleration and accounting feature for maintaining per-flow data.

subinterface—A logical network layer interface over a physical interface.