50-3
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 50 Configuring NetFlow
Understanding NetFlow
The NetFlow Multicast Support document contains a prerequisite specifying that you need to configure
multicast fast switching or multicast distributed fast switching (MDFS). However, this prerequisite does
not apply when configuring NetFlow multicast support with Release 12.2(18)SXF and later releases.
NetFlow on the PFC
The NetFlow table on the PFC captures statistics for flows routed in hardware. The PFC supports
sampled NetFlow and NetFlow aggregation. The PFC does not support NetFlow ToS-based router
aggregation.
These sections describe NetFlow on the PFC in more detail:
•
Flow Masks, page 50-3
•
Flow Mask Conflicts, page 50-4
Flow Masks
A flow is a unidirectional stream of packets between a given source and a given destination. A flow mask
specifies the fields in the incoming packet that NetFlow uses to identify the flow. NetFlow gathers
statistics for each flow defined by the flow mask.
The PFC supports the following flow masks:
•
source-only—A less-specific flow mask. The PFC maintains one entry for each source IP address.
Statistics for all flows from a given source IP address aggregate into this entry.
•
destination—A less-specific flow mask. The PFC maintains one entry for each destination IP
address. Statistics for all flows to a given destination IP address aggregate into this entry.
•
destination-source—A more-specific flow mask. The PFC maintains one entry for each source and
destination IP address pair. Statistics for all flows between the same source IP address and
destination IP address aggregate into this entry.
•
destination-source-interface—A more-specific flow mask. Adds the source VLAN SNMP ifIndex to
the information in the destination-source flow mask.
•
full—A more-specific flow mask. The PFC creates and maintains a separate table entry for each IP
flow. A full entry includes the source IP address, destination IP address, protocol, and protocol ports.
•
full-interface—The most-specific flow mask. Adds the source VLAN SNMP ifIndex to the
information in the full-flow mask.
The flow mask determines the granularity of the statistics gathered, which controls the size of the
NetFlow table. The less-specific flow masks result in fewer entries in the NetFlow table and the
most-specific flow masks result in the most NetFlow entries.
For example, if the flow mask is set to source-only, the NetFlow table contains only one entry per source
IP address. The statistics for all flows from a given source are accumulated in the one entry. However, if
the flow mask is configured as full, the NetFlow table contains one entry per full flow. Many entries may
exist per source IP address, so the NetFlow table can become very large. See the
“NetFlow Configuration
Guidelines and Restrictions” section on page 50-5
for information about NetFlow table capacity.