NetFlow v9 Export Format

With this release, NetFlow can export data in NetFlow v9 (Version 9) export format. This format is flexible and extensible, which provides the versatility needed to support new fields and record types. This format accommodates new NetFlow-supported technologies such as Multicast, MPLS, NAT, and BGP next hop.

Third-party business partners who produce applications that provide NetFlow Collection Engine (formerly called NetFlow FlowCollector) or display services for NetFlow do not need to recompile their applications each time a new NetFlow technology is added. Instead, with the NetFlow v9 Export Format feature, they can use an external data file that documents the known template formats and field types.

NetFlow v9 data export supports CEF switching, dCEF switching, and fast switching.


Release	Modification
12.0(24)S	This feature was introduced.
12.3(1)	This feature was integrated into Cisco IOS Release 12.3(1), and output of the debug ip flow export command was modified to show NetFlow Version 9 information.
12.2(18)S	This feature was integrated into Cisco IOS Release 12.2(18)S.
12.2(27)SBC	This feature was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(18)SXF	This feature was integrated into Cisco IOS Release 12.2(18)SXF.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Restrictions for NetFlow Version 9 Data Export Format

Version 9 is not backward-compatible with Version 5 or Version 8. If you need Version 5 or Version 8, then you must configure Version 5 or Version 8.

Export bandwidth increases for Version 9 (because of template flowsets) versus Version 5.

The increase in overhead versus Version 5 varies with the frequency with which template flowsets are sent. With one template flowset sent per 10 export packets, the overhead is 1percent versus Version 5 export (considering only one technology being exported). With one template flowset sent for every export packet, the overhead is about 8 percent. Interleaving of various technologies also increases overhead.

The memory used depends on the data structures used to maintain template flowsets. Because this implementation does not access the NetFlow cache entry size directly, the memory used is not significant.

Version 9 slightly decreases overall performance, because generating and maintaining valid template flowsets requires additional processing.

Information About NetFlow Version 9 Data Export Format

To configure NetFlow Version 9 Data Export Format feature, you must understand the following concepts:

NetFlow Version 9

NetFlow Version 9 is a flexible and extensible means to carry NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration. In NetFlow Version 9:

•

Template descriptions are communicated from the router to the NetFlow Collection Engine.

•

Flow records are sent from the router to the NetFlow Collection Engine with minimal template information so that the NetFlow Collection Engine can relate the records to the appropriate template.

•

Version 9 is independent of the underlying transport (UDP, TCP, SCTP, and so on).

Uses of NetFlow Data

Cisco IOS NetFlow services provide network administrators with access to information about IP flows within their data networks. Exported NetFlow data can be used for a variety of purposes, including network management and planning, enterprise accounting and departmental chargebacks, ISP billing, data warehousing, and marketing.

Template-Based Flow Record Format

The main feature of NetFlow Version 9 export format is that it is template-based. A template describes a NetFlow record format and attributes of the fields (such as type and length) within the record. The router assigns each template an ID, which is communicated to the NetFlow Collection Engine along with the template description. The template ID is used for all further communication from the router to the NetFlow Collection Engine.

Flow Records

The basic output of NetFlow is a flow record. In NetFlow Version 9, a flow record follows the same sequence of fields as specified by the template definition. The template to which NetFlow flow records belong is determined by prefixing the template ID to the group of NetFlow flow records that belong to a template. A complete discussion of existing NetFlow flow-record formats is at http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm

Parts of a NetFlow Export Packet

In NetFlow Version 9, an export packet consists of the packet header and flowsets. The packet header identifies the new version and provides other information. Flowsets are of two types: a template flowset and a data flowset. The template flowset describes the fields that will be in the data flowsets (or flow records). Each data flowset contains the values or statistics of one or more flows (similar to flow records in Version 5 or Version 8, but with a flowset-specific header) that have the same template ID number. When the NetFlow Collection Engine receives a template flowset, it stores the flowset and export source address so that subsequent data flowsets that match the flowset ID and source combination are parsed according to the field definitions in the template flowset. Version 9 supports the NetFlow Collection Engine Version 4.0.

Format Flexibility

In Version 9, new formats are defined on the router and are sent to the NetFlow Collection Engine at an interval that you set. You can enable the features that you want, and the fields corresponding to those features are sent to the NetFlow Collection Engine. Determine the Appropriate Export Version for Your Requirements

NetFlow aggregation caches export data in UDP datagrams using either the Version 9 or Version 8 export format. Table 1 describes how to determine the most appropriate export format for your requirements.

Table 1 When to Select a Particular NetFlow Export Format
Export Format	Select When...
Version 9	You need a flexible and extensible format, which provides the versatility needed for support of new fields and record types. This format accommodates new NetFlow-supported technologies such as Multicast, IPv6 NetFlow, Egress NetFlow, NetFlow Layer 2 and security exports, Multiprotocol Label Switching (MPLS), and Border Gateway Protocol (BGP) next hop. Version 9 export format enables you to use the same version for main and aggregation caches, and the format is extensible, so you can use the same export format with future features.
Version 8	You need to export data from aggregation caches or you need to export data from a Catalyst 6000 series switch with a Multilayer Switch Feature Card (MSFC). You do not plan to support new features. Version 8 export format is available only for export from aggregation caches.

The NetFlow Version 9 Export Format feature was introduced in Cisco IOS Release 12.0(24)S and was integrated into Cisco IOS Release 12.3(1) and Cisco IOS Release 12.2(18)S.

NetFlow Version 9 is a flexible and extensible means for transferring NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.

Third-party business partners who produce applications that provide NetFlow Collection Engine or display services for NetFlow do not need to recompile their applications each time a new NetFlow technology is added. Instead, with the NetFlow v9 Export Format feature, they can use an external data file that documents the known template formats and field types.

The Version 8 data export format is the NetFlow export format used when the router-based NetFlow aggregation feature is enabled on Cisco IOS router platforms. The Version 8 format allows for export datagrams to contain a subset of the Version 5 export data that is based on the configured aggregation cache scheme. For example, a certain subset of the Version 5 export data is exported for the destination prefix aggregation scheme, and a different subset is exported for the source-prefix aggregation scheme.

The Version 8 export format was introduced in Cisco IOS 12.0(3)T for the Cisco IOS NetFlow Aggregation feature. An additional six aggregation schemes that also use Version 8 format were defined for the NetFlow ToS-Based Router Aggregation feature introduced in Cisco IOS 12.0(15)S and integrated into Cisco IOS Releases 12.2(4)T and 12.2(14)S.

The Version 8 datagram consists of a header with the version number (which is 8) and time stamp information, followed by one or more records corresponding to individual entries in the NetFlow cache.

Table 2 lists the NetFlow Version 8 export packet header field names and descriptions.

Table 2 NetFlow Version 8 Export Packet Header Field Names and Descriptions
Field Name	Description
Version	Flow export format version number. In this case 8.
Count	Number of export records in the datagram.
System Uptime	Number of milliseconds since the router last booted.
UNIX Seconds	Number of seconds since 0000 UTC 1970.
UNIX NanoSeconds	Number of residual nanoseconds since 0000 UTC 1970.
Flow Sequence Number	Sequence counter of total flows sent for this export stream.
Engine Type	The type of switching engine. RP = 0 and LC = 1.
Engine ID	Slot number of the NetFlow engine.
Aggregation	Type of aggregation scheme being used.
Agg Version	Aggregation subformat version number. The current value is 2.
Sampling Interval	Interval value used if Sampled NetFlow is configured.
Reserved	Zero field.

For Version 8 data exports, the maximum number of aggregated flow records and the maximum size in bytes of each UDP datagram are shown in Table 3.

Table 3 NetFlow Version 8 Aggregation Scheme, Number of Flow Records, and UDP Packet Size
Aggregation Scheme	Maximum Number of Flow Records	UDP Packet Size
BGP Autonomous System	51	1456 bytes
Destination Prefix	44	1436 bytes
Prefix	35	1428 bytes
Protocol Port	51	1456 bytes
Source Prefix	44	1436 bytes

How to Configure NetFlow Version 9 Data Export Format

Version 9 allows for interleaving of various technologies. This means that you should configure Version 9 if you need data to be exported from various technologies (such as Multicast, DoS, IPv6, BGP next hop, and so on).

See the following sections for configuration tasks for the NetFlow v9 Data Export feature. Each task in the list is identified as either required or optional.

Configuring the v9 Data Export Format for the Main Cache

This section shows how to configure v9 Data Export Format feature for the main cache. Templates (and option templates) need not be exported along with every export packet. You can export templates (and option templates) after a specific number of export packets or after a specific number of minutes (or both).

SUMMARY STEPS

DETAILED STEPS


	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enters privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip flow-export Version 9 Example: Router(config)# ip flow-export Version 9	Enables v9 data export for the main cache. Caution Entering this command on a Cisco 12000 Series Internet Router causes packet forwarding to stop for a few seconds while NetFlow reloads the route processor and line card CEF tables. To avoid interruption of service to a live network, apply this command during a change window, or include it in the startup-config file for execution during a router reboot.
Step 4	ip flow-export template refresh-rate packets Example: Router(config)# ip flow-export template refresh-rate 15	(Optional) Specifies the refresh rate in number of export packets. packets is an integer from 1 to 600. The default is 20 packets.
Step 5	ip flow-export template timeout-rate minutes Example: Router(config)# ip flow-export template timeout-rate 90	(Optional) Specifies the timeout rate in minutes. minutes is an integer from 1 to 3600. The default is 30 minutes.
Step 6	ip flow-export template options export-stats Example: Router(config)# ip flow-export template options export-stats	Specifies the options template export statistics, including how many export packets have been sent and how many flows have been exported.
Step 7	ip flow-export template options refresh-rate packets Example: Router(config)# ip flow-export template options refresh-rate 25	(Optional) Specifies the refresh rate in number of export packets. packets is an integer from 1 to 600. The default is 20 packets.
Step 8	ip flow-export template options timeout-rate minutes Example: Router(config)# ip flow-export template options timeout-rate 120	(Optional) Specifies the timeout rate in minutes. minutes is an integer from 1 to 3600. The default is 30 minutes.
Step 9	end Example: Router(config)# end	Ends the configuration session and returns to privileged EXEC mode.

Configuring the v9 Data Export Format for Aggregation Caches

You can specify the frequency of template generation for aggregation caches. This section shows how to configure v9 data export format for aggregation caches.

SUMMARY STEPS

ip flow-aggregation cache {as | as-tos | bgp-nexthop-tos | destination-prefix | destination-prefix-tos | prefix | prefix-port | prefix-tos | protocol-port | protocol-port-tos | source-prefix | source-prefix-tos}

DETAILED STEPS


	Command	Purpose
Step 1	enable Example: Router> enable	Enters privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip flow-aggregation cache {as \| as-tos \| bgp-nexthop-tos \| destination-prefix \| destination-prefix-tos \| prefix \| prefix-port \| prefix-tos \| protocol-port \| protocol-port-tos \| source-prefix \| source-prefix-tos} Example: Router(config)# ip flow-aggregation cache as	Specifies the aggregation cache scheme and enables aggregation cache configuration mode.
Step 4	export Version 9 Example: Router(config-flow-cache)# export Version 9	Specifies v9 data export for aggregation caches.
Step 5	export template refresh-rate packets Example: Router(config-flow-cache)# export template refresh-rate 10	(Optional) Specifies the refresh rate in number of export packets. packets is an integer from 1 to 600. The default is 20 packets.
Step 6	export template timeout-rate minutes Example: Router(config-flow-cache)# export template timeout-rate 60	(Optional) Specifies the timeout rate in minutes. minutes is an integer from 1 to 3600. The default is 30 minutes.
Step 7	enabled Example: Router(config-flow-cache)# enabled	Enables aggregation caches.
Step 8	end Example: Router(config-flow-cache)# end	Ends the configuration session and returns to privileged EXEC mode.

Verifying the Configuration

This section shows how to verify successful configuration of NetFlow v9 data export format.

SUMMARY STEPS

DETAILED STEPS


	Command	Purpose
Step 1	show ip cache verbose flow Example: Router> show ip cache verbose flow	Displays additional NetFlow fields in the header when NetFlow v9 data export is configured.
Step 2	show ip flow export Example: Router> show ip flow export	Displays the statistics for the NetFlow data export, including the main cache and all other enabled caches.
Step 3	show ip flow export template Example: Router> show ip flow export template	Displays the statistics for the NetFlow data export (such as template timeout and refresh rate) for the template-specific configurations.

Troubleshooting Tips

Use the debug ip flow export command to display debugging output for NetFlow v9 Data Export Format.

Configuration Examples for NetFlow Version 9 Data Export

Configuring Version 9 Data Export for the Main Cache: Example

Configuring Version 9 Data Export for Aggregation Caches: Example

The following example shows how to configure Version 9 data export for an autonomous system (AS) aggregation cache scheme:

Additional References

Related Documents


Related Topic	Document Title
NetFlow	Cisco IOS Switching Services Configuration Guide Cisco IOS Switching Services Command Reference, Release 12.3 Cisco IOS Command Reference Master Index, Release 12.3
NetFlow Version 9 export format	NetFlow Version 9 Flow-Record Format white paper
Description of an actual customer deployment of NetFlow services within an IP network	NetFlow Services for an Enterprise Network integrated solutions document (ISD)
IP multicast routing	"IP Multicast" part in the Cisco IOS IP Configuration Guide, Release 12.2
NetFlow Minimum Prefix Mask For Router-Based Aggregation feature	NetFlow Minimum Prefix Mask for Router-Based Aggregation feature module, Release 12.1(3)T
NetFlow ToS-Based Router Aggregation feature	NetFlow ToS-Based Router Aggregation feature module, Release 12.1(3)T
Sampled NetFlow feature	Sampled NetFlow feature module, Release 12.0(26)S
Cisco CNS NetFlow Collection Engine (formerly called NetFlow FlowCollector)	Cisco CNS NetFlow Collection Engine Installation and User Guide, Release 4.0 Documentation Updates for Cisco CNS NetFlow Collection Engine, Release 4.0 Release Notes for Cisco CNS NetFlow Collection Engine, Release 4.0
NetFlow Data Analyzer	Network Data Analyzer Installation and User Guide, Release 3.0 Release Notes for Network Data Analyzer, Release 3.0
NetFlow performance test results	NetFlow Performance Analysis white paper

Standards

MIBs

RFCs

MIB	MIBs Link
• •	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

Technical Assistance

Command Reference

debug ip flow export

Description	Link
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/techsupport

To enable debugging output for NetFlow data export, use the debug ip flow export command in user EXEC or privileged EXEC mode. To disable debugging output for NetFlow data export, use the no form of this command.

Syntax Description

Command Default

Command Modes

Command History


Release	Modification
12.0(1)	This command was introduced.
12.3(1)	Debugging output for NetFlow v9 data export was added.
12.3(7)T	This command was modified so that NetFlow v9 data is collected for both IPv4 and IPv6.
12.2(18)S	This command was integrated into Cisco IOS Release 12.2(18)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(18)SXF	This command was integrated into Cisco IOS Release 12.2(18)SXF.

Examples

Related Commands


Command	Description
export destination	Enables the exporting of information from NetFlow aggregation caches.
ipv6 flow-aggregation cache	Enables NetFlow aggregation cache schemes for IPv6.
ipv6 flow-export	Enables the exporting of information in NetFlow cache entries.
show ip cache flow aggregation	Displays the NetFlow accounting aggregation cache statistics.
show ip flow export	Displays the statistics for NetFlow data export.
show ipv6 flow export	Displays the statistics for NetFlow data export for IPv6.

export

To enable the exporting of NetFlow accounting information from NetFlow aggregation caches, use the export command in NetFlow aggregation cache configuration mode. To disable the export of NetFlow accounting information from NetFlow aggregation caches, use the no form of this command.

export {destination ip-address | hostname} udp-port |version [8 | 9] | template [refresh-rate packets | timeout-rate minutes]}

no export {destination ip-address | hostname} udp-port |version [8 | 9] | template [refresh-rate packets | timeout-rate minutes]}

Syntax Description


destination ip-address \| hostname udp-port	IP address or hostname of the workstation to which you want to send the NetFlow information and the number of the UDP port on which the workstation is listening for this input.
version [8 \| 9]	(Optional) Version of the format for the export.
template	Enables the refresh-rate and timeout-rate keywords for configuring Version 9 export templates.
refresh-rate packets	(Optional) Specifies the number of export datagrams that are sent before the templates are resent. You can specify from 1 to 600 packets. The default is 20 packets.
timeout-rate minutes	(Optional) Specifies the interval (in minutes) during which the templates are resent. The interval you specify must lie in the range of 1 to 3600 minutes. The default value is 30 minutes.

Command Default

A NetFlow aggregation cache export destination is not set.
The default version format is Version 8.
The default for refresh-rate is 20 packets.
The default for timeout-rate is 30 minutes.

Command Modes

Command History


Release	Modification
12.0(3)T	This command was introduced.
12.0(24)S	The version, template, refresh-rate, and timeout-rate keywords were added.
12.3(1)	This command was integrated into Cisco IOS Release 12.3(1).
12.2(18)S	This command was integrated into Cisco IOS Release 12.2(18)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(18)SXF	This command was integrated into Cisco IOS Release 12.2(18)SXF.

Usage Guidelines

You must have NetFlow accounting configured on your router before you can use this command.

You can configure a maximum of two concurrent destinations per-cache using the destination keyword with the export command.

Examples

The following example shows how to configure two export destinations for a NetFlow accounting protocol-port aggregation cache scheme:

'The following example shows how to configure the Version 9 template refresh-rate and timeout-rate parameters for a NetFlow accounting protocol-port aggregation cache scheme:

Related Commands


Command	Description
cache	Defines operational parameters for NetFlow accounting aggregation caches.
enabled (aggregation cache)	Enables a NetFlow accounting aggregation cache.
ip flow-aggregation cache	Enables NetFlow accounting aggregation cache schemes.
mask (IPv4)	Specifies the source or destination prefix mask for a NetFlow accounting prefix aggregation cache.
show ip cache flow aggregation	Displays the NetFlow accounting aggregation cache statistics.
show ip cache flow	Displays a summary of the NetFlow accounting statistics.
show ip flow interface	Displays NetFlow accounting configuration for interfaces.
show ip cache verbose flow	Displays a detailed summary of the NetFlow accounting statistics.

ip flow-export

To enable the export of information in NetFlow cache entries, use the ip flow-export command in global configuration mode. To disable the export of information, use the no form of this command.

ip flow-export {destination ip-address udp-port | source {ip-address | interface-name} | version {1 | [{5 | 9} [origin-as | peer-as] [bgp-nexthop]]} | template {refresh-rate packets | timeout-rate minutes} [options {export-stats | refresh-rate packets | sampler | timeout-rate minutes}]}

no ip flow-export {destination ip-address udp-port | source {ip-address | interface-name} | version {1 | [{5 | 9} [origin-as | peer-as] [bgp-nexthop]]} | template {refresh-rate packets | timeout-rate minutes} [options {export-stats | refresh-rate packets | sampler | timeout-rate minutes}]}

Syntax Description


destination ip-address udp-port	IP address and protocol-specific port number of the workstation to which you want to send the NetFlow information.
source {ip-address \| interface-name}	IP address and interface type and number for the source address.
Version 1	Specifies that the export packet uses the version 1 format. This format is the default. The version field occupies the first 2 bytes of the export record. The number of records stored in the datagram is a variable from 1 to 24 for version 1.
Version 5	Specifies that the export packet uses the version 5 format. The number of records stored in the datagram is a variable between 1 and 30 for version 5.
Version 9	Specifies that the export packet uses the version 9 format.
origin-as	(Optional) Specifies that export statistics include the origin autonomous system (AS) for the source and destination.
peer-as	(Optional) Specifies that export statistics include the peer AS for the source and destination.
bgp-nexthop	(Optional) Specifies that export statistics include BGP next hop related information.
template	Specifies that the refresh-rate and timeout-rate keywords apply to the template.
options	Specifies that the export-stats, refresh-rate, sampler, and timeout-rate keywords apply to the options template.
export-stats	(Optional) Specifies that the export statistics include the total number of flows exported and the total number of packets exported.
refresh-rate packets	(Optional) Specifies the number of export packets before the options are reset. You can specify from 1 to 600 packets. The default is 20 packets.
sampler	(Optional) Specifies that Random Sampled NetFlow options templates are exported. You must enable version 9 data export before using this keyword.
timeout-rate minutes	(Optional) Specifies the time before the options are resent. You can specify from 1 to 3600 minutes. The default is 30 minutes.

Command Default

Export of information in NetFlow cache entries is disabled. You can specify origin AS accounting or peer AS export accounting, but not both.

Command Modes

Command History


Release	Modification
11.1 CA	This command was introduced.
12.0(24)S	This command was integrated into Cisco IOS Release 12.0(24)S, and the (version) 9 keyword was added.
12.3(1)	This command was integrated into Cisco IOS Release 12.3(1), and the bgp-nexthop keyword was added.
12.2(18)S	The bgp-nexthop and sampler keywords were added.
12.0(26)S	The bgp-nexthop and sampler keywords were added.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(18)SXF	This command was integrated into Cisco IOS Release 12.2(18)SXF.

Usage Guidelines

A NetFlow cache entry contains a lot of information. When NetFlow data collection is enabled with the ip route-cache flow command, you can use the ip flow-export command to configure the router to export the flow cache entries to a destination (such as a system running the NetFlow Collection Engine) when flows expire. This configuration can be useful for traffic analysis, monitoring, attack mitigation, and billing.

Version 5 and Version 9 formats include the source and destination AS addresses and source and destination prefix masks. Also, Version 9 might include BGP next hop information.

For more information on the Version 5 data format, refer to the Cisco IOS Switching Services Configuration Guide. For more information on version 9 data format, refer to the Cisco IOS NetFlow Version 9 Flow-Record Format white paper.

Examples

The following example shows how to configure the router to export the NetFlow cache entry to UDP port 2048 on the workstation at 172.16.23.7 when the flow expires using version 5 format and includes the peer AS information:

Related Commands

show ip flow export

Command	Description
debug ip flow export	Enables debugging output for NetFlow data export.
export destination	Enables the export of information from NetFlow aggregation caches.
ip route-cache flow	Enables NetFlow data collection for IP routing.
show ip flow export	Displays the statistics for the NetFlow data export.

To display the statistics for the NetFlow data export, including statistics for the main cache and all other enabled caches, use the show ip flow export command in user EXEC or privileged EXEC mode.

Syntax Description

Command Modes

Command History

template	(Optional) Shows the data export statistics (such as template timeout and refresh rate) for the template-specific configurations.


Release	Modification
11.1CC	This command was introduced.
12.2(2)T	This command was modified to display multiple NetFlow export destinations.
12.0(24)S	The template keyword was added.
12.3(1)	This command was integrated into Cisco IOS Release 12.3(1).
12.2(18)S	This command was integrated into Cisco IOS Release 12.2(18)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(18)SXF	This command was integrated into Cisco IOS Release 12.(18)SXF.

Examples

The following is sample output from the show ip flow export template command:

Related Commands


Command	Description
clear adjacency	Configures aggregation cache operational parameters.
debug ip flow export	Enables debugging output for NetFlow data export.
exit	Leaves aggregation cache mode.
export destination	Enables the exporting of information from NetFlow aggregation caches.
ip flow-aggregation cache	Enables aggregation cache configuration mode.
ip flow-export	Enables the exporting of information in NetFlow cache entries.

Glossary

CEF—Cisco Express Forwarding. Layer 3 IP switching technology that optimizes network performance and scalability for networks with large and dynamic traffic patterns.

BGP—Border Gateway Protocol. Interdomain routing protocol that replaces Exterior Border Gateway protocol (EBGP). BGP exchanges reachability information with other BGP systems. It is defined by RFC 1163.

BGP next hop—IP address of the next hop to be used to reach a certain destination.

data flowset—Set of one or more data records that are grouped together in an export packet.

data record—Provides information about an IP flow that exists on the device that produced an export packet. Each group of data records (meaning each data flowset) references a previously transmitted template ID, which can be used to parse the data within the records.

dCEF—Distributed Cisco Express Forwarding. Type of CEF switching in which line cards (such as VIP line cards) maintain an identical copy of the forwarding information base (FIB) and adjacency tables. The line cards perform the express forwarding between port adapters; this relieves the route/switch processor of involvement in the switching operation.

export packet—Type of packet built by a device (for example, a router) with NetFlow services enabled that is addressed to another device (for example, the NetFlow Collection Engine). The packet contains NetFlow statistics. The other device processes the packet (parses, aggregates, and stores information on IP flows).

fast switching—Cisco feature in which a route cache is used to expedite packet switching through a router.

flow—Unidirectional stream of packets between a given source and destination—both defined by a network-layer IP address and transport-layer source and destination port numbers.

flowset—Collection of flow records that follow the packet header in an export packet. A flowset contains information that must be parsed and interpreted by the NetFlow Collection Engine device. There are two different types of flowsets: template flowsets and data flowsets. An export packet contains one or more flowsets, and both template and data flowsets can be mixed in the same export packet.

NetFlow—Cisco IOS acceleration and accounting feature that maintains per-flow information.

NetFlow Aggregation—A NetFlow feature that lets you summarize NetFlow export data on an IOS router before the data is exported to a NetFlow data collection system such as the NetFlow FlowCollector. This feature lowers bandwidth requirements for NetFlow export data and reduces platform requirements for NetFlow data collection devices.

NetFlow Collection Engine (formerly NetFlow FlowCollector)—Cisco application that is used with NetFlow on Cisco routers and Catalyst 5000 series switches. The NetFlow Collection Engine collects packets from the router that is running NetFlow and decodes, aggregates, and stores them. You can generate reports on various aggregations that can be set up on the NetFlow Collection Engine.

NetFlow v9—NetFlow export format Version 9. A flexible and extensible means to carry NetFlow records from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for easier NetFlow Collection Engine configuration.

options data record—Special type of data record (which is based on an options template) with a reserved template ID that provides information about the NetFlow process itself.

options template—Type of template record used to communicate the format of data related to the NetFlow process.

packet header—First part of an export packet. It provides basic information about the packet (such as the NetFlow version, number of records contained in the packet, and sequence numbering) so that lost packets can be detected.

template flowset—Set of one or more template records that are grouped in an export packet.

template ID—Unique number that distinguishes a template record from other template records produced by the same export device. A NetFlow Collection Engine application that receives export packets from several devices should be aware that uniqueness is not guaranteed across export devices. Thus, the NetFlow Collection Engine should also cache the address of the export device that produced the template ID in order to enforce uniqueness.

template record—Defines the format of subsequent data records that might be received in current or future export packets. A template record within an export packet does not necessarily indicate the format of data records within that same packet. A NetFlow Collection Engine application must cache any template records received and then parse any data records it encounters by locating the appropriate template record in the cache.

ToS—type of service byte. Second byte in the IP header that indicates the desired quality of service for a particular datagram.

Table Of Contents