65-2
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 65 Configuring Flexible NetFlow
VSS Environment
5. Supervisor Engine 8-E, Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X
support a 100,000 entry hardware flow table. Both VSS Active and Standby switch have independent
hardware flow tables of 100,000 entries. The hardware flow table is shared by all the flow monitors
on a switch. To prevent one monitor from using all the flow table entries, the number of entries that
it uses on a switch can be limited by the cache entries number command. This limit is per flow
monitor, irrespective of the number of targets it is attached to.
The following example illustrates how to configure the flow monitor m1 cache to hold 1000 entries.
With this configuration, interface gig 1/3/1 (on the VSS Active) can create a maximum of 1000 flows
and interface gig 2/3/2 (on the VSS Standby) can create a maximum of 1000 flows:
flow exporter e1
! exporter specifies where the flow records are send to
destination 20.1.20.4
!
flow record r1
! record specifies packet fields to collect
match ipv4 source address
match ipv4 destination address
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
flow monitor m1
! monitor refers record configuration and optionally exporter
! configuration. It specifies the cache size i.e. how many unique flow
! records to collect
record r1
exporter e1
cache timeout active 60
cache timeout inactive 30
cache entries 1000
!interface GigabitEthernet 1/3/1
! layer2-switched allows collection of flow records even when the packet is
! bridged
ip flow monitor m1 layer2-switched input
!
interface GigabitEthernet 2/3/2
ip flow monitor m1 input
!
6. Flow collection is supported on multiple targets (Port, VLAN, per-port per-VLAN (FNF can be
enabled on a specific VLAN on a given port)) and on a port-channel (FNF is configured on the
port-channel interface, rather than individual member ports). These targets can be on the VSS Active
or on the VSS Standby. For example, if the target is a VLAN, it can consist of ports belonging to
both switches. If there is ingress traffic in that VLAN on both switches, flows will be created in their
independent flow caches. However, no Netflow configuration can be applied on the Virtual Switch
Link (VSL) ports.
7. 64 unique flow record configurations are supported.
8. Flow QoS/UBRL and FNF cannot be configured on the same target. (For information on Flow-based
QoS, see the section Flow-based QoS, page 42-10.)
9. 14,000 unique IPv6 addresses can be monitored.
10. On a given target, one monitor per traffic type is allowed. However, you can configure multiple
monitors on the same target for different traffic types.
For example, the following configuration is allowed:
! vlan config 10
To Next Page
Loading...
