Configuring RFlow

Contents

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

SmartEdge

is a registered trademark of Telefonaktiebolaget LM Ericsson

1 Overview

This document describes the SmartEdge® RFlow application.

Redback Flow (RFlow) runs on the SmartEdge router and is used to collect IP traffic information. The traffic information is compiled in a record that contains a variety of information about the traffic in a flow. This flow record helps you to understand data traffic in your network so you can optimize the following:

Network Planning and Analysis
Network Monitoring
Troubleshooting
Accounting/Billing

RFlow comprises the following three main components:

Caches on the forwarding plane that store RFlow information
Aggregation caches on the control plane
The export mechanism that sends RFlow reports to an external IP Flow Information Export (IPFIX) collector

Note:: An external IPFIX collector is required to view network-wide IP flows. However, you do not need to configure an external collector in your system if you only want to see system-specific flow information. If you do not configure an external collector, flow data is stored in the RFlow caches for the lifetime of the flow, but that data is never exported from the SmartEdge router to an external collector. Flow data that is not exported to an external collector is available only until the flow expires. You can use this flow data if you want to monitor only local flows.

1.1 RFlow Rules and Restrictions

RFlow is not supported on the following controller cards:

XCRP2
XCRP2.5
PPA1-based traffic cards (for example, RFlow is not supported on the 12-port Fast Ethernet traffic card using RJ45 connectors or the 12-port DS3 ATM card with a BNC connector).

Exporting flow records can require significant bandwidth. Ericsson recommends directly attaching the external collector to one of the following:

A high-bandwidth interface that is connected to a SmartEdge router.
A local network that has enough bandwidth to support the exporting of flow records.

A flow admission control (FAC) profile is required for RFlow to function properly. If a preexisting FAC profile is attached to a circuit where RFlow is enabled, then the FAC profile is used for RFlow provisioning. If there is no FAC profile applied to a circuit, then the default FAC profile is automatically applied to that circuit. For more information about FAC profiles, see Configuring Flow Admission Control.

1.2 Definition of a Flow

A flow is a sequence of IP packets with common properties that traverse a specific reference point on a network during a specific interval. The reference point is called an RFlow observation domain, and the common properties used to define a flow are called key fields. The key fields are fixed and cannot be changed when exported in V5 format. The following key fields are used to capture the packets in a flow:

Source IP address
Destination IP address
Source port
Destination Port
Layer 3 (IP) protocol type

Packets with header values that match the key fields are considered part of the same flow. A packet is considered part of a different flow if any one of the key field values does not match that of the other packets in a flow.

An RFlow observation domain is made up of a set of bound interface circuits that are located on traffic cards. When a flow passes through the observation domain, information is collected for that flow until the flow expires because the inactive or active time-out period passes or the aggregation cache is full. When the flow expires, the information collected from the flow is exported to a record on an external collector. You can then use the information in the record to manage and optimize the network.

1.3 Life Cycle of a Flow

The traffic cards monitor flows on circuits where RFlow is enabled and configured. You can enable RFlow on a circuit by applying an a RFlow profile. Once RFlow is enabled, the flow life cycle is as follows:

The flow passes the configured observation point on the traffic card and a new Flow Control Block (FCB) is created for the flow. At this stage, the flow is called a microflow. On the traffic card, the main RFlow cache tracks the packet count, byte count, first packet, last packet, and expiration for each flow.
After the inactive or active time-out period passes, the flow expires (is aged) and is sent to a Level 1 cache on a traffic card. In addition to flow aging, the L1 cache also obtains routing information from the Forwarding Information Base (FIB) tables.
After the flow expires (is aged) in the L1 cache, it is sent to the Level 2 cache on the XCRP. Multiple flows can be aggregated into a single L2 cache entry if they share the same key fields.
After the flow expires (is aged) in the L2 cache, the information for that flow is compiled into a record.
The export entity exports the record to one or more external collectors, and the L2 cache entry for the flow is deleted.

For more information about Level 1 and Level 2 caches, see Data Collection in RFlow Caches.

1.4 RFlow Objects

Rflow consists of the following objects, which are discussed in detail in this document:

Application Lists (Optional)—Help gather application summary statistics.
Global Sampling (Optional)—For random sampling of packets.
Profiles—Can be attached to a particular circuit or collector object.
Collector—Objects that define access to external collectors.

1.5 Application Lists

Defining application lists allows you to classify the IP traffic that is being sent over the SmartEdge router, for example Telnet, FTP, HTTP, SMTP, and BGP. Applications, based on IP protocol number and port number, may be defined within these application lists, providing the flexibility in the definition of the applications you want to monitor.

For every IP protocol, the following statistics per application are displayed:

Total Flows: Number of flows in the cache for this application since the last time the statistics were cleared.
Flows/Sec: Average number of flows per second for this application.
Packets/Flow: Average number of packets per flow for this application.
Bytes/Pkt: Average number of bytes per packet for this application.
Packets/Sec: Average number of packets per second for this application.
Active(Sec)/Flow Average number of seconds that a flow was active for this application before it was expired.
Idle(Sec)/Flow: Average number of seconds that a flow was idle for this application before it was expired.

1.6 RFlow Configuration Process

The RFlow configuration process consists of the following main steps:

Define and configure application lists.
Define and configure sampling.
Create and configure an RFlow profile
Configure access to one or more external collectors
Enable RFlow on an individual circuit

Before being able to enable RFlow features to collect meaningful data on flows that you are interested in monitoring, you can define application lists and the global sampling interval.

You enable RFlow on an individual circuit by creating an RFlow profile and then applying that RFlow profile to the desired circuit. An individual circuit can support a single profile only, but the same profile can be applied to multiple circuits. A circuit must be bound to an IP interface for RFlow to operate properly. RFlow is currently supported on the following types of bound circuits:

Physical ports
802.1Q circuits
802.1QinQ circuits
Access link group circuits
Subscriber circuits

You configure an RFlow profile in global configuration mode, independent of any context. You can attach a single profile to multiple external collectors in different contexts.

You can configure the following fields in the RFlow profile:

Profile name—Unique name that identifies an RFlow profile. When you create a new RFlow profile name, that name is mapped to an internally created hexadecimal identifier.
Active timeout—Number of seconds after which a long-lived flow is considered complete (expired) and a flow record is created and exported to the external collector.
Inactive timeout—Number of seconds after which a flow that does not have any current activity on it is considered complete (expired) and a flow record is created and exported to the external collector.
Aggregation cache size—Maximum number of entries that can be stored in the aggregation cache at a given time.
Application list—Enable/Disable application summary statistics accounting for circuits using this profile. By default application summary statistics accounting is disabled.
Sampling—Enable/Disable random packet sampling for circuits using this profile. By default sampling is disabled.

The RFlow configuration process is described in detail in the Section 2 section.

1.7 Data Collection in RFlow Caches

The RFlow caches are databases that store RFlow information. Each RFlow profile has a cache attached to it. The caches store flow information until that flow is aged (expires). A flow is considered aged under the following circumstances:

The inactivity time expires—No packets belonging to that flow have passed the observation point before the specified time-out period.
The active time expires—Flow records are exported when the specified time-out period expires. You can configure the active time-out period.
The end of a flow is detected by the exporter. For example, when a Transmission Control Protocol (TCP) flow receives a TCP reset (RST) or finished (FIN) flag. The TCP RST flag indicates that the remote host has reset the connection due to a rejected request to establish a connection. The FIN flag appears when the last packets are exchanged over an established connection.
Flow counter overflows—The number of packets or bytes received overflows the flow counters.
Fast aging—Flows are aged when the XCRP buffer is out of memory or when the cache is deleted.

There are two RFlow caches: the Level 1 cache and the Level 2 cache.

The Level 1 cache is on a traffic card and compiles the flow information into a flow record before the flow expires. The flow remains in the Level 1 cache until it is aged, after which it is sent to the Level 2 cache.

The Level 2 cache is on the XCRP Controller card. The Level 2 cache is organized as a hash table based on the key fields used to capture the packets in a flow. When the flow expires in the L2 cache, the flow record is exported to the external collector, from which you can access various types of flow information.

You can view RFlow data in the output using the show flow collector command.

Note:: There is one Level 1 and Level 2 cache for each RFlow profile in a context. If the same RFlow profile is attached to different circuits in multiple contexts, that RFlow profile has a different, unique Level 1 and Level 2 cache for each context.

1.8 Exporting Flow Data

If an external collector is configured for RFlow, then flow records are exported to that external collector when a flow is terminated in the Level 2 cache. The export entity uses Cisco Systems NetFlow export format version 5 (v5) to export flow records. In the export v5 format, RFlow flow records are made up of a header and a sequence of flow data fields.

Table 1 describes the flow header key fields supported in the v5 export format.

Table 1 Version 5 Export Format Header Fields
Field	Description
version	Export format used to send flow records to the external collector. In this release, only v5 formatting is supported.
count	Number of records in the PDU.
sys-uptime	Number of milliseconds that have passed since the router last booted.
secs	Number of seconds that have passed since 0000 Coordinated Universal Time (UTC) 1970, which is when the packet left the exporter.
nsecs	Number of residual nanoseconds that have passed since 0000 UTC 1970.
flow_seq	Sequence number maintained per external collector; represents the total number of flows received by the external collector.
exp_id	Unique identifier for the export source.

Table 2 describes the flow record fields supported in the v5 export format.

Table 2 Version 5 Export Flow Record Fields
Field	Description
Source address	Source IP address from which this flow originated.
Destination Address	Destination IP address for this flow.
Nextop (ingress)	IPv4 address of the next-hop BGP router.
Input	SNMP ifIndex where the packet is being exported to.
Output	SNMP ifIndex from which the packet is being exported.
Packets	Number of packets sent in a flow.
Bytes	Number of bytes sent in a flow.
srcport	Layer 4 source port number.
dstport	Layer 4 destination port number.
pad1	Unused (zero) byte.
TCP Flags	Cumulative number of TCP flags.
tos	IP type-of-service byte.
src_AS	BGP autonomous system (AS) source address.
dst_AS	BGP AS destination address.
Source mask (for ingress flows only)	Source IPv4 mask address from which the packet was exported.
Destination mask (for ingress flows only)	Destination IPv4 mask address to which the packet is being exported.
pad2	Number of unused (zero) bytes.

Note:: Up to 30 flow records can be bundled in version 5 export format for transport to the external collector.

1.9 RFlow External Collector Configuration and Management

An external collector is a server that assembles exported flows and aggregates them to produce reports used for traffic and security analysis. After the L2 cache compiles RFlow export data into a flow record, the export entity exports the record to one or more external collectors. Each external collector resides in a chosen location in the network and is independent of the SmartEdge router.

Note:: To configure an external collector, see the documentation for the product on which you want to locate the collector.

On the SmartEdge router, you must configure access to the external collector. An external collector can be accessed by any IP interface through which the destination IP address of the external collector can be reached. The IP address of the external collector and the port through which it is listening must also be configured on the ingress router so that the router knows where to export flow reports.

You configure SmartEdge router access to the external collector in an individual context. For redundancy, you can configure access to two or more external collectors in the same context.

A single external collector can have multiple RFlow profiles attached to it. An external collector can be attached to an RFlow profile that is attached to circuits that are bound to interfaces across multiple contexts.

To access the external collector, you must configure the following parameters:

An IP address for the external collector. This is the destination to which the RFlow records are exported.
The destination port for the external collector. This specifies the port that receives the exported RFlow record.
The export version for the data. This determines the type of formatting used for the exported flow records. Currently, only export version 5 formatting is supported.
The transport protocol used to export records to the external collector. In this release, only UDP is supported.
The name of an RFlow profile that is bound to a circuit or circuits. Flows that are received on those circuits are compiled into records that are exported to a designated external collector. A collector can receive flows from multiple profiles.

Use the show flow ip cache dump command to view the flow records for the local SmartEdge router.

Note:: Flow data is still stored in the RFlow caches for the lifetime of the flow. You can use this data to monitor local flows only. When a flow expires, the data for the flow is no longer available.

1.10 Understanding Contexts in RFlow Configuration

Before configuring RFlow, you must understand the differences between the following contexts:

The context of a flow. This is the context in which you bind a circuit to the interface that carries the flows you want to export to the external collector. To enable a circuit for RFlow, you need to apply an RFlow profile to that circuit.
To export the flow records to an external collector, you need to:
- configure access to the external collector in the context of the flow. In this document, this step is referred to as “collector configuration.”
  Note:
  Collector configuration needs to be done in each context for which you want flow records to be exported.
- reference the RFlow profile in the collector configuration within the context of the flow.
The context from which the external collector is reachable. This can be any context. Flow records pertaining to one context may be exported to an external collector that is reachable from a different context. Use the ip-address command in flow collector configuration mode to configure the context from which the external collector can be reached.

If an RFlow profile is attached to three circuits in three different contexts, then a collector receives flow records only from those circuits for which there is a collector configuration in the context of the flows. In other words, if the collector is configured in one context only, the external collector receives flow records only from the circuit that is configured in that same context, and not from the other two circuits because their flows are in different contexts.

Note:: For more information about creating and configuring an Rflow profile, see RFlow Configuration Process. To create and configure an RFlow profile, see Create and Configure an RFlow Profile.

In the following example, the profile p15 is applied to the circuit:

[local]Redback# configure

[local]Redback(config)# port ethernet 7/1

[local]Redback(config-port)# bind interface if1_1 context ctx-blue

[local]Redback(config-port)# flow apply ip profile p15 in

[local]Redback(config-port)# exit

[local]Redback(config)# port ethernet 4/3

[local]Redback(config-port)# bind interface if2_2 context ctx-red

[local]Redback(config-port)# flow apply ip profile p15 in

In the next part of the example, an external collector called collect-blue is configured to receive flows from the circuit 7/1:

[local]Redback# configure

[local]Redback(config)# context ctx-blue

[local]Redback(config-ctx)# flow collector collect-blue

[local]Redback)(config-flow-collector)# ip-address 10.12.209.8 context ctx-blue

[local]Redback)(config-flow-collector)# ip profile p15

Even though the p15 RFlow profile is applied to circuits 7/1 and 4/3, the collect-blue collector only receives the flow records from circuit 7/1 because collect-blue was configured in the ctx-blue context.

1.11 Command Mode Hierarchy

Command modes exist in a hierarchy; that is, you must access the higher-level command mode before you can access a lower-level command mode in the same chain.

Figure 1 shows the hierarchy of the command modes used to configure RFlow features.

Figure 1 Command Mode Hierarchy

Table 3 lists the command modes (in alphabetical order) relevant to RFlow features. It includes the commands that enable access to each mode and the command-line prompt for each mode.

Table 3 Command Modes and Prompts
Mode Name	Commands Used to Access	Command-Line Prompt
context	`context` command from global configuration mode	(config-ctx)#
dot1q PVC	`dot1q pvc` command from port configuration mode	(config-dot1q-pvc)#
exec	(user logon)	# or >
flow collector	`flow collector` command from context configuration mode	(config-flow-collector)#
flow ip application-list	`flow ip application-list` command from global configuration mode	(config-flow-ip-app-list)#
flow ip sampling	`flow ip sampling` command from global configuration mode	(config-flow-ip-sampling)#
flow IP profile	`flow ip profile` command from global configuration mode	(config-flow-ip-profile)#
flow ip application	`application` command from the flow ip application-list configuration mode	(config-flow-ip-application)#
global	`configure` command from exec mode	(config)#
port	`port` `ethernet` command from global configuration mode	(config-port)#
link-group	`link-group` command from global configuration mode	(config-link-group)#
subscriber	`subscriber` command from global configuration mode	(config-sub)#

2 RFlow Configuration

To configure RFlow, perform the following steps:

Configure application list (optional)
Configure global sampling interval (optional)
Configure an RFlow profile
Configure access to an external collector
Enable RFlow on an individual circuit by applying an RFlow profile to it

These tasks are described in detail in the sections that follow.

2.1 Prerequisites

Be sure the following prerequisites are met before configuring RFlow on your router:

Your router is configured for IP routing.
Your router has enough memory and CPU bandwidth available to support RFlow.

2.2 Configure Application Lists

To define an application list, perform the tasks in Table 4.

Table 4 Configuring Application Lists
Step #	Task	Command	Notes
1.	Enter global configuration mode.	`configure`	—
2.	Define a flow IP application list and enter an application list name.	`flow ip application-list` `application-list-name`	Replace the `application-list-name` with a name you want to call your application list . Your prompt will change to `config-flow-ip-app-list`.
3.	From the `config-flow-ip-app-list` mode, enter `application` `and choose an application-name`.	`application` `application-name`	The application name you choose will contain the IP protocol names and their protocol ID and port number information that you will provide as part of the next step. The tasks that follow will allow you to create multiple lists for statistical data collection on IP protocols.
4.	Configure a protocol.	`protocol`	—
5.	Configure a port number or a port number range,	`port` `port-number`	—
6.	Save the configuration.	`commit`	—

2.3 Configure a Global Sampling Interval

To collect flow statistics based on random sampling, you can enable sampling on a global level.

To enable sampling, perform the tasks in Table 5. By default, sampling is disabled for every RFlow profile. To enable sampling for an RFlow profile, refer to Section 2.4.

Table 5 Configuring Sampling
Step #	Task	Command	Notes
1.	Enter global configuration mode.	`configure`
2.	(Optional) Enter flow IP sampling configuration mode.	`flow ip sampling`	Your prompt will include `config-flow-ip-sampling`.
3.	Specify the packet interval.	`packet-interval` `packet-interval`	Replace `packet-interval` with the interval you want. The range for this interval is 1 to 16383 packets.
4.	Save the configuration.	`commit`

2.4 Configure an RFlow Profile

This section describes how to create and configure an RFlow profile using the default configuration values, as described in Table 6.

Table 6 RFlow Profile Default Configuration Values
Parameter	Default	Command Used to Modify Default Setting
Active time-out setting for flows using the profile, in seconds	1800 seconds (30 minutes)	`active-timeout`
Inactive time-out setting for flows using the profile, in seconds	5 seconds	`inactive-timeout`
Maximum number of entries in the aggregation cache for flows that use a profile	4096	`aggregation-cache-size`
Application list that you will enable using this profile.	No application summary statistics will be gathered.	`application-list`
Sampling that you will enable using this profile.	Sampling will remain disabled	`sampling`

To create and configure an RFlow profile, perform the tasks in Table 7.

Table 7 Create and Configure an RFlow Profile
Step #	Task	Command	Notes
1.	Enter global configuration mode.	`configure`	—
2.	Create a flow IP profile and enter flow IP profile configuration mode.	`flow ip profile` `profile-name`	Replace `profile-name` with a name that identifies your IP profile.
3.	Save the configuration.	`commit`	—
4.	Verify your IP profile configuration.	`show flow ip profile` and `show flow ip profileprofile-name`	Replace `profile-name` with the name of the RFlow profile you created in Step 2.

2.4.1 Modify the Default Configuration in an RFlow Profile

To modify the default configuration in an RFlow profile, perform the tasks in Table 8.

Table 8 Modify Default RFlow Profile Configuration Values
Step #	Task	Command	Notes
1.	Enter global configuration mode.	`configure`	—
2.	Enter flow IP profile configuration mode for a specified IP profile.	`flow ip profile` `profile-name`	Replace `profile-name` with the name of the IP profile you want to modify.
3.	Configure the active time-out setting for flows that use this profile, in seconds.	`active-timeout` `timeout-value`	Replace the `timeout-value` argument with the number of seconds after which a flow is considered aged (expired) and a flow record is created and exported to the external collector. Range is from 15 to 1800 seconds.
4.	Configure the inactive time-out setting for flows that use this profile, in seconds.	`inactive-timeout` `timeout-value`	Replace the `timeout-value` argument with the number of seconds after which a flow which exceeds the time-out value you set for being inactive is considered aged (expired) and a flow record is created and exported to the external collector. Range is from 1 to 10 seconds.
5	Configure aggregation cache size for flows that use this profile.	`aggregation-cache-size` `number-of-entries`	Replace `number-of-entries` with the maximum number of entries that can be stored in the aggregation cache at one time. This determines how much information is reported when the you access the RFlow data. Range is from 1024 through 32768 entries. To ensure optimal RFlow performance, we recommend setting the aggregation cache size to a number that is a power of 2; for example, 8192.
6.	(Optional) Enable the application list to gather IP protocol summary statistics. Specify the application list name that you defined at the global level. If no name is specified, the system default application list information will be displayed.	`application-list` `application list name`	Enable the application list so that you can gather summary statistics for the applications that you wish to monitor. RFlow will report application summary statistics per cache, since each cache will maintain its own set of application statistics. Application statistics will be maintained only if you enable the application list for this profile. If you do not enable application list, no application statistics will be gathered.
7.	(Optional) Enable sampling.	`sampling`	Sampling packet interval is defined at the global level. During profile configuration, you are merely enabling sampling. By default, sampling is disabled if you do not explicitly enable it.
8.	Save the configuration.	`commit`	—
9.	Verify your IP profile configuration.	`show flow ip profile` and `show flow ip profile` `profile-name`	Replace `profile-name` with the name of the RFlow profile you created in Step 2.

2.5 Configure Access to an External Collector

This section describes how to configure access to an external collector using the default configuration described in Table 9.

Table 9 External Collector Access Default Configuration Values
Parameter	Default	Command Used to Modify Default Setting
ip-address	No collector receives exported flow records from the SmartEdge router.	`ip-address`
port	9997	`port`
export version	v5	`export-version`
profile	No profile is attached to the collector.	`ip profile`
transport-protocol	UDP	`transport-protocol udp`

Note:: Before you can configure access to an external collector, you need to create an external collector in your system as described the documentation for the product on which you want to locate the collector.

Be aware that exporting flow records can require a lot of bandwidth. We recommend directly attaching the external collector to:

A high-bandwidth interface that is connected to a SmartEdge router.
A local network that has enough bandwidth to support the exporting of flow records.

Perform the tasks in Table 10 to configure access to an external collector using the default configuration. Table 10 describes the minimal tasks required to configure access to an external collector; to modify the default external collector access settings, see Modify the Default External Collector Access Configuration.

Table 10 Create and Configure an External Collector Access (Default Values)
Step #	Task	Command	Notes
1.	Enter global configuration mode.	`configure`	—
2.	Enter context configuration mode.	`context` `ctx-name`	Replace the `ctx-name` argument with the name of the context that owns the flows that will be exported to the external collector. This is the same context you configure in the `bind interface` command when statically binding a port or permanent virtual circuit (PVC) to the interface whose flows you want to export.
3.	Enter flow collector configuration mode for an external collector.	`flow collector` `collector-name`	Replace the `collector-name` argument with the name of the external collector to which you want to export flow records.
4.	Enable an external collector to receive exported flow records from circuits where RFlow is enabled.	`ip-address` `ip-v4-address` `contextcontext-name`	Replace the `ip-v4-address` argument with the IP address for external collector, in the form `A.B.C.D`. Replace the `context-name` argument with the name of the context that hosts the IP address for accessing this collector.
5.	Save the configuration.	`commit`	—
6.	Verify your external collector configuration.	`show flow collector` `collector-name`	Replace `collector-name` with the name of the external collector you configured in Step 3.

2.5.1 Modify the Default External Collector Access Configuration

To modify the default configuration values for external collector access, perform the tasks described in Table 11.

Table 11 Modify the Default External Collector Access Configuration Values
Step #	Task	Command	Notes
1.	Enter global configuration mode.	`configure`	—
2.	Enter context configuration mode.	`context` `ctx-name`	Replace the `ctx-name` argument with the name of the context that owns the flows that will be exported to the external collector. This is the same context you configure in the `bind interface` command when statically binding a port or permanent virtual circuit (PVC) to the interface whose flows you want to export.
3.	Enter flow collector configuration mode.	`flow collector` `collector-name`	Replace `collector-name` with the name of the external collector you want to access.
4.	Configure a port on an external collector to listen for flow records from the SmartEdge router .	`port` `destination-port`	Replace the `destination-port` argument with a number that identifies the port on which the external collector receives exported flows. Range is from 1 through 16384.
5.	Specify the export format used to send flow records to the external collector.	`export-version v5`	The export version determines the fields included in the flow record. In this release, v5 (version 5) is the only supported export version
6.	Attach a flow profile to the external collector.	`ip profile` `profile-name`	Replace the `profile name` argument with the name of the IP profile you want to attach to this external collector. You can add up to 10 profiles per collector.
7.	Configure the transport protocol for the flow records to be UDP.	`transport-protocol udp`	In this release, UDP is the only supported transport protocol for the flow records
8.	Save the configuration.	`commit`	—
9.	Verify your external collector configuration.	`show flow collector` `collector-name`	Replace the `collector-name` argument with the name of the configured external collector that you want to verify.

2.6 Enable RFlow on a Circuit

To enable RFlow on a circuit, perform the tasks in Table 12.

Table 12 Enable RFlow on a Circuit
Step #	Task	Command	Notes
1.	Enter global configuration mode.	`configure`	—
2.	Enter port configuration mode for the specified port.	`port` `type` `slot/port`	Replace the `type` argument with the type of port on which you want to enable RFlow. Replace `slot/port` with the chassis slot number of the traffic card that hosts the port and the traffic card port number.
3.	(Optional) Enter dot1q PVC configuration mode for the specified PVC.	`dot1q pvc` `options`	Replace the `options` argument with the required syntax for the type of dot1Q PVC that you are configuring. Perform this step only if you want to enable RFlow or a dot1Q PVC.
4.	Attach a specified RFlow profile to a circuit.	`flow apply ip profile` `profile-name` {`in` \| `out` \| `both`}	Apply the profile in the desired direction by choosing one of the following keywords: `both`—Applies the profile to the circuit in both the ingress and egress directions. `in`—Applies the profile to the circuit in the ingress direction only. `out`—Applies the profile to the circuit in the egress direction only. The physical circuit must be bound to an IP interface for flow accounting to work properly.
5.	Save the configuration.	`commit`	—
6.	Verify that RFlow is enabled on a circuit.	`show flow ip circuit` and `show flow ip circuit` `circuit-id`	Replace the `circuit-id` argument with the appropriate circuit identifier.

2.7 Enable RFlow on a Link-Group Circuit

To enable RFlow on a link-group circuit, perform the tasks in Table 13. For more information on link groups, refer to Configuring Link Aggregation

Table 13 Enable RFlow on a Link-Group Circuit
Step	Task	Command	Notes
1.	Enter global configuration mode.	`configure`	—
2.	Enter link-group configuration mode. (Optional) Enter the `economical` optional keyword.	`link-group` `link-group-name` `access` `economical`	Replace the `link-group-name` argument with the link-group circuit on which you want to enable RFlow. In the `economical` model, the standby port will not have all the resources pre-provisioned. Instead, the resources will be allocated on the standby port when it becomes active.
3.	(Optional) Enter dot1q PVC configuration mode for the specified PVC.	`encapsulation dot1q`	—
4.	(Optional) Continue in dot1q PVC configuration mode for the specified PVC.	`dot1q pvc` `options`	Replace the `options` with the VLAN associated with the dot1Q PVC. Perform this step only if you want to enable RFlow on a dot1Q PVC.
5.	Attach a specified RFlow profile to a circuit.	`flow apply ip profile` `profile-name` {`in` \| `out` \| `both`}	Apply the profile in the required direction by choosing one of the following keywords: `in`—Applies the profile to the access link group circuit in the ingress direction only. `out`—Applies the profile to the access link group circuit in the egress direction only. `both`—Applies the profile to the access link group circuit in both the ingress and egress directions. The access link group circuit must be bound to an IP interface for flow accounting to work properly.
5.	Save the configuration.	`commit`	—
6.	Verify that RFlow is enabled on the access link group circuit.	`show flow ip circuit` and `show flow ip circuit` `circuit-id`	Replace the `circuit-id` argument with the appropriate link-group circuit identifier.

2.8 Enable RFlow on a Subscriber Circuit

To enable RFlow on a subscriber circuit, perform the tasks in Table 14. For more information on subscriber circuits, refer to Configuring Subscribers

Table 14 Enable RFlow on a Subscriber Circuit
Step	Task	Command	Notes
1.	Enter global configuration mode.	`configure`	—
2.	Enter context configuration mode.	`context` `ctx-name` or `context local`	Replace the `ctx-name` either with a named context to configure. If you want to configure the local context, specify the `local` keyword. Your prompt will include `config-ctx`.
3.	Enter subscriber configuration mode	`subscriber default`, `subscriber`, `subscriber-name` or `subscriber profile`, `profile-name`	Replace the `subscriber-name` argument with the name of individual subscriber accounts, and `profile-name` with a named subscriber profile. Your prompt will include `config-sub`.
4.	Attach a specified RFlow profile to a subscriber circuit.	`flow apply ip profile` `profile-name` {`in` \| `out` \| `both`}	Apply the profile in the required direction by choosing one of the following keywords: `in`—Applies the profile to the circuit in the ingress direction only. `out`—Applies the profile to the circuit in the egress direction only. `both`—Applies the profile to the circuit in both the ingress and egress directions. The subscriber circuit must be bound to an IP interface for flow accounting to work properly.
5.	Save the configuration.	`commit`	—
6.	Verify that RFlow is enabled on a subscriber circuit.	`show subscribers active all`

3 Example: Configuring RFlow

The following example shows a simple RFlow configuration. Two RFlow profiles are created: p1 and p2. An external collector called c1 is configured to monitor both profiles. The profile called p1 is attached to a VLAN, and the profile called p2 is attached to a PVC. When the profiles are attached to the VLAN and PVC circuits, RFlow is enabled on those circuits.

Create an RFlow profile called p1:

[local]Redback# configure

[local]Redback(config)# flow ip profile p1

[local]Redback(config-flow-ip-profile)# active-timeout 1000

[local]Redback(config-flow-ip-profile)# inactive-timeout 10

[local]Redback(config-flow-ip-profile)# aggregation-cache-size 8192

Create an RFlow profile called p2, running in the default mode:

[local]Redback# configure

[local]Redback(config)# flow ip profile p2

Configure access to an external collector called c1:

[local]Redback# configure

[local]Redback(config)# context rflow

[local]Redback(config-ctx)# flow collector c1 

[local]Redback)(config-flow-collector)# ip-address 10.12.209.7 context rflow1

[local]Redback)(config-flow-collector)# port 9997

[local]Redback)(config-flow-collector)# export-version v5 

[local]Redback)(config-flow-collector)# transport-protocol udp

[local]Redback)(config-flow-collector)# ip profile p1 

[local]Redback)(config-flow-collector)# ip profile p2

Apply the profile p1 to the dot1q PVC 100 circuit on port 4/1:

[local]Redback# configure

[local]Redback(config)# port ethernet 4/1 

[local]Redback(config-port)# no shutdown

[local]Redback(config-port)# encapsulation dot1q 

[local]Redback(config-port)# dot1q pvc 100 

[local]Redback(config-dot1q-pvc)# bind interface if1_1 local 

[local]Redback(config-dot1q-pvc)# flow apply ip profile p1 in

Apply the profile p2 to dot1q PVC 100:

[local]Redback# configure

[local]Redback(config)# port ethernet 4/1

[local]Redback(config)# dot1q pvc 100 

[local]Redback(config-dot1q-pvc)# encapsulation 1qtunnel 

[local]Redback(config-dot1q-pvc)# bind interface if1_2 local 

[local]Redback(config-dot1q-pvc)# flow apply ip profile p2 out

Apply the profile p1 to an access link group circuit called lg1:

[local]Redback# configure

[local]Redback(config)# link-group lg1 access economical 

[local]Redback(config-link-group)# no shutdown

[local]Redback(config-link-group)# encapsulation dot1q 

[local]Redback(config-link-group)# bind interface if1_1 local 

[local]Redback(config-link-group)# flow apply ip profile p1 in

Apply the profile p2 to a link-group level-2 circuit:

[local]Redback# configure

[local]Redback(config)# link-group lg2 access economical 

[local]Redback(config-link-group)# encapsulation dot1q 

[local]Redback(config-link-group)# dot1q pvc 100 

[local]Redback(config-dot1q-pvc)# bind interface if1_2 local

[local]Redback(config-dot1q-pvc)# flow apply ip profile p2 out

Defining an application list and specifying an application list name called app-list1. Defining an application name and the protocol ID and port number for TCP.

[local]Redback# configure

[local]Redback(config)# flow ip application-list app-list1 

[local]Redback(config-flow-ip-app-list)# application app1

[local]Redback(config-flow-ip-app)# protocol tcp port 25

Defining global sampling packet interval and indicating a packet interval of 100:

[local]Redback# configure

[local]Redback(config)# flow ip sampling 

[local]Redback(config-flow-ip-sampling)# packet-interval 100

Enabling an application list and sampling for the profile p1:

[local]Redback# configure

[local]Redback(config)# flow ip profile p1 

[local]Redback(config-flow-ip-profile)# application-list

[local]Redback(config-flow-ip-profile)# sampling

1	Overview
1.1	RFlow Rules and Restrictions
1.2	Definition of a Flow
1.3	Life Cycle of a Flow
1.4	RFlow Objects
1.5	Application Lists
1.6	RFlow Configuration Process
1.7	Data Collection in RFlow Caches
1.8	Exporting Flow Data
1.9	RFlow External Collector Configuration and Management
1.10	Understanding Contexts in RFlow Configuration
1.11	Command Mode Hierarchy
2	RFlow Configuration
2.1	Prerequisites
2.2	Configure Application Lists
2.3	Configure a Global Sampling Interval
2.4	Configure an RFlow Profile
2.5	Configure Access to an External Collector
2.6	Enable RFlow on a Circuit
2.7	Enable RFlow on a Link-Group Circuit
2.8	Enable RFlow on a Subscriber Circuit
3	Example: Configuring RFlow