Copyright |
© Ericsson AB 2009–2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner. | |||
Disclaimer |
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document. | |||
Trademark List |
|

1 Overview
This document describes the SmartEdge® RFlow application.
Redback Flow (RFlow) runs on the SmartEdge router and is used to collect IP traffic information. The traffic information is compiled in a record that contains a variety of information about the traffic in a flow. This flow record helps you to understand data traffic in your network so you can optimize the following:
- Network Planning and Analysis
- Network Monitoring
- Troubleshooting
- Accounting/Billing
RFlow comprises the following three main components:
- Caches on the forwarding plane that store RFlow information
- Aggregation caches on the control plane
- The export mechanism that sends RFlow reports to an external IP Flow Information Export (IPFIX) collector
- Note:
- An external IPFIX collector is required to view network-wide IP flows. However, you do not need to configure an external collector in your system if you only want to see system-specific flow information. If you do not configure an external collector, flow data is stored in the RFlow caches for the lifetime of the flow, but that data is never exported from the SmartEdge router to an external collector. Flow data that is not exported to an external collector is available only until the flow expires. You can use this flow data if you want to monitor only local flows.
1.1 RFlow Rules and Restrictions
RFlow is not supported on the following controller cards:
- XCRP2
- XCRP2.5
- PPA1-based traffic cards (for example, RFlow is not supported on the 12-port Fast Ethernet traffic card using RJ45 connectors or the 12-port DS3 ATM card with a BNC connector).
Exporting flow records can require significant bandwidth. Ericsson recommends directly attaching the external collector to one of the following:
- A high-bandwidth interface that is connected to a SmartEdge router.
- A local network that has enough bandwidth to support the exporting of flow records.
A flow admission control (FAC) profile is required for RFlow to function properly. If a preexisting FAC profile is attached to a circuit where RFlow is enabled, then the FAC profile is used for RFlow provisioning. If there is no FAC profile applied to a circuit, then the default FAC profile is automatically applied to that circuit. For more information about FAC profiles, see Configuring Flow Admission Control.
1.2 Definition of a Flow
A flow is a sequence of IP packets with common properties that traverse a specific reference point on a network during a specific interval. The reference point is called an RFlow observation domain, and the common properties used to define a flow are called key fields. The key fields are fixed and cannot be changed when exported in V5 format. The following key fields are used to capture the packets in a flow:
- Source IP address
- Destination IP address
- Source port
- Destination Port
- Layer 3 (IP) protocol type
Packets with header values that match the key fields are considered part of the same flow. A packet is considered part of a different flow if any one of the key field values does not match that of the other packets in a flow.
An RFlow observation domain is made up of a set of bound interface circuits that are located on traffic cards. When a flow passes through the observation domain, information is collected for that flow until the flow expires because the inactive or active time-out period passes or the aggregation cache is full. When the flow expires, the information collected from the flow is exported to a record on an external collector. You can then use the information in the record to manage and optimize the network.
1.3 Life Cycle of a Flow
The traffic cards monitor flows on circuits where RFlow is enabled and configured. You can enable RFlow on a circuit by applying an a RFlow profile. Once RFlow is enabled, the flow life cycle is as follows:
- The flow passes the configured observation point on the traffic card and a new Flow Control Block (FCB) is created for the flow. At this stage, the flow is called a microflow. On the traffic card, the main RFlow cache tracks the packet count, byte count, first packet, last packet, and expiration for each flow.
- After the inactive or active time-out period passes, the flow expires (is aged) and is sent to a Level 1 cache on a traffic card. In addition to flow aging, the L1 cache also obtains routing information from the Forwarding Information Base (FIB) tables.
- After the flow expires (is aged) in the L1 cache, it is sent to the Level 2 cache on the XCRP. Multiple flows can be aggregated into a single L2 cache entry if they share the same key fields.
- After the flow expires (is aged) in the L2 cache, the information for that flow is compiled into a record.
- The export entity exports the record to one or more external collectors, and the L2 cache entry for the flow is deleted.
For more information about Level 1 and Level 2 caches, see Data Collection in RFlow Caches.
1.4 RFlow Objects
Rflow consists of the following objects, which are discussed in detail in this document:
- Application Lists (Optional)—Help gather application summary statistics.
- Global Sampling (Optional)—For random sampling of packets.
- Profiles—Can be attached to a particular circuit or collector object.
- Collector—Objects that define access to external collectors.
1.5 Application Lists
Defining application lists allows you to classify the IP traffic that is being sent over the SmartEdge router, for example Telnet, FTP, HTTP, SMTP, and BGP. Applications, based on IP protocol number and port number, may be defined within these application lists, providing the flexibility in the definition of the applications you want to monitor.
For every IP protocol, the following statistics per application are displayed:
- Total Flows: Number of flows in the cache for this application since the last time the statistics were cleared.
- Flows/Sec: Average number of flows per second for this application.
- Packets/Flow: Average number of packets per flow for this application.
- Bytes/Pkt: Average number of bytes per packet for this application.
- Packets/Sec: Average number of packets per second for this application.
- Active(Sec)/Flow Average number of seconds that a flow was active for this application before it was expired.
- Idle(Sec)/Flow: Average number of seconds that a flow was idle for this application before it was expired.
1.6 RFlow Configuration Process
The RFlow configuration process consists of the following main steps:
- Define and configure application lists.
- Define and configure sampling.
- Create and configure an RFlow profile
- Configure access to one or more external collectors
- Enable RFlow on an individual circuit
Before being able to enable RFlow features to collect meaningful data on flows that you are interested in monitoring, you can define application lists and the global sampling interval.
You enable RFlow on an individual circuit by creating an RFlow profile and then applying that RFlow profile to the desired circuit. An individual circuit can support a single profile only, but the same profile can be applied to multiple circuits. A circuit must be bound to an IP interface for RFlow to operate properly. RFlow is currently supported on the following types of bound circuits:
- Physical ports
- 802.1Q circuits
- 802.1QinQ circuits
- Access link group circuits
- Subscriber circuits
You configure an RFlow profile in global configuration mode, independent of any context. You can attach a single profile to multiple external collectors in different contexts.
You can configure the following fields in the RFlow profile:
- Profile name—Unique name that identifies an RFlow profile. When you create a new RFlow profile name, that name is mapped to an internally created hexadecimal identifier.
- Active timeout—Number of seconds after which a long-lived flow is considered complete (expired) and a flow record is created and exported to the external collector.
- Inactive timeout—Number of seconds after which a flow that does not have any current activity on it is considered complete (expired) and a flow record is created and exported to the external collector.
- Aggregation cache size—Maximum number of entries that can be stored in the aggregation cache at a given time.
- Application list—Enable/Disable application summary statistics accounting for circuits using this profile. By default application summary statistics accounting is disabled.
- Sampling—Enable/Disable random packet sampling for circuits using this profile. By default sampling is disabled.
The RFlow configuration process is described in detail in the Section 2 section.
1.7 Data Collection in RFlow Caches
The RFlow caches are databases that store RFlow information. Each RFlow profile has a cache attached to it. The caches store flow information until that flow is aged (expires). A flow is considered aged under the following circumstances:
- The inactivity time expires—No packets belonging to that flow have passed the observation point before the specified time-out period.
- The active time expires—Flow records are exported when the specified time-out period expires. You can configure the active time-out period.
- The end of a flow is detected by the exporter. For example, when a Transmission Control Protocol (TCP) flow receives a TCP reset (RST) or finished (FIN) flag. The TCP RST flag indicates that the remote host has reset the connection due to a rejected request to establish a connection. The FIN flag appears when the last packets are exchanged over an established connection.
- Flow counter overflows—The number of packets or bytes received overflows the flow counters.
- Fast aging—Flows are aged when the XCRP buffer is out of memory or when the cache is deleted.
There are two RFlow caches: the Level 1 cache and the Level 2 cache.
The Level 1 cache is on a traffic card and compiles the flow information into a flow record before the flow expires. The flow remains in the Level 1 cache until it is aged, after which it is sent to the Level 2 cache.
The Level 2 cache is on the XCRP Controller card. The Level 2 cache is organized as a hash table based on the key fields used to capture the packets in a flow. When the flow expires in the L2 cache, the flow record is exported to the external collector, from which you can access various types of flow information.
You can view RFlow data in the output using the show flow collector command.
- Note:
- There is one Level 1 and Level 2 cache for each RFlow profile in a context. If the same RFlow profile is attached to different circuits in multiple contexts, that RFlow profile has a different, unique Level 1 and Level 2 cache for each context.
1.8 Exporting Flow Data
If an external collector is configured for RFlow, then flow records are exported to that external collector when a flow is terminated in the Level 2 cache. The export entity uses Cisco Systems NetFlow export format version 5 (v5) to export flow records. In the export v5 format, RFlow flow records are made up of a header and a sequence of flow data fields.
Table 1 describes the flow header key fields supported in the v5 export format.
Field |
Description |
---|---|
version |
Export format used to send flow records to the external collector. In this release, only v5 formatting is supported. |
count |
Number of records in the PDU. |
sys-uptime |
Number of milliseconds that have passed since the router last booted. |
secs |
Number of seconds that have passed since 0000 Coordinated Universal Time (UTC) 1970, which is when the packet left the exporter. |
nsecs |
Number of residual nanoseconds that have passed since 0000 UTC 1970. |
flow_seq |
Sequence number maintained per external collector; represents the total number of flows received by the external collector. |
exp_id |
Unique identifier for the export source. |
Table 2 describes the flow record fields supported in the v5 export format.
Field |
Description |
---|---|
Source address |
Source IP address from which this flow originated. |
Destination Address |
Destination IP address for this flow. |
Nextop (ingress) |
IPv4 address of the next-hop BGP router. |
Input |
SNMP ifIndex where the packet is being exported to. |
Output |
SNMP ifIndex from which the packet is being exported. |
Packets |
Number of packets sent in a flow. |
Bytes |
Number of bytes sent in a flow. |
srcport |
Layer 4 source port number. |
dstport |
Layer 4 destination port number. |
pad1 |
Unused (zero) byte. |
TCP Flags |
Cumulative number of TCP flags. |
tos |
IP type-of-service byte. |
src_AS |
BGP autonomous system (AS) source address. |
dst_AS |
BGP AS destination address. |
Source mask (for ingress flows only) |
Source IPv4 mask address from which the packet was exported. |
Destination mask (for ingress flows only) |
Destination IPv4 mask address to which the packet is being exported. |
pad2 |
Number of unused (zero) bytes. |
- Note:
- Up to 30 flow records can be bundled in version 5 export format for transport to the external collector.
1.9 RFlow External Collector Configuration and Management
An external collector is a server that assembles exported flows and aggregates them to produce reports used for traffic and security analysis. After the L2 cache compiles RFlow export data into a flow record, the export entity exports the record to one or more external collectors. Each external collector resides in a chosen location in the network and is independent of the SmartEdge router.
- Note:
- To configure an external collector, see the documentation for the product on which you want to locate the collector.
On the SmartEdge router, you must configure access to the external collector. An external collector can be accessed by any IP interface through which the destination IP address of the external collector can be reached. The IP address of the external collector and the port through which it is listening must also be configured on the ingress router so that the router knows where to export flow reports.
You configure SmartEdge router access to the external collector in an individual context. For redundancy, you can configure access to two or more external collectors in the same context.
A single external collector can have multiple RFlow profiles attached to it. An external collector can be attached to an RFlow profile that is attached to circuits that are bound to interfaces across multiple contexts.
To access the external collector, you must configure the following parameters:
- An IP address for the external collector. This is the destination to which the RFlow records are exported.
- The destination port for the external collector. This specifies the port that receives the exported RFlow record.
- The export version for the data. This determines the type of formatting used for the exported flow records. Currently, only export version 5 formatting is supported.
- The transport protocol used to export records to the external collector. In this release, only UDP is supported.
- The name of an RFlow profile that is bound to a circuit or circuits. Flows that are received on those circuits are compiled into records that are exported to a designated external collector. A collector can receive flows from multiple profiles.
Use the show flow ip cache dump command to view the flow records for the local SmartEdge router.
- Note:
- Flow data is still stored in the RFlow caches for the lifetime of the flow. You can use this data to monitor local flows only. When a flow expires, the data for the flow is no longer available.
1.10 Understanding Contexts in RFlow Configuration
Before configuring RFlow, you must understand the differences between the following contexts:
- The context of a flow. This is the context in which
you bind a circuit to the interface that carries the flows you want
to export to the external collector. To enable a circuit for RFlow,
you need to apply an RFlow profile to that circuit.
To export the flow records to an external collector, you need to:
- configure access to the external collector in the context
of the flow. In this document, this step is referred to as “collector
configuration.”
- Note:
- Collector configuration needs to be done in each context for which you want flow records to be exported.
- reference the RFlow profile in the collector configuration within the context of the flow.
- configure access to the external collector in the context
of the flow. In this document, this step is referred to as “collector
configuration.”
- The context from which the external collector is reachable. This can be any context. Flow records pertaining to one context may be exported to an external collector that is reachable from a different context. Use the ip-address command in flow collector configuration mode to configure the context from which the external collector can be reached.
If an RFlow profile is attached to three circuits in three different contexts, then a collector receives flow records only from those circuits for which there is a collector configuration in the context of the flows. In other words, if the collector is configured in one context only, the external collector receives flow records only from the circuit that is configured in that same context, and not from the other two circuits because their flows are in different contexts.
- Note:
- For more information about creating and configuring an Rflow profile, see RFlow Configuration Process. To create and configure an RFlow profile, see Create and Configure an RFlow Profile.
In the following example, the profile p15 is applied to the circuit:
[local]Redback# configure [local]Redback(config)# port ethernet 7/1 [local]Redback(config-port)# bind interface if1_1 context ctx-blue [local]Redback(config-port)# flow apply ip profile p15 in [local]Redback(config-port)# exit [local]Redback(config)# port ethernet 4/3 [local]Redback(config-port)# bind interface if2_2 context ctx-red [local]Redback(config-port)# flow apply ip profile p15 in
In the next part of the example, an external collector called collect-blue is configured to receive flows from the circuit 7/1:
[local]Redback# configure [local]Redback(config)# context ctx-blue [local]Redback(config-ctx)# flow collector collect-blue [local]Redback)(config-flow-collector)# ip-address 10.12.209.8 context ctx-blue [local]Redback)(config-flow-collector)# ip profile p15
Even though the p15 RFlow profile is applied to circuits 7/1 and 4/3, the collect-blue collector only receives the flow records from circuit 7/1 because collect-blue was configured in the ctx-blue context.
1.11 Command Mode Hierarchy
Command modes exist in a hierarchy; that is, you must access the higher-level command mode before you can access a lower-level command mode in the same chain.
Figure 1 shows the hierarchy of the command modes used to configure RFlow features.
Table 3 lists the command modes (in alphabetical order) relevant to RFlow features. It includes the commands that enable access to each mode and the command-line prompt for each mode.
Mode Name |
Commands Used to Access |
Command-Line Prompt |
---|---|---|
context |
context command from global configuration mode |
(config-ctx)# |
dot1q PVC |
dot1q pvc command from port configuration mode |
(config-dot1q-pvc)# |
exec |
(user logon) |
# or > |
flow collector |
flow collector command from context configuration mode |
(config-flow-collector)# |
flow ip application-list |
flow ip application-list command from global configuration mode |
(config-flow-ip-app-list)# |
flow ip sampling |
flow ip sampling command from global configuration mode |
(config-flow-ip-sampling)# |
flow IP profile |
flow ip profile command from global configuration mode |
(config-flow-ip-profile)# |
flow ip application |
application command from the flow ip application-list configuration mode |
(config-flow-ip-application)# |
global |
configure command from exec mode |
(config)# |
port |
port ethernet command from global configuration mode |
(config-port)# |
link-group |
link-group command from global configuration mode |
(config-link-group)# |
subscriber |
subscriber command from global configuration mode |
(config-sub)# |
2 RFlow Configuration
To configure RFlow, perform the following steps:
- Configure application list (optional)
- Configure global sampling interval (optional)
- Configure an RFlow profile
- Configure access to an external collector
- Enable RFlow on an individual circuit by applying an RFlow profile to it
These tasks are described in detail in the sections that follow.
2.1 Prerequisites
Be sure the following prerequisites are met before configuring RFlow on your router:
- Your router is configured for IP routing.
- Your router has enough memory and CPU bandwidth available to support RFlow.
2.2 Configure Application Lists
To define an application list, perform the tasks in Table 4.
Step # |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
— |
2. |
Define a flow IP application list and enter an application list name. |
flow ip application-list application-list-name |
Replace the application-list-name with a name you want to call your application list . Your prompt will change to config-flow-ip-app-list. |
3. |
From the config-flow-ip-app-list mode, enter application and choose an application-name. |
application application-name |
The application name you choose will contain the IP protocol names and their protocol ID and port number information that you will provide as part of the next step. The tasks that follow will allow you to create multiple lists for statistical data collection on IP protocols. |
4. |
Configure a protocol. |
protocol |
— |
5. |
Configure a port number or a port number range, |
port port-number |
— |
6. |
Save the configuration. |
commit |
— |
2.3 Configure a Global Sampling Interval
To collect flow statistics based on random sampling, you can enable sampling on a global level.
To enable sampling, perform the tasks in Table 5. By default, sampling is disabled for every RFlow profile. To enable sampling for an RFlow profile, refer to Section 2.4.
Step # |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
|
2. |
(Optional) Enter flow IP sampling configuration mode. |
flow ip sampling |
Your prompt will include config-flow-ip-sampling. |
3. |
Specify the packet interval. |
packet-interval packet-interval |
Replace packet-interval with the interval you want. The range for this interval is 1 to 16383 packets. |
4. |
Save the configuration. |
commit |
2.4 Configure an RFlow Profile
This section describes how to create and configure an RFlow profile using the default configuration values, as described in Table 6.
Parameter |
Default |
Command Used to Modify Default Setting |
---|---|---|
Active time-out setting for flows using the profile, in seconds |
1800 seconds (30 minutes) |
active-timeout |
Inactive time-out setting for flows using the profile, in seconds |
5 seconds |
inactive-timeout |
Maximum number of entries in the aggregation cache for flows that use a profile |
4096 |
aggregation-cache-size |
Application list that you will enable using this profile. |
No application summary statistics will be gathered. |
application-list |
Sampling that you will enable using this profile. |
Sampling will remain disabled |
sampling |
To create and configure an RFlow profile, perform the tasks in Table 7.
Step # |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
— |
2. |
Create a flow IP profile and enter flow IP profile configuration mode. |
flow ip profile profile-name |
Replace profile-name with a name that identifies your IP profile. |
3. |
Save the configuration. |
commit |
— |
4. |
Verify your IP profile configuration. |
show flow ip profile and show flow ip profile profile-name |
Replace profile-name with the name of the RFlow profile you created in Step 2. |
2.4.1 Modify the Default Configuration in an RFlow Profile
To modify the default configuration in an RFlow profile, perform the tasks in Table 8.
Step # |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
— |
2. |
Enter flow IP profile configuration mode for a specified IP profile. |
flow ip profile profile-name |
Replace profile-name with the name of the IP profile you want to modify. |
3. |
Configure the active time-out setting for flows that use this profile, in seconds. |
active-timeout timeout-value |
Replace the timeout-value argument with the number of seconds after which a flow is considered aged (expired) and a flow record is created and exported to the external collector. Range is from 15 to 1800 seconds. |
4. |
Configure the inactive time-out setting for flows that use this profile, in seconds. |
inactive-timeout timeout-value |
Replace the timeout-value argument with the number of seconds after which a flow which exceeds the time-out value you set for being inactive is considered aged (expired) and a flow record is created and exported to the external collector. Range is from 1 to 10 seconds. |
5 |
Configure aggregation cache size for flows that use this profile. |
aggregation-cache-size number-of-entries |
Replace number-of-entries with the maximum number of entries that can be stored in the aggregation cache at one time. This determines how much information is reported when the you access the RFlow data. Range is from 1024 through 32768 entries. To ensure optimal RFlow performance, we recommend setting the aggregation cache size to a number that is a power of 2; for example, 8192. |
6. |
(Optional) Enable the application list to gather IP protocol summary statistics. Specify the application list name that you defined at the global level. If no name is specified, the system default application list information will be displayed. |
application-list application list name |
Enable the application list so that you can gather summary statistics for the applications that you wish to monitor. RFlow will report application summary statistics per cache, since each cache will maintain its own set of application statistics. Application statistics will be maintained only if you enable the application list for this profile. If you do not enable application list, no application statistics will be gathered. |
7. |
(Optional) Enable sampling. |
sampling |
Sampling packet interval is defined at the global level. During profile configuration, you are merely enabling sampling. By default, sampling is disabled if you do not explicitly enable it. |
8. |
Save the configuration. |
commit |
— |
9. |
Verify your IP profile configuration. |
show flow ip profile and show flow ip profile profile-name |
Replace profile-name with the name of the RFlow profile you created in Step 2. |
2.5 Configure Access to an External Collector
This section describes how to configure access to an external collector using the default configuration described in Table 9.
Parameter |
Default |
Command Used to Modify Default Setting |
---|---|---|
ip-address |
No collector receives exported flow records from the SmartEdge router. |
ip-address |
port |
9997 |
port |
export version |
v5 |
export-version |
profile |
No profile is attached to the collector. |
ip profile |
transport-protocol |
UDP |
transport-protocol udp |
- Note:
- Before you can configure access to an external collector, you need to create an external collector in your system as described the documentation for the product on which you want to locate the collector.
Be aware that exporting flow records can require a lot of bandwidth. We recommend directly attaching the external collector to:
- A high-bandwidth interface that is connected to a SmartEdge router.
- A local network that has enough bandwidth to support the exporting of flow records.
Perform the tasks in Table 10 to configure access to an external collector using the default configuration. Table 10 describes the minimal tasks required to configure access to an external collector; to modify the default external collector access settings, see Modify the Default External Collector Access Configuration.
Step # |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
— |
2. |
Enter context configuration mode. |
context ctx-name |
Replace the ctx-name argument with the name of the context that owns the flows that will be exported to the external collector. This is the same context you configure in the bind interface command when statically binding a port or permanent virtual circuit (PVC) to the interface whose flows you want to export. |
3. |
Enter flow collector configuration mode for an external collector. |
flow collector collector-name |
Replace the collector-name argument with the name of the external collector to which you want to export flow records. |
4. |
Enable an external collector to receive exported flow records from circuits where RFlow is enabled. |
ip-address ip-v4-address contextcontext-name |
Replace the ip-v4-address argument with the IP address for external collector, in the form A.B.C.D. Replace the context-name argument with the name of the context that hosts the IP address for accessing this collector. |
5. |
Save the configuration. |
commit |
— |
6. |
Verify your external collector configuration. |
show flow collector collector-name |
Replace collector-name with the name of the external collector you configured in Step 3. |
2.5.1 Modify the Default External Collector Access Configuration
To modify the default configuration values for external collector access, perform the tasks described in Table 11.
Step # |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
— |
2. |
Enter context configuration mode. |
context ctx-name |
Replace the ctx-name argument with the name of the context that owns the flows that will be exported to the external collector. This is the same context you configure in the bind interface command when statically binding a port or permanent virtual circuit (PVC) to the interface whose flows you want to export. |
3. |
Enter flow collector configuration mode. |
flow collector collector-name |
Replace collector-name with the name of the external collector you want to access. |
4. |
Configure a port on an external collector to listen for flow records from the SmartEdge router . |
port destination-port |
Replace the destination-port argument with a number that identifies the port on which the external collector receives exported flows. Range is from 1 through 16384. |
5. |
Specify the export format used to send flow records to the external collector. |
export-version v5 |
The export version determines the fields included in the flow record. In this release, v5 (version 5) is the only supported export version |
6. |
Attach a flow profile to the external collector. |
ip profile profile-name |
Replace the profile name argument with the name of the IP profile you want to attach to this external collector. You can add up to 10 profiles per collector. |
7. |
Configure the transport protocol for the flow records to be UDP. |
transport-protocol udp |
In this release, UDP is the only supported transport protocol for the flow records |
8. |
Save the configuration. |
commit |
— |
9. |
Verify your external collector configuration. |
show flow collector collector-name |
Replace the collector-name argument with the name of the configured external collector that you want to verify. |
2.6 Enable RFlow on a Circuit
To enable RFlow on a circuit, perform the tasks in Table 12.
Step # |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
— |
2. |
Enter port configuration mode for the specified port. |
port type slot/port |
Replace the type argument with the type of port on which you want to enable RFlow. Replace slot/port with the chassis slot number of the traffic card that hosts the port and the traffic card port number. |
3. |
(Optional) Enter dot1q PVC configuration mode for the specified PVC. |
dot1q pvc options |
Replace the options argument with the required syntax for the type of dot1Q PVC that you are configuring. Perform this step only if you want to enable RFlow or a dot1Q PVC. |
4. |
Attach a specified RFlow profile to a circuit. |
flow apply ip profile profile-name {in | out | both} |
Apply the profile in the desired direction by choosing one of the following keywords:
The physical circuit must be bound to an IP interface for flow accounting to work properly. |
5. |
Save the configuration. |
commit |
— |
6. |
Verify that RFlow is enabled on a circuit. |
show flow ip circuit and show flow ip circuit circuit-id |
Replace the circuit-id argument with the appropriate circuit identifier. |
2.7 Enable RFlow on a Link-Group Circuit
To enable RFlow on a link-group circuit, perform the tasks in Table 13. For more information on link groups, refer to Configuring Link Aggregation
Step |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
— |
2. |
Enter link-group configuration mode. (Optional) Enter the economical optional keyword. |
link-group link-group-name access economical |
Replace the link-group-name argument with the link-group circuit on which you want to enable RFlow. In the economical model, the standby port will not have all the resources pre-provisioned. Instead, the resources will be allocated on the standby port when it becomes active. |
3. |
(Optional) Enter dot1q PVC configuration mode for the specified PVC. |
encapsulation dot1q |
— |
4. |
(Optional) Continue in dot1q PVC configuration mode for the specified PVC. |
dot1q pvc options |
Replace the options with the VLAN associated with the dot1Q PVC. Perform this step only if you want to enable RFlow on a dot1Q PVC. |
5. |
Attach a specified RFlow profile to a circuit. |
flow apply ip profile profile-name {in | out | both} |
Apply the profile in the required direction by choosing one of the following keywords:
The access link group circuit must be bound to an IP interface for flow accounting to work properly. |
5. |
Save the configuration. |
commit |
— |
6. |
Verify that RFlow is enabled on the access link group circuit. |
show flow ip circuit and show flow ip circuit circuit-id |
Replace the circuit-id argument with the appropriate link-group circuit identifier. |
2.8 Enable RFlow on a Subscriber Circuit
To enable RFlow on a subscriber circuit, perform the tasks in Table 14. For more information on subscriber circuits, refer to Configuring Subscribers
Step |
Task |
Command |
Notes |
---|---|---|---|
1. |
Enter global configuration mode. |
configure |
— |
2. |
Enter context configuration mode. |
context ctx-name or context local |
Replace the ctx-name either with a named context to configure. If you want to configure the local context, specify the local keyword. Your prompt will include config-ctx. |
3. |
Enter subscriber configuration mode |
subscriber default, subscriber, subscriber-name or subscriber profile, profile-name |
Replace the subscriber-name argument with the name of individual subscriber accounts, and profile-name with a named subscriber profile. Your prompt will include config-sub. |
4. |
Attach a specified RFlow profile to a subscriber circuit. |
flow apply ip profile profile-name {in | out | both} |
Apply the profile in the required direction by choosing one of the following keywords:
The subscriber circuit must be bound to an IP interface for flow accounting to work properly. |
5. |
Save the configuration. |
commit |
— |
6. |
Verify that RFlow is enabled on a subscriber circuit. |
show subscribers active all |
3 Example: Configuring RFlow
The following example shows a simple RFlow configuration. Two RFlow profiles are created: p1 and p2. An external collector called c1 is configured to monitor both profiles. The profile called p1 is attached to a VLAN, and the profile called p2 is attached to a PVC. When the profiles are attached to the VLAN and PVC circuits, RFlow is enabled on those circuits.
Create an RFlow profile called p1:
[local]Redback# configure [local]Redback(config)# flow ip profile p1 [local]Redback(config-flow-ip-profile)# active-timeout 1000 [local]Redback(config-flow-ip-profile)# inactive-timeout 10 [local]Redback(config-flow-ip-profile)# aggregation-cache-size 8192
Create an RFlow profile called p2, running in the default mode:
[local]Redback# configure [local]Redback(config)# flow ip profile p2
Configure access to an external collector called c1:
[local]Redback# configure [local]Redback(config)# context rflow [local]Redback(config-ctx)# flow collector c1 [local]Redback)(config-flow-collector)# ip-address 10.12.209.7 context rflow1 [local]Redback)(config-flow-collector)# port 9997 [local]Redback)(config-flow-collector)# export-version v5 [local]Redback)(config-flow-collector)# transport-protocol udp [local]Redback)(config-flow-collector)# ip profile p1 [local]Redback)(config-flow-collector)# ip profile p2
Apply the profile p1 to the dot1q PVC 100 circuit on port 4/1:
[local]Redback# configure [local]Redback(config)# port ethernet 4/1 [local]Redback(config-port)# no shutdown [local]Redback(config-port)# encapsulation dot1q [local]Redback(config-port)# dot1q pvc 100 [local]Redback(config-dot1q-pvc)# bind interface if1_1 local [local]Redback(config-dot1q-pvc)# flow apply ip profile p1 in
Apply the profile p2 to dot1q PVC 100:
[local]Redback# configure [local]Redback(config)# port ethernet 4/1 [local]Redback(config)# dot1q pvc 100 [local]Redback(config-dot1q-pvc)# encapsulation 1qtunnel [local]Redback(config-dot1q-pvc)# bind interface if1_2 local [local]Redback(config-dot1q-pvc)# flow apply ip profile p2 out
Apply the profile p1 to an access link group circuit called lg1:
[local]Redback# configure [local]Redback(config)# link-group lg1 access economical [local]Redback(config-link-group)# no shutdown [local]Redback(config-link-group)# encapsulation dot1q [local]Redback(config-link-group)# bind interface if1_1 local [local]Redback(config-link-group)# flow apply ip profile p1 in
Apply the profile p2 to a link-group level-2 circuit:
[local]Redback# configure [local]Redback(config)# link-group lg2 access economical [local]Redback(config-link-group)# encapsulation dot1q [local]Redback(config-link-group)# dot1q pvc 100 [local]Redback(config-dot1q-pvc)# bind interface if1_2 local [local]Redback(config-dot1q-pvc)# flow apply ip profile p2 out
Defining an application list and specifying an application list name called app-list1. Defining an application name and the protocol ID and port number for TCP.
[local]Redback# configure [local]Redback(config)# flow ip application-list app-list1 [local]Redback(config-flow-ip-app-list)# application app1 [local]Redback(config-flow-ip-app)# protocol tcp port 25
Defining global sampling packet interval and indicating a packet interval of 100:
[local]Redback# configure [local]Redback(config)# flow ip sampling [local]Redback(config-flow-ip-sampling)# packet-interval 100
Enabling an application list and sampling for the profile p1:
[local]Redback# configure [local]Redback(config)# flow ip profile p1 [local]Redback(config-flow-ip-profile)# application-list [local]Redback(config-flow-ip-profile)# sampling