SYSTEM ADMINISTRATOR GUIDE     78/1543-CRA 119 1170/1-V1 Uen B    

Configuring RFlow

© Ericsson AB 2009–2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

SmartEdge is a registered trademark of Telefonaktiebolaget LM Ericsson

Contents

1Overview
1.1RFlow Rules and Restrictions
1.2Definition of a Flow
1.3Life Cycle of a Flow
1.4RFlow Objects
1.5Application Lists
1.6RFlow Configuration Process
1.7Data Collection in RFlow Caches
1.8Exporting Flow Data
1.9RFlow External Collector Configuration and Management
1.10Understanding Contexts in RFlow Configuration
1.11Command Mode Hierarchy

2

RFlow Configuration
2.1Prerequisites
2.2Configure Application Lists
2.3Configure a Global Sampling Interval
2.4Configure an RFlow Profile
2.5Configure Access to an External Collector
2.6Enable RFlow on a Circuit
2.7Enable RFlow on a Link-Group Circuit
2.8Enable RFlow on a Subscriber Circuit

3

Example: Configuring RFlow


1   Overview

This document describes the SmartEdge® RFlow application.

Redback Flow (RFlow) runs on the SmartEdge router and is used to collect IP traffic information. The traffic information is compiled in a record that contains a variety of information about the traffic in a flow. This flow record helps you to understand data traffic in your network so you can optimize the following:

RFlow comprises the following three main components:

Note:  
An external IPFIX collector is required to view network-wide IP flows. However, you do not need to configure an external collector in your system if you only want to see system-specific flow information. If you do not configure an external collector, flow data is stored in the RFlow caches for the lifetime of the flow, but that data is never exported from the SmartEdge router to an external collector. Flow data that is not exported to an external collector is available only until the flow expires. You can use this flow data if you want to monitor only local flows.

1.1   RFlow Rules and Restrictions

RFlow is not supported on the following controller cards:

Exporting flow records can require significant bandwidth. Ericsson recommends directly attaching the external collector to one of the following:

A flow admission control (FAC) profile is required for RFlow to function properly. If a preexisting FAC profile is attached to a circuit where RFlow is enabled, then the FAC profile is used for RFlow provisioning. If there is no FAC profile applied to a circuit, then the default FAC profile is automatically applied to that circuit. For more information about FAC profiles, see Configuring Flow Admission Control.

1.2   Definition of a Flow

A flow is a sequence of IP packets with common properties that traverse a specific reference point on a network during a specific interval. The reference point is called an RFlow observation domain, and the common properties used to define a flow are called key fields. The key fields are fixed and cannot be changed when exported in V5 format. The following key fields are used to capture the packets in a flow:

Packets with header values that match the key fields are considered part of the same flow. A packet is considered part of a different flow if any one of the key field values does not match that of the other packets in a flow.

An RFlow observation domain is made up of a set of bound interface circuits that are located on traffic cards. When a flow passes through the observation domain, information is collected for that flow until the flow expires because the inactive or active time-out period passes or the aggregation cache is full. When the flow expires, the information collected from the flow is exported to a record on an external collector. You can then use the information in the record to manage and optimize the network.

1.3   Life Cycle of a Flow

The traffic cards monitor flows on circuits where RFlow is enabled and configured. You can enable RFlow on a circuit by applying an a RFlow profile. Once RFlow is enabled, the flow life cycle is as follows:

  1. The flow passes the configured observation point on the traffic card and a new Flow Control Block (FCB) is created for the flow. At this stage, the flow is called a microflow. On the traffic card, the main RFlow cache tracks the packet count, byte count, first packet, last packet, and expiration for each flow.
  2. After the inactive or active time-out period passes, the flow expires (is aged) and is sent to a Level 1 cache on a traffic card. In addition to flow aging, the L1 cache also obtains routing information from the Forwarding Information Base (FIB) tables.
  3. After the flow expires (is aged) in the L1 cache, it is sent to the Level 2 cache on the XCRP. Multiple flows can be aggregated into a single L2 cache entry if they share the same key fields.
  4. After the flow expires (is aged) in the L2 cache, the information for that flow is compiled into a record.
  5. The export entity exports the record to one or more external collectors, and the L2 cache entry for the flow is deleted.

For more information about Level 1 and Level 2 caches, see Data Collection in RFlow Caches.

1.4   RFlow Objects

Rflow consists of the following objects, which are discussed in detail in this document:

1.5   Application Lists

Defining application lists allows you to classify the IP traffic that is being sent over the SmartEdge router, for example Telnet, FTP, HTTP, SMTP, and BGP. Applications, based on IP protocol number and port number, may be defined within these application lists, providing the flexibility in the definition of the applications you want to monitor.

For every IP protocol, the following statistics per application are displayed:

1.6   RFlow Configuration Process

The RFlow configuration process consists of the following main steps:

  1. Define and configure application lists.
  2. Define and configure sampling.
  3. Create and configure an RFlow profile
  4. Configure access to one or more external collectors
  5. Enable RFlow on an individual circuit

Before being able to enable RFlow features to collect meaningful data on flows that you are interested in monitoring, you can define application lists and the global sampling interval.

You enable RFlow on an individual circuit by creating an RFlow profile and then applying that RFlow profile to the desired circuit. An individual circuit can support a single profile only, but the same profile can be applied to multiple circuits. A circuit must be bound to an IP interface for RFlow to operate properly. RFlow is currently supported on the following types of bound circuits:

You configure an RFlow profile in global configuration mode, independent of any context. You can attach a single profile to multiple external collectors in different contexts.

You can configure the following fields in the RFlow profile:

The RFlow configuration process is described in detail in the Section 2 section.

1.7   Data Collection in RFlow Caches

The RFlow caches are databases that store RFlow information. Each RFlow profile has a cache attached to it. The caches store flow information until that flow is aged (expires). A flow is considered aged under the following circumstances:

There are two RFlow caches: the Level 1 cache and the Level 2 cache.

The Level 1 cache is on a traffic card and compiles the flow information into a flow record before the flow expires. The flow remains in the Level 1 cache until it is aged, after which it is sent to the Level 2 cache.

The Level 2 cache is on the XCRP Controller card. The Level 2 cache is organized as a hash table based on the key fields used to capture the packets in a flow. When the flow expires in the L2 cache, the flow record is exported to the external collector, from which you can access various types of flow information.

You can view RFlow data in the output using the show flow collector command.

Note:  
There is one Level 1 and Level 2 cache for each RFlow profile in a context. If the same RFlow profile is attached to different circuits in multiple contexts, that RFlow profile has a different, unique Level 1 and Level 2 cache for each context.

1.8   Exporting Flow Data

If an external collector is configured for RFlow, then flow records are exported to that external collector when a flow is terminated in the Level 2 cache. The export entity uses Cisco Systems NetFlow export format version 5 (v5) to export flow records. In the export v5 format, RFlow flow records are made up of a header and a sequence of flow data fields.

Table 1 describes the flow header key fields supported in the v5 export format.

Table 1    Version 5 Export Format Header Fields

Field

Description

version

Export format used to send flow records to the external collector. In this release, only v5 formatting is supported.

count

Number of records in the PDU.

sys-uptime

Number of milliseconds that have passed since the router last booted.

secs

Number of seconds that have passed since 0000 Coordinated Universal Time (UTC) 1970, which is when the packet left the exporter.

nsecs

Number of residual nanoseconds that have passed since 0000 UTC 1970.

flow_seq

Sequence number maintained per external collector; represents the total number of flows received by the external collector.

exp_id

Unique identifier for the export source.

Table 2 describes the flow record fields supported in the v5 export format.

Table 2    Version 5 Export Flow Record Fields

Field

Description

Source address

Source IP address from which this flow originated.

Destination Address

Destination IP address for this flow.

Nextop (ingress)

IPv4 address of the next-hop BGP router.

Input

SNMP ifIndex where the packet is being exported to.

Output

SNMP ifIndex from which the packet is being exported.

Packets

Number of packets sent in a flow.

Bytes

Number of bytes sent in a flow.

srcport

Layer 4 source port number.

dstport

Layer 4 destination port number.

pad1

Unused (zero) byte.

TCP Flags

Cumulative number of TCP flags.

tos

IP type-of-service byte.

src_AS

BGP autonomous system (AS) source address.

dst_AS

BGP AS destination address.

Source mask (for ingress flows only)

Source IPv4 mask address from which the packet was exported.

Destination mask (for ingress flows only)

Destination IPv4 mask address to which the packet is being exported.

pad2

Number of unused (zero) bytes.

Note:  
Up to 30 flow records can be bundled in version 5 export format for transport to the external collector.

1.9   RFlow External Collector Configuration and Management

An external collector is a server that assembles exported flows and aggregates them to produce reports used for traffic and security analysis. After the L2 cache compiles RFlow export data into a flow record, the export entity exports the record to one or more external collectors. Each external collector resides in a chosen location in the network and is independent of the SmartEdge router.

Note:  
To configure an external collector, see the documentation for the product on which you want to locate the collector.

On the SmartEdge router, you must configure access to the external collector. An external collector can be accessed by any IP interface through which the destination IP address of the external collector can be reached. The IP address of the external collector and the port through which it is listening must also be configured on the ingress router so that the router knows where to export flow reports.

You configure SmartEdge router access to the external collector in an individual context. For redundancy, you can configure access to two or more external collectors in the same context.

A single external collector can have multiple RFlow profiles attached to it. An external collector can be attached to an RFlow profile that is attached to circuits that are bound to interfaces across multiple contexts.

To access the external collector, you must configure the following parameters:

Use the show flow ip cache dump command to view the flow records for the local SmartEdge router.

Note:  
Flow data is still stored in the RFlow caches for the lifetime of the flow. You can use this data to monitor local flows only. When a flow expires, the data for the flow is no longer available.

1.10   Understanding Contexts in RFlow Configuration

Before configuring RFlow, you must understand the differences between the following contexts:

If an RFlow profile is attached to three circuits in three different contexts, then a collector receives flow records only from those circuits for which there is a collector configuration in the context of the flows. In other words, if the collector is configured in one context only, the external collector receives flow records only from the circuit that is configured in that same context, and not from the other two circuits because their flows are in different contexts.

Note:  
For more information about creating and configuring an Rflow profile, see RFlow Configuration Process. To create and configure an RFlow profile, see Create and Configure an RFlow Profile.

In the following example, the profile p15 is applied to the circuit:

[local]Redback# configure

[local]Redback(config)# port ethernet 7/1

[local]Redback(config-port)# bind interface if1_1 context ctx-blue

[local]Redback(config-port)# flow apply ip profile p15 in

[local]Redback(config-port)# exit

[local]Redback(config)# port ethernet 4/3

[local]Redback(config-port)# bind interface if2_2 context ctx-red

[local]Redback(config-port)# flow apply ip profile p15 in

In the next part of the example, an external collector called collect-blue is configured to receive flows from the circuit 7/1:

[local]Redback# configure

[local]Redback(config)# context ctx-blue

[local]Redback(config-ctx)# flow collector collect-blue

[local]Redback)(config-flow-collector)# ip-address 10.12.209.8 context ctx-blue

[local]Redback)(config-flow-collector)# ip profile p15 

Even though the p15 RFlow profile is applied to circuits 7/1 and 4/3, the collect-blue collector only receives the flow records from circuit 7/1 because collect-blue was configured in the ctx-blue context.

1.11   Command Mode Hierarchy

Command modes exist in a hierarchy; that is, you must access the higher-level command mode before you can access a lower-level command mode in the same chain.

Figure 1 shows the hierarchy of the command modes used to configure RFlow features.

Figure 1   Command Mode Hierarchy

Table 3 lists the command modes (in alphabetical order) relevant to RFlow features. It includes the commands that enable access to each mode and the command-line prompt for each mode.

Table 3    Command Modes and Prompts

Mode Name

Commands Used to Access

Command-Line Prompt

context

context command from global configuration mode

(config-ctx)#

dot1q PVC

dot1q pvc command from port configuration mode

(config-dot1q-pvc)#

exec

(user logon)

# or >

flow collector

flow collector command from context configuration mode

(config-flow-collector)#

flow ip application-list

flow ip application-list command from global configuration mode

(config-flow-ip-app-list)#

flow ip sampling

flow ip sampling command from global configuration mode

(config-flow-ip-sampling)#

flow IP profile

flow ip profile command from global configuration mode

(config-flow-ip-profile)#

flow ip application

application command from the flow ip application-list configuration mode

(config-flow-ip-application)#

global

configure command from exec mode

(config)#

port

port ethernet command from global configuration mode

(config-port)#

link-group

link-group command from global configuration mode

(config-link-group)#

subscriber

subscriber command from global configuration mode

(config-sub)#

2   RFlow Configuration

To configure RFlow, perform the following steps:

  1. Configure application list (optional)
  2. Configure global sampling interval (optional)
  3. Configure an RFlow profile
  4. Configure access to an external collector
  5. Enable RFlow on an individual circuit by applying an RFlow profile to it

These tasks are described in detail in the sections that follow.

2.1   Prerequisites

Be sure the following prerequisites are met before configuring RFlow on your router:

2.2   Configure Application Lists

To define an application list, perform the tasks in Table 4.

Table 4    Configuring Application Lists

Step #

Task

Command

Notes

1.

Enter global configuration mode.

configure

2.

Define a flow IP application list and enter an application list name.

flow ip application-list application-list-name

Replace the application-list-name with a name you want to call your application list .


Your prompt will change to


config-flow-ip-app-list.

3.

From the config-flow-ip-app-list mode, enter application and choose an application-name.

application application-name

The application name you choose will contain the IP protocol names and their protocol ID and port number information that you will provide as part of the next step. The tasks that follow will allow you to create multiple lists for statistical data collection on IP protocols.

4.

Configure a protocol.

protocol

5.

Configure a port number or a port number range,

port port-number

6.

Save the configuration.

commit

2.3   Configure a Global Sampling Interval

To collect flow statistics based on random sampling, you can enable sampling on a global level.

To enable sampling, perform the tasks in Table 5. By default, sampling is disabled for every RFlow profile. To enable sampling for an RFlow profile, refer to Section 2.4.

Table 5    Configuring Sampling

Step #

Task

Command

Notes

1.

Enter global configuration mode.

configure

 

2.

(Optional) Enter flow IP sampling configuration mode.

flow ip sampling

Your prompt will include


config-flow-ip-sampling.

3.

Specify the packet interval.

packet-interval packet-interval

Replace packet-interval with the interval you want. The range for this interval is 1 to 16383 packets.

4.

Save the configuration.

commit

 

2.4   Configure an RFlow Profile

This section describes how to create and configure an RFlow profile using the default configuration values, as described in Table 6.

Table 6    RFlow Profile Default Configuration Values

Parameter

Default

Command Used to Modify Default Setting

Active time-out setting for flows using the profile, in seconds

1800 seconds (30 minutes)

active-timeout

Inactive time-out setting for flows using the profile, in seconds

5 seconds

inactive-timeout

Maximum number of entries in the aggregation cache for flows that use a profile

4096

aggregation-cache-size

Application list that you will enable using this profile.

No application summary statistics will be gathered.

application-list

Sampling that you will enable using this profile.

Sampling will remain disabled

sampling

To create and configure an RFlow profile, perform the tasks in Table 7.

Table 7    Create and Configure an RFlow Profile

Step #

Task

Command

Notes

1.

Enter global configuration mode.

configure

2.

Create a flow IP profile and enter flow IP profile configuration mode.

flow ip profile profile-name

Replace profile-name with a name that identifies your IP profile.

3.

Save the configuration.

commit

4.

Verify your IP profile configuration.

show flow ip profile and show flow ip profile profile-name

Replace profile-name with the name of the RFlow profile you created in Step 2.

2.4.1   Modify the Default Configuration in an RFlow Profile

To modify the default configuration in an RFlow profile, perform the tasks in Table 8.

Table 8    Modify Default RFlow Profile Configuration Values

Step #

Task

Command

Notes

1.

Enter global configuration mode.

configure

2.

Enter flow IP profile configuration mode for a specified IP profile.

flow ip profile profile-name

Replace profile-name with the name of the IP profile you want to modify.

3.

Configure the active time-out setting for flows that use this profile, in seconds.

active-timeout timeout-value

Replace the timeout-value argument with the number of seconds after which a flow is considered aged (expired) and a flow record is created and exported to the external collector. Range is from 15 to 1800 seconds.

4.

Configure the inactive time-out setting for flows that use this profile, in seconds.

inactive-timeout timeout-value

Replace the timeout-value argument with the number of seconds after which a flow which exceeds the time-out value you set for being inactive is considered aged (expired) and a flow record is created and exported to the external collector. Range is from 1 to 10 seconds.

5

Configure aggregation cache size for flows that use this profile.

aggregation-cache-size number-of-entries

Replace number-of-entries with the maximum number of entries that can be stored in the aggregation cache at one time. This determines how much information is reported when the you access the RFlow data. Range is from 1024 through 32768 entries.


To ensure optimal RFlow performance, we recommend setting the aggregation cache size to a number that is a power of 2; for example, 8192.

6.

(Optional) Enable the application list to gather IP protocol summary statistics. Specify the application list name that you defined at the global level. If no name is specified, the system default application list information will be displayed.

application-list application list name

Enable the application list so that you can gather summary statistics for the applications that you wish to monitor. RFlow will report application summary statistics per cache, since each cache will maintain its own set of application statistics. Application statistics will be maintained only if you enable the application list for this profile. If you do not enable application list, no application statistics will be gathered.

7.

(Optional) Enable sampling.

sampling

Sampling packet interval is defined at the global level. During profile configuration, you are merely enabling sampling. By default, sampling is disabled if you do not explicitly enable it.

8.

Save the configuration.

commit

9.

Verify your IP profile configuration.

show flow ip profile and show flow ip profile profile-name

Replace profile-name with the name of the RFlow profile you created in Step 2.

2.5   Configure Access to an External Collector

This section describes how to configure access to an external collector using the default configuration described in Table 9.

Table 9    External Collector Access Default Configuration Values

Parameter

Default

Command Used to Modify Default Setting

ip-address

No collector receives exported flow records from the SmartEdge router.

ip-address

port

9997

port

export version

v5

export-version

profile

No profile is attached to the collector.

ip profile

transport-protocol

UDP

transport-protocol udp

Note:  
Before you can configure access to an external collector, you need to create an external collector in your system as described the documentation for the product on which you want to locate the collector.

Be aware that exporting flow records can require a lot of bandwidth. We recommend directly attaching the external collector to:

Perform the tasks in Table 10 to configure access to an external collector using the default configuration. Table 10 describes the minimal tasks required to configure access to an external collector; to modify the default external collector access settings, see Modify the Default External Collector Access Configuration.

Table 10    Create and Configure an External Collector Access (Default Values)

Step #

Task

Command

Notes

1.

Enter global configuration mode.

configure

2.

Enter context configuration mode.

context ctx-name

Replace the ctx-name argument with the name of the context that owns the flows that will be exported to the external collector.


This is the same context you configure in the bind interface command when statically binding a port or permanent virtual circuit (PVC) to the interface whose flows you want to export.

3.

Enter flow collector configuration mode for an external collector.

flow collector collector-name

Replace the collector-name argument with the name of the external collector to which you want to export flow records.

4.

Enable an external collector to receive exported flow records from circuits where RFlow is enabled.

ip-address ip-v4-address contextcontext-name

Replace the ip-v4-address argument with the IP address for external collector, in the form A.B.C.D.


Replace the context-name argument with the name of the context that hosts the IP address for accessing this collector.

5.

Save the configuration.

commit

6.

Verify your external collector configuration.

show flow collector collector-name

Replace collector-name with the name of the external collector you configured in Step 3.

2.5.1   Modify the Default External Collector Access Configuration

To modify the default configuration values for external collector access, perform the tasks described in Table 11.

Table 11    Modify the Default External Collector Access Configuration Values

Step #

Task

Command

Notes

1.

Enter global configuration mode.

configure

2.

Enter context configuration mode.

context ctx-name

Replace the ctx-name argument with the name of the context that owns the flows that will be exported to the external collector.


This is the same context you configure in the bind interface command when statically binding a port or permanent virtual circuit (PVC) to the interface whose flows you want to export.

3.

Enter flow collector configuration mode.

flow collector collector-name

Replace collector-name with the name of the external collector you want to access.

4.

Configure a port on an external collector to listen for flow records from the SmartEdge router .

port destination-port

Replace the destination-port argument with a number that identifies the port on which the external collector receives exported flows. Range is from 1 through 16384.

5.

Specify the export format used to send flow records to the external collector.

export-version v5

The export version determines the fields included in the flow record.


In this release, v5 (version 5) is the only supported export version

6.

Attach a flow profile to the external collector.

ip profile profile-name

Replace the profile name argument with the name of the IP profile you want to attach to this external collector.


You can add up to 10 profiles per collector.

7.

Configure the transport protocol for the flow records to be UDP.

transport-protocol udp

In this release, UDP is the only supported transport protocol for the flow records

8.

Save the configuration.

commit

9.

Verify your external collector configuration.

show flow collector collector-name

Replace the collector-name argument with the name of the configured external collector that you want to verify.

2.6   Enable RFlow on a Circuit

To enable RFlow on a circuit, perform the tasks in Table 12.

Table 12    Enable RFlow on a Circuit

Step #

Task

Command

Notes

1.

Enter global configuration mode.

configure

2.

Enter port configuration mode for the specified port.

port type slot/port

Replace the type argument with the type of port on which you want to enable RFlow. Replace slot/port with the chassis slot number of the traffic card that hosts the port and the traffic card port number.

3.

(Optional) Enter dot1q PVC configuration mode for the specified PVC.

dot1q pvc options

Replace the options argument with the required syntax for the type of dot1Q PVC that you are configuring.


Perform this step only if you want to enable RFlow or a dot1Q PVC.

4.

Attach a specified RFlow profile to a circuit.

flow apply ip profile profile-name {in | out | both}

Apply the profile in the desired direction by choosing one of the following keywords:


  • both—Applies the profile to the circuit in both the ingress and egress directions.

  • in—Applies the profile to the circuit in the ingress direction only.

  • out—Applies the profile to the circuit in the egress direction only.


The physical circuit must be bound to an IP interface for flow accounting to work properly.

5.

Save the configuration.

commit

6.

Verify that RFlow is enabled on a circuit.

show flow ip circuit and show flow ip circuit circuit-id

Replace the circuit-id argument with the appropriate circuit identifier.

2.7   Enable RFlow on a Link-Group Circuit

To enable RFlow on a link-group circuit, perform the tasks in Table 13. For more information on link groups, refer to Configuring Link Aggregation

Table 13    Enable RFlow on a Link-Group Circuit

Step

Task

Command

Notes

1.

Enter global configuration mode.

configure

2.

Enter link-group configuration mode.


(Optional) Enter the economical optional keyword.

link-group link-group-name access economical

Replace the link-group-name argument with the link-group circuit on which you want to enable RFlow. In the economical model, the standby port will not have all the resources pre-provisioned. Instead, the resources will be allocated on the standby port when it becomes active.

3.

(Optional) Enter dot1q PVC configuration mode for the specified PVC.

encapsulation dot1q

4.

(Optional) Continue in dot1q PVC configuration mode for the specified PVC.

dot1q pvc options

Replace the options with the VLAN associated with the dot1Q PVC. Perform this step only if you want to enable RFlow on a dot1Q PVC.

5.

Attach a specified RFlow profile to a circuit.

flow apply ip profile profile-name {in | out | both}

Apply the profile in the required direction by choosing one of the following keywords:


  • in—Applies the profile to the access link group circuit in the ingress direction only.

  • out—Applies the profile to the access link group circuit in the egress direction only.

  • both—Applies the profile to the access link group circuit in both the ingress and egress directions.


The access link group circuit must be bound to an IP interface for flow accounting to work properly.

5.

Save the configuration.

commit

6.

Verify that RFlow is enabled on the access link group circuit.

show flow ip circuit and show flow ip circuit circuit-id

Replace the circuit-id argument with the appropriate link-group circuit identifier.

2.8   Enable RFlow on a Subscriber Circuit

To enable RFlow on a subscriber circuit, perform the tasks in Table 14. For more information on subscriber circuits, refer to Configuring Subscribers

Table 14    Enable RFlow on a Subscriber Circuit

Step

Task

Command

Notes

1.

Enter global configuration mode.

configure

2.

Enter context configuration mode.

context ctx-name or context local

Replace the ctx-name either with a named context to configure. If you want to configure the local context, specify the local keyword.


Your prompt will include


config-ctx.

3.

Enter subscriber configuration mode

subscriber default, subscriber, subscriber-name or subscriber profile, profile-name

Replace the subscriber-name argument with the name of individual subscriber accounts, and profile-name with a named subscriber profile.


Your prompt will include


config-sub.

4.

Attach a specified RFlow profile to a subscriber circuit.

flow apply ip profile profile-name {in | out | both}

Apply the profile in the required direction by choosing one of the following keywords:


  • in—Applies the profile to the circuit in the ingress direction only.

  • out—Applies the profile to the circuit in the egress direction only.

  • both—Applies the profile to the circuit in both the ingress and egress directions.


The subscriber circuit must be bound to an IP interface for flow accounting to work properly.

5.

Save the configuration.

commit

6.

Verify that RFlow is enabled on a subscriber circuit.

show subscribers active all

 

3   Example: Configuring RFlow

The following example shows a simple RFlow configuration. Two RFlow profiles are created: p1 and p2. An external collector called c1 is configured to monitor both profiles. The profile called p1 is attached to a VLAN, and the profile called p2 is attached to a PVC. When the profiles are attached to the VLAN and PVC circuits, RFlow is enabled on those circuits.

Create an RFlow profile called p1:

[local]Redback# configure

[local]Redback(config)# flow ip profile p1

[local]Redback(config-flow-ip-profile)# active-timeout 1000

[local]Redback(config-flow-ip-profile)# inactive-timeout 10

[local]Redback(config-flow-ip-profile)# aggregation-cache-size 8192

Create an RFlow profile called p2, running in the default mode:

[local]Redback# configure

[local]Redback(config)# flow ip profile p2

Configure access to an external collector called c1:

[local]Redback# configure

[local]Redback(config)# context rflow

[local]Redback(config-ctx)# flow collector c1 

[local]Redback)(config-flow-collector)# ip-address 10.12.209.7 context rflow1

[local]Redback)(config-flow-collector)# port 9997

[local]Redback)(config-flow-collector)# export-version v5 

[local]Redback)(config-flow-collector)# transport-protocol udp

[local]Redback)(config-flow-collector)# ip profile p1 

[local]Redback)(config-flow-collector)# ip profile p2

Apply the profile p1 to the dot1q PVC 100 circuit on port 4/1:

[local]Redback# configure

[local]Redback(config)# port ethernet 4/1 

[local]Redback(config-port)# no shutdown

[local]Redback(config-port)# encapsulation dot1q 

[local]Redback(config-port)# dot1q pvc 100 

[local]Redback(config-dot1q-pvc)# bind interface if1_1 local 

[local]Redback(config-dot1q-pvc)# flow apply ip profile p1 in 

Apply the profile p2 to dot1q PVC 100:

[local]Redback# configure

[local]Redback(config)# port ethernet 4/1

[local]Redback(config)# dot1q pvc 100 

[local]Redback(config-dot1q-pvc)# encapsulation 1qtunnel 

[local]Redback(config-dot1q-pvc)# bind interface if1_2 local 

[local]Redback(config-dot1q-pvc)# flow apply ip profile p2 out

Apply the profile p1 to an access link group circuit called lg1:

[local]Redback# configure

[local]Redback(config)# link-group lg1 access economical 

[local]Redback(config-link-group)# no shutdown

[local]Redback(config-link-group)# encapsulation dot1q 

[local]Redback(config-link-group)# bind interface if1_1 local 

[local]Redback(config-link-group)# flow apply ip profile p1 in 

Apply the profile p2 to a link-group level-2 circuit:

[local]Redback# configure

[local]Redback(config)# link-group lg2 access economical 

[local]Redback(config-link-group)# encapsulation dot1q 

[local]Redback(config-link-group)# dot1q pvc 100 

[local]Redback(config-dot1q-pvc)# bind interface if1_2 local

[local]Redback(config-dot1q-pvc)# flow apply ip profile p2 out

Defining an application list and specifying an application list name called app-list1. Defining an application name and the protocol ID and port number for TCP.

[local]Redback# configure

[local]Redback(config)# flow ip application-list app-list1 

[local]Redback(config-flow-ip-app-list)# application app1

[local]Redback(config-flow-ip-app)# protocol tcp port 25

Defining global sampling packet interval and indicating a packet interval of 100:

[local]Redback# configure

[local]Redback(config)# flow ip sampling 

[local]Redback(config-flow-ip-sampling)# packet-interval 100

Enabling an application list and sampling for the profile p1:

[local]Redback# configure

[local]Redback(config)# flow ip profile p1 

[local]Redback(config-flow-ip-profile)# application-list

[local]Redback(config-flow-ip-profile)# sampling