Chapter 3 Flow Collection for SteelCentral : Sample Third-Party Configurations
Sample Third-Party Configurations
This section has several third-party configuration examples that show you how to enable NetFlow export to the NetExpress or NetProfiler. Refer to vendor documentation specific to your device and version software. Commands complete various actions, depending upon device software version.
This section includes the following:
  • Configuring VMware ESXi v5.5 Using vSphere
  • Configuring Cisco 6500 Series Switches Running Native Cisco IOS CLI
  • Configuring Cisco 6500 Series Switches in Hybrid Mode
  • Configuring Cisco 7500 Series Router
  • Configuring Cisco 7600 Series Router
  • Configuring Cisco 3560 and 3750 Flexible NetFlow
  • Configuring the Cisco Nexus 7000 Flexible NetFlow
  • Configuring NetFlow Export for Cisco Nexus 1000V
  • Configuring IPFIX for Avaya (Nortel) 8300 and 8600
  • Configuring sFlow for HP Procurve 3500, 5400, and 6200
    • Configuring VMware ESXi v5.5 Using vSphere
    The following example uses VMware vSphere to configure an ESXi v5.5 distributed vSwitch to export flow data.
    To configure flow on the ESXi v5.5 distributed vSwitch through vSphere
    1.
    Log in to the vSphere Client and select the Networking inventory view.
    2.
    Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
    3.
    Select the NetFlow tab.
    4.
    Specify the IP address and port of the NetFlow collector.
    5.
    Specify the vSphere distributed switch (VDS) IP address.
    With an IP address to the vSphere distributed switch, the NetFlow collector can interact with the vSphere distributed switch as a single switch rather than interacting with a separate, unrelated switch for each associated host.
    6.
    (Optional) Use the up and down menu arrows to set the Active flow export time-out and Idle flow export time-out.
    7.
    (Optional) Use the up and down menu arrows to set the Sampling rate.
    The sampling rate determines what portion of data NetFlow collects, with the sampling rate number determining how often NetFlow collects the packets. A collector with a sampling rate of 2 collects data from every other packet. A collector with a sampling rate of 5 collects data from every fifth packet.
    8.
    (Optional) Select Process internal flows to collect data only on network activity between virtual machines on the same host.
    9.
    Click OK.
    Configuring Cisco 6500 Series Switches Running Native Cisco IOS CLI
    The following example uses the native Cisco IOS CLI to configure the SUP and MSFC modules of a 6500 series switch. The following commands generally work with Cisco IOS Release12.2 or later, except where specified. For further information, refer to the documentation for your Cisco IOS software release.
    To configure the SUP and MSFC modules of a 6500 series switch
    1.
    At the switch level (SUP2), enter the following commands to turn on NetFlow and set version, flow mask, and timing:
    Router(config)# mls netflow
    Router(config)# mls nde sender version 5
    Router(config)# mls flow ip interface-full
    Router(config)# mls nde interface
    Router(config)# mls aging normal 32
    Router(config)# mls aging long 64
    2.
    At the routing module (MSFC), enter the following commands to set the device source interface, version, destination, and timeouts:
    Router(config)# ip flow-export source loopback 0
    Router(config)# ip flow-export version 9
    Router(config)# ip flow-export destination <flow-gateway-or-netexpress_ip> <udp-port-number>
    Router(config)# ip flow-cache timeout inactive 15 (this might be the default depending upon code version)
    Router(config)# ip flow-cache timeout active 1
    If you are running Cisco IOS Release 12.2(18) or later, use NetFlow v9. If NetFlow v9 is not available, use NetFlow v5.
    If you are running Cisco IOS Release12.3(14) or later and are exporting NetFlow v9, you can include export of the TTL, enabling the NetProfiler and NetExpress to show network segment diagrams:
    Router(config)# ip flow-capture ttl
    If you are running Cisco IOS Release 12.3(14) or later, running NetFlow v9, and have hardware that supports export of NBAR Layer-7 information, include the following command:
    Router(config)# ip flow-capture nbar
    3.
    To enable NetFlow on your interfaces, enter the following commands, where applicable, for each interface or interface grouping where you require NetFlow accounting (three types of interfaces):
    interface <type> <slot>/<port>
    For example:
    Router(config)# interface fastethernet 0/1
    Router(config-if)# ip route-cache flow
    or
    interface vlan <vlan-id>
    For example:
    Router(config)# interface vlan 3
    Router(config-if)# ip route-cache flow
    or
    interface port-channel <channel-id>
    For example:
    Router(config)# interface port-channel 3
    Router(config-if)# ip route-cache flow
    4.
    Optionally, if you want to export Layer-2 switched flows (and your switch supports Layer-2 NetFlow export), enter the following command for the set of VLANs where you want the Layer-2 flows exported:
    Router(config)# ip flow export layer2-switched vlan <vlan-list>
    Configuring Cisco 6500 Series Switches in Hybrid Mode
    The following example configures the SUP and MSFC modules of a Cisco 6500 series switch running in the hybrid mode.
    To configure the SUP and MSFC modules of a 6500 series switch in hybrid mode
    1.
    At the switch level (SUP), enter the following commands to enable NetFlow data export (NDE) and to set destination of flow, timers, and full flow:
    Router(config)# set mls nde enable
    Router(config)# set mls nde enable <flow-gateway-or-netexpress_ip> <udp-port-number>
    Router(config)# set mls agingtime 16
    Router(config)# set mls agingtime fast 32 0
    Router(config)# set mls agingtime long-duration 64
    Router(config)# set mls flow full
    2.
    At the routing module (MSFC), enter the following command to configure NDE and set the destination of flow:
    Router(config)# ip flow-export <ip-address> <udp-port> <version>
    3.
    At the interface level, enter the following commands to enable NetFlow on each interface on which you want to collect statistics and set timers:
    Router(config)# interface <type> <slot>/<port-adapter>
    For example:
    Router(config)# interface fastethernet 0/1
    Router(config-if)# ip route-cache flow
    Router(config)# ip flow-cache timeout active 1
    Router(config)# ip flow-cache timeout inactive 15
    Configuring Cisco 7500 Series Router
    The following example uses the Cisco IOS CLI to configure a Cisco 7500 series router.
    To configure a Cisco 7500 series router using the Cisco IOS CLI
    1.
    Enter the following commands to configure NDE:
    Router# confg terminal
    Router(config)# ip flow-export <flow-gateway-or-netexpress_ip> <udp-port-number> <version>
    2.
    Enter the following command to enable NetFlow at the interface level on each interface on which you want to collect statistics:
    Router(config)# interface <type> <slot>/<port-adapter>
    For example:
    Router(config)# interface fastethernet 0/1
    For 7500:
    Router(config-if)# ip route-cache flow
    3.
    Enter the following commands to set the NetFlow timers:
    Router(config)# ip flow-cache timeout active 1
    Router(config)# ip flow-cache timeout inactive 15
    Configuring Cisco 7600 Series Router
    The following example uses the Cisco IOS CLI to configure a Cisco 7600 series router.
    To configure a Cisco 7600 series router using the Cisco IOS CLI
    1.
    Enter the following commands to configure NetFlow Data Export (NDE):
    Router(config)# ip flow-export <flow-gateway-or-netexpress_ip> <udp-port-number>
    Router(config)# ip flow-export <version>
    Router(config)# mls nde sender <version>
    2.
    Enter the following command to enable NetFlow at the interface level on each interface on which you want to collect statistics:
    interface <type> <slot>/<port-adapter>
    For example:
    Router(config)# interface fastethernet 0/1
    Router(config-if)# ip flow ingress
    3.
    Enter the following commands to set the NetFlow timers:
    Router(config)# ip flow-cache timeout active 1
    Router(config)# ip flow-cache timeout inactive 15
    Configuring Cisco 3560 and 3750 Flexible NetFlow
    The following example shows an example Flexible NetFlow configuration for the Cisco 3750 and 3560 series switches with NetFlow service module C3KX-SM-10G.
    To configure Flexible NetFlow for a Cisco 3750 or 3560 switch
    1.
    Enter the following commands to create the flow record:
    Switch# flow record cascade-record
    Switch# match ipv4 tos
    Switch# match ipv4 protocol
    Switch# match ipv4 source address
    Switch# match ipv4 destination address
    Switch# match ipv4 ttl
    Switch# match transport source-port
    Switch# match transport destination-port
    Switch# collect counter bytes
    Switch# collect counter packets
    Switch# collect timestamp sys-uptime first
    Switch# collect timestamp sys-uptime last
    2.
    Enter the following commands to create the flow exporter and monitor:
    Switch# flow exporter Cascade
    Switch# destination <ip address of flow-gateway or netexpress>
    Switch# transport udp <ip address of flow-gateway or netexpress>
    Switch# flow monitor Cascade
    Switch# record Cascade-record
    Switch# exporter Cascade
    Switch# cache timeout active 60
    Switch# cache timeout inactive 60
    3.
    Enter the following commands to enable export on a specific port:
    Switch# interface TenGigabitEthernet1/1/1
    Switch# ip flow monitor Cascade input
    Switch# ip flow monitor Cascade output
    Configuring the Cisco Nexus 7000 Flexible NetFlow
    The following example uses Cisco Nexus OS v5.2.1 to configure NetFlow export. You must complete the set of commands in Step 5 for each Layer-3 interface.
    To configure a NetFlow export using a Cisco Nexus 7000 Flexible NetFlow
    1.
    Enter the following commands to configure a record to include all necessary fields for the NetProfiler, NetExpress, or Flow Gateway:
    Switch# configure terminal
    Switch(config)# flow record cascade-record
    Switch(config-flow-record)# match interface input
    Switch(config-flow-record)# match interface output
    Switch(config-flow-record)# match ipv4 source address
    Switch(config-flow-record)# match ipv4 destination address
    Switch(config-flow-record)# match protocol
    Switch(config-flow-record)# match transport source-port
    Switch(config-flow-record)# match transport destination-port
    Switch(config-flow-record)# collect flow direction
    Switch(config-flow-record)# collect ipv4 tos
    Switch(config-flow-record)# collect ipv4 ttl max
    Switch(config-flow-record)# collect transport tcp flags
    Switch(config-flow-record)# collect counter bytes
    Switch(config-flow-record)# collect counter packets
    Switch(config-flow-record)# collect routing next-hop address ipv4
    Switch(config-flow-record)# collect timestamp sys-uptime first
    Switch(config-flow-record)# collect timestamp sys-uptime last
    2.
    At the global level, enter the following commands to configure required timeout settings:
    Switch# configure terminal
    Switch(config)# feature netflow
    Switch(config-netflow)# flow timeout active 60
    Switch(config-netflow)# flow timeout inactive 15
    Switch(config-netflow)# flow timeout session
    3.
    Enter the following commands to configure NetFlow export:
    Switch# configure terminal
    Switch(config)# flow exporter cascade-export
    Switch(config-flow-exporter)# destination <ip address of flow-gateway or netexpress>
    Switch(config-flow-exporter)# source ethernet 2/1
    Switch(config-flow-exporter)# transport udp 2055
    !--- Listening port configured on Flow Gateway
    Switch(config-flow-exporter)# version 9
    4.
    Enter the following commands to configure flow monitor:
    Switch# configure terminal
    Switch(config)# flow monitor cascade-monitor
    Switch(config-flow-monitor)# record netflow ipv4 cascade-record
    Switch(config-flow-monitor)# exporter cascade-export
    5.
    Enter the following commands to apply a flow monitor to a VLAN or interface (one time for each Layer-3 interface):
    Switch# configure terminal
    Switch(config)# vlan 30
    Switch(config-vlan)# ip flow monitor cascade-monitor input
    Configuring NetFlow Export for Cisco Nexus 1000V
    Configuring NetFlow export of the Cisco 1000V is similar to the physical Nexus switches running NX-OS (for example, Cisco Nexus 7000), with some variation in commands. The primary difference is that the Riverbed recommended configuration parameters are for the Cisco Nexus 7000 TTL export. Use the template shown in this example (TTL export is not an option on the Cisco Nexus 1000V).
    To configure NetFlow export for a Cisco Nexus 1000V
    1.
    Enter the following commands to configure NetFlow Exporter and timing parameters:
    n1000v# configure terminal
    n1000v(config)# flow exporter cascade-export
    n1000v(config-flow-exporter)# destination <ip address of flow-gateway or netexpress>
    n1000v(config-flow-exporter)# source mgmt 0
    n1000v(config-flow-exporter)# transport udp 2055
    !--- Listening port configured on Flow Gateway
    n1000v(config-flow-exporter)# version 9
    n1000v(config-flow-exporter-version-9)# option exporter-stats timeout 60
    n1000v(config-flow-exporter-version-9)# template data timeout 1200
    n1000v(config-flow-exporter-version-9)# option interface-table timeout 3600
    2.
    Enter the following commands to configure flow monitor:
    n1000v(config)# flow monitor cascade-monitor
    n1000v(config-flow-monitor)# record netflow-original
    n1000v(config-flow-monitor)# exporter cascade-export
    n1000v(config-flow-monitor)# timeout active 60
    n1000v(config-flow-monitor)# timeout inactive 15
    3.
    Enter the following commands to apply the flow monitor to either each virtual interface or each port profile:
  • For an interface:
    • n1000v(config)# interface veth 2
    n1000v(config-if)# ip flow monitor cascade-monitor input
    n1000v(config-if)# ip flow monitor cascade-monitor output
  • For a port profile (the port profile must be configured with other appropriate parameters and inherited on the appropriate interfaces or port groups):
    • n1000v(config)# port-profile type vethernet <profile-name>
    n1000v(config-port-prof)# ip flow monitor cascade-monitor input
    n1000v(config-port-prof)# ip flow monitor cascade-monitor output
    Configuring IPFIX for Avaya (Nortel) 8300 and 8600
    The following example uses Nortel ERS 8300 and ERS 8600 to configure flow export. You use similar commands to configure other Nortel routers.
    To configure IPFIX for Avaya (Nortel) 8300 and 8600
    1.
    Enter the following command to enable IPFIX globally:
    ERS# config ip ipfix state enable
    2.
    Enter the following command to enable IPFIX at a port level, for each port where you want each export:
    ERS# config ip ipfix port 5/2, 5/3, 5/4, 5/5, 5/6 all-traffic enable
    3.
    Enter the following commands to set the timing parameters for the SteelCentral compatibility (active time-out is in minutes, export interval in seconds):
    ERS# config ip ipfix active-timeout 1
    ERS# config ip ipfix aging-interval 15
    ERS# config ip ipfix export-interval 60
    Depending on your router and software version, you might need to specify slot numbers in the previous commands. The following example shows the commands with slot numbers:
    ERS# config ip ipfix slot 5 active-timeout 1
    ERS# config ip ipfix slot 5 aging-interval 15
    ERS# config ip ipfix slot 5 export-interval 60
    4.
    Enter the following commands to enable export and to export to the NetExpress and Flow Gateway:
    ERS# config ip ipfix exporter-state enable
    ERS# config ip ipfix collector add <ip address of flow-gateway or netexpress> dest-port <listening of flow-gateway or netexpress> enable true
    or
    ERS# config ip ipfix slot 5 exporter-state enable
    ERS# config ip ipfix slot 5 collector add <ip address of flow-gateway or netexpress> dest-port <listening of flow-gateway or netexpress> enable true
    Configuring sFlow for HP Procurve 3500, 5400, and 6200
    The following example uses Procurve 3500, 5400, and 6200 to configure flow export. You use similar commands to configure other HP Procurve devices.
    To configure sFlow for HP Procurve 3500, 5400, and 6200
    1.
    Enter configuration mode to configure the NetExpress or Flow Gateway as a flow destination:
    ProCurve# configure
    ProCurve(config)# sflow 1 destination <ip address of flow-gateway or netexpress> dest-port <listening of flow-gateway or netexpress>
    In this example, 1 is the sFlow instance. If this instance ID is already in use, then enter either 2 or 3 in the previous and the following commands.
    2.
    Enter the following command to activate sampling:
    ProCurve(config)# sflow 1 sampling all 500
    The example shows a sampling rate of one out of every 500 packets. Riverbed recommends that you set the sampling rate to the lowest value recommended by HP; the lowest value recommended depends on device and link speed. In the example, all results use this HP-recommended sampling rate for all ports.
    3.
    Enter the following commands to activate polling:
    ProCurve(config)# sflow 1 polling all 60
    In the example, all results are using this polling rate for all ports, and 60 indicates the polling and export interval.
    4.
    Enter the following command to save the configuration:
    ProCurve(config)# write memory