match interface (Flexible NetFlow) through ttl (Flexible NetFlow)

match interface (Flexible NetFlow)

To configure input and output interfaces as key fields for a flow record, use the match interface command in Flexible NetFlow flow record configuration mode. To disable the use of the input and output interfaces as key fields for a flow record, use the no form of this command.

match interface {input | output}

no match interface {input | output}

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match interface {input [physical] | output} [snmp]

no match interface {input [physical] | output} [snmp]

Syntax Description

input

Configures the input interface as a key field.

physical

(Optional) Configures the physical input interface as a key field and enables collecting the input interface from the flows.

output

Configures the output interface as a key field.

snmp

(Optional) Configures the simple network management protocol (SNMP) index of the input interface as a key field.

Command Default

The input and output interfaces are not configured as key fields.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was modified. The physical and snmp keywords were added.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the input interface as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match interface input

The following example configures the output interface as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match interface output

The following example configures the output interface as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match interface output

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv4

To configure one or more of the IPv4 fields as a key field for a flow record, use the match ipv4 command in Flexible NetFlow flow record configuration mode. To disable the use of one or more of the IPv4 fields as a key field for a flow record, use the no form of this command.

match ipv4 {dscp | header-length | id | option map | precedence | protocol | tos | version}

no match ipv4 {dscp | header-length | id | option map | precedence | protocol | tos | version}

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

match ipv4 protocol

no match ipv4 protocol

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match ipv4 {dscp | precedence | protocol | tos}

no match ipv4 {dscp | precedence | protocol | tos}

Cisco IOS XE Release 3.2SE

match ipv4 {protocol | tos | version}

match ipv4 {protocol | tos | version}

Syntax Description

dscp

Configures the IPv4 differentiated services code point (DSCP) (part of type of service [ToS]) as a key field.

header-length

Configures the IPv4 header length (in 32-bit words) as a key field.

id

Configures the IPv4 ID as a key field.

option map

Configures the bitmap representing which IPv4 options have been seen as a key field.

precedence

Configures the IPv4 precedence (part of ToS) as a key field.

protocol

Configures the IPv4 protocol as a key field.

tos

Configures the IPv4 ToS as a key field.

version

Configures the IP version from IPv4 header as a key field.

Command Default

The use of one or more of the IPv4 fields as a key field for a user-defined flow record is not enabled by default.

Command Modes


flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

15.1(3)T

This command was modified for the Cisco Performance Monitor. The dscp , header-length , id , option map , precedence , tos , and version keywords were removed.

12.2(58)SE

This command was modified for the Cisco Performance Monitor. The dscp , header-length , id , option map , precedence , tos , and version keywords were removed.

12.2(50)SY

This command was modified. The header-length , id , option , map , and version keywords were not supported in Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was modified. The dscp , header-length , id , option map , and precedence keywords were removed.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.


Note

Some of the keywords of the match ipv4 command are documented as separate commands. All of the keywords for the match ipv4 command that are documented separately start with match ipv4 . For example, for information about configuring the IPv4 time-to-live (TTL) field as a key field for a flow record, refer to the match ipv4 ttl command.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

Only the protocol keyword is available. You must first enter theflow record type performance-monitor command.

Examples

The following example configures the IPv4 DSCP field as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 dscp

The following example configures the IPv4 DSCP field as a key field for Cisco Performance Monitor: 


Router(config)# flow record type performance-monitor FLOW-RECORD-1
Router(config-flow-record)# match ipv4 dscp

Related Commands

Command

Description

flow record

Creates a flow record.

flow record type performance-monitor

Creates a flow record for Cisco Performance Monitor.

match ipv4 destination

To configure the IPv4 destination address as a key field for a flow record, use the match ipv4 destination command in Flexible NetFlow flow record configuration mode. To disable the IPv4 destination address as a key field for a flow record, use the no form of this command.

match ipv4 destination {address | {mask | prefix} [minimum-mask mask]}

no match ipv4 destination {address | {mask | prefix} [minimum-mask mask]}

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

match ipv4 destination {address | prefix [minimum-mask mask]}

no match ipv4 destination {address | prefix [minimum-mask mask]}

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match ipv4 destination address

no match ipv4 destination address

Cisco IOS XE Release 3.2SE

match ipv4 destination address

no match ipv4 destination address

Syntax Description

address

Configures the IPv4 destination address as a key field.

mask

Configures the mask for the IPv4 destination address as a key field.

prefix

Configures the prefix for the IPv4 destination address as a key field.

minimum-mask mask

(Optional) Specifies the size, in bits, of the minimum mask. The range is 1 to 32.

Command Default

The IPv4 destination address is not configured as a key field.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Gigabit Switch Router (GSR).

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

15.1(3)T

This command was modified for the Cisco Performance Monitor. The mask keyword was removed.

12.2(58)SE

This command was modified for the Cisco Performance Monitor. The mask keyword was removed.

12.2(50)SY

This command was modified. The mask , prefix , and minimum-mask keywords were removed.

Cisco IOS XE Release 3.2SE

This command was modified. The mask , prefix , and minimum-mask keywords were removed.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

The mask keyword is not available. You must first enter theflow record type performance-monitor command.

Examples

The following example configures a 16-bit IPv4 destination address prefix as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 destination prefix minimum-mask 16

The following example specifies a 16-bit IPv4 destination address mask as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 destination mask minimum-mask 16

The following example specifies a 16-bit IPv4 destination address mask as a key field for Cisco Performance Monitor: 


Router(config)# flow record type performance-monitor FLOW-RECORD-1
Router(config-flow-record)# match ipv4 destination mask minimum-mask 16

Related Commands

Command

Description

flow record

Creates a flow record.

flow record type performance-monitor

Creates a flow record for Cisco Performance Monitor.

match ipv4 fragmentation

To configure the IPv4 fragmentation flags and the IPv4 fragmentation offset as key fields for a flow record, use the match ipv4 fragmentation command in flow record configuration mode. To disable the use of the IPv4 fragmentation flags and the IPv4 fragmentation offset as key fields for a flow record, use the no form of this command.

match ipv4 fragmentation {flags | offset}

no match ipv4 fragmentation {flags | offset}

Syntax Description

flags

Configures the IPv4 fragmentation flags as a key field.

offset

Configures the IPv4 fragmentation offset as a key field.

Command Default

The IPv4 fragmentation flags and the IPv4 fragmentation offset arenot configured as key fields.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

Support for this command was added for Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

match ipv4 fragmentation flags

This field matches the "don’t fragment" and "more fragments" flags.

Bit 0: reserved, must be zero

Bit 1: (DF) 0 = May Fragment, 1 = Don’t Fragment

Bit 2: (MF) 0 = Last Fragment,1 = More Fragments

Bits 3-7: (DC) Don’t Care, value is irrelevant 


        0   1   2   3   4   5   6   7
      +---+---+---+---+---+---+---+---+
      |   | D | M | D | D | D | D | D |
      | 0 | F | F | C | C | C | C | C |
      +---+---+---+---+---+---+---+---+

For more information on IPv4 fragmentation flags, see RFC 791, Internet Protocol at the following URL: http://www.ietf.org/rfc/rfc791.txt .

Examples

The following example configures the IPv4 fragmentation flags as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 fragmentation flags

The following example configures the IPv4 offset flag as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 fragmentation offset

Examples

The following example configures the IPv4 offset flag as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv4 fragmentation offset

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv4 section

To configure a section of an IPv4 packet as a key field for a flow record, use the match ipv4 section command in flow record configuration mode. To disable the use of a section of an IPv4 packet as a key field for a flow record, use the no form of this command.

match ipv4 section {header size header-size | payload size payload-size}

no match ipv4 section {header size header-size | payload size payload-size}

Syntax Description

header size header-size

Configures the number of bytes of raw data starting at the IPv4 header, to use as a key field. Range: 1 to 1200

payload size payload-size

Configures the number of bytes of raw data starting at the IPv4 payload, to use as a key field. Range: 1 to 1200

Command Default

A section of an IPv4 packet is not configured as a key field.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

Support for this command was added for Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

match ipv4 section header

This command uses the section of the IPv4 header indicated by the header size header-size keyword and argument as a key field. Only the configured size in bytes will be matched, and part of the payload will also be matched if the configured size is larger than the size of the header.


Note

This command can result in large records that use a large amount of router memory and export bandwidth.

match ipv4 section payload

This command uses the section of the IPv4 payload indicated by the payload size payload-size keyword and argument as a key field.


Note

This command can result in large records that use a large amount of router memory and export bandwidth.

Examples

The following example configures the first four bytes (the IPv4 version field) as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 section header size 4

The following example configures the first 16 bytes from the payload of the IPv4 packets in the flow as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 section payload size 16

Examples

The following example configures the first 16 bytes from the payload of the IPv4 packets in the flow as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv4 section payload size 16

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv4 source

To configure the IPv4 source address as a key field for a flow record, use the match ipv4 source command in Flexible NetFlow flow record configuration mode. To disable the use of the IPv4 source address as a key field for a flow record, use the no form of this command.

match ipv4 source {address | {mask | prefix} [minimum-mask mask]}

no match ipv4 source {address | {mask | prefix} [minimum-mask mask]}

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

match ipv4 source {address | prefix [minimum-mask mask]}

no match ipv4 source {address | prefix [minimum-mask mask]}

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match ipv4 source address

no match ipv4 source address

Cisco IOS XE Release 3.2SE

match ipv4 source address

no match ipv4 source address

Syntax Description

address

Configures the IPv4 source address as a key field.

mask

Configures the mask for the IPv4 source address as a key field.

prefix

Configures the prefix for the IPv4 source address as a key field.

minimum-mask mask

(Optional) Specifies the size, in bits, of the minimum mask. Range: 1 to 128.

Command Default

The IPv4 source address is not configured as a key field.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

15.1(3)T

This command was modified for the Cisco Performance Monitor. The mask keyword was removed.

12.2(58)SE

This command was modified for the Cisco Performance Monitor. The mask keyword was removed.

12.2(50)SY

This command was modified. The mask , prefix , and minimum-mask keywords were removed.

Cisco IOS XE Release 3.2SE

This command was modified. The mask , prefix , and minimum-mask keywords were removed.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE

The mask keyword is not available. You must first enter theflow record type performance-monitor command.

match ipv4 source prefix minimum-mask

The source address prefix field is the network part of the source address. The optional minimum mask allows a more information to be gathered about large networks.

match ipv4 source mask minimum-mask

The source address mask is the number of bits that make up the network part of the source address. The optional minimum mask allows a minimum value to be configured. This command is useful when there is a minimum mask configured for the source prefix field and the mask is to be used with the prefix. In this case, the values configured for the minimum mask should be the same for the prefix and mask fields.

Alternatively, if the collector knows the minimum mask configuration of the prefix field, the mask field can be configured without a minimum mask so that the true mask and prefix can be calculated.

Examples

The following example configures a 16-bit IPv4 source address prefix as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 source prefix minimum-mask 16

The following example specifies a 16-bit IPv4 source address mask as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 source mask minimum-mask 16

The following example specifies a 16-bit IPv4 source address mask as a key field for Cisco Performance Monitor: 


Router(config)# flow record type performance-monitor FLOW-RECORD-1
Router(config-flow-record)# match ipv4 source mask minimum-mask 16

Related Commands

Command

Description

flow record

Creates a flow record.

flow record type performance-monitor

Creates a flow record for Cisco Performance Monitor.

match ipv4 total-length

To configure the IPv4 total-length field as a key field for a flow record, use the match ipv4 total-length command in flow record configuration mode. To disable the use of the IPv4 total-length field as a key field for a flow record, use the no form of this command.

match ipv4 total-length

no match ipv4 total-length

Syntax Description

This command has no arguments or keywords.

Command Default

The IPv4 total-length field is not configured as a key field.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

Support for this command was added for Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the total-length value as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 total-length

Examples

The following example configures the total-length value as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv4 total-length

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv4 ttl

To configure the IPv4 time-to-live (TTL) field as a key field for a flow record, use the match ipv4 ttl command in Flow NetFlow flow record configuration mode. To disable the use of the IPv4 TTL field as a key field for a flow record, use the no form of this command.

match ipv4 ttl

no match ipv4 ttl

Syntax Description

This command has no arguments or keywords.

Command Default

The IPv4 time-to-live (TTL) field is not configured as a key field.

Command Modes


Flow NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures IPv4 TTL as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv4 ttl

The following example configures the IPv4 TTL as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv4 ttl

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv6

To configure one or more of the IPv6 fields as a key field for a flow record, use the match ipv6 command in Flexible NetFlow flow record configuration mode. To disable the use of one or more of the IPv6 fields as a key field for a flow record, use the no form of this command.

match ipv6 {dscp | flow-label | next-header | payload-length | precedence | protocol | traffic-class | version}

no match ipv6 {dscp | flow-label | next-header | payload-length | precedence | protocol | traffic-class | version}

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match ipv6 {dscp | precedence | protocol | tos}

no match ipv6 {dscp | precedence | protocol | tos}

Cisco IOS XE Release 3.2SE

match ipv6 {protocol | traffic-class | version}

no match ipv6 {protocol | traffic-class | version}

Syntax Description

dscp

Configures the IPv6 differentiated services code point DSCP (part of type of service (ToS)) as a key field.

flow-label

Configures the IPv6 flow label as a key field.

next-header

Configures the IPv6 next header as a key field.

payload-length

Configures the IPv6 payload length as a key field.

precedence

Configures the IPv6 precedence (part of ToS) as a key field.

protocol

Configures the IPv6 protocol as a key field.

tos

Configures the IPv6 ToS as a key field.

traffic-class

Configures the IPv6 traffic class as a key field.

version

Configures the IPv6 version from IPv6 header as a key field.

Command Default

The IPv6 fields are not configured as a key field.

Command Modes


Flexible Netflow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was modified. The flow-label , next-header , payload-length,traffic-class, and version keywords were removed.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was modified. The dscp , flow-label , next-header , payload-length , and precedence keywords were removed.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.


Note

Some of the keywords of the match ipv6 command are documented as separate commands. All of the keywords for the match ipv6 command that are documented separately start with match ipv6 . For example, for information about configuring the IPv6 hop limit as a key field for a flow record, refer to the match ipv6 hop-limit command.

Examples

The following example configures the IPv6 DSCP field as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 dscp

The following example configures the IPv6 DSCP field as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv6 dscp

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv6 destination

To configure the IPv6 destination address as a key field for a flow record, use the match ipv6 destination command in Flexible Netflow flow record configuration mode. To disable the IPv6 destination address as a key field for a flow record, use the no form of this command.

match ipv6 destination {address | {mask | prefix} [minimum-mask mask]}

no match ipv6 destination {address | {mask | prefix} [minimum-mask mask]}

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match ipv6 destination address

no match ipv6 destination address

Cisco IOS XE Release 3.2SE

match ipv6 destination address

no match ipv6 destination address

Syntax Description

address

Configures the IPv6 destination address as a key field.

mask

Configures the mask for the IPv6 destination address as a key field.

prefix

Configures the prefix for the IPv6 destination address as a key field.

minimum-mask mask

(Optional) Specifies the size, in bits, of the minimum mask. Range: 1 to 128.

Command Default

The IPv6 destination address is not configured as a key field.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was modified. The mask , prefix , and minimum-mask keywords were removed.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was modified. The mask , prefix , and minimum-mask keywords were removed.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures a 16-bit IPv6 destination address prefix as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 destination prefix minimum-mask 16

The following example specifies a 16-bit IPv6 destination address mask as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 destination mask minimum-mask 16

The following example configures a 16-bit IPv6 destination address mask as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv6 destination mask minimum-mask 16

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv6 extension map

To configure the bitmap of the IPv6 extension header map as a key field for a flow record, use the match ipv6 extension map command in flow record configuration mode. To disable the use of the IPv6 bitmap of the IPv6 extension header map as a key field for a flow record, use the no form of this command.

match ipv6 extension map

no match ipv6 extension map

Syntax Description

This command has no arguments or keywords.

Command Default

The use of the bitmap of the IPv6 extension header map as a key field for a user-defined flow record is not enabled by default.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Bitmap of the IPv6 Extension Header Map

The bitmap of IPv6 extension header map is made up of 32 bits. 


    0     1     2     3     4     5     6     7
+-----+-----+-----+-----+-----+-----+-----+-----+
| Res | FRA1| RH  | FRA0| UNK | Res | HOP | DST |
+-----+-----+-----+-----+-----+-----+-----+-----+
    8     9    10    11    12    13    14    15
+-----+-----+-----+-----+-----+-----+-----+-----+
| PAY | AH  | ESP |         Reserved            |
+-----+-----+-----+-----+-----+-----+-----+-----+
   16    17    18    19    20    21    22    23
+-----+-----+-----+-----+-----+-----+-----+-----+
|                  Reserved                     |
+-----+-----+-----+-----+-----+-----+-----+-----+
   24    25    26    27    28    29    30    31
+-----+-----+-----+-----+-----+-----+-----+-----+
|                  Reserved                     |
+-----+-----+-----+-----+-----+-----+-----+-----+
0  Res  Reserved
1  FRA1 Fragmentation header - not first fragment
2  RH   Routing header
3  FRA0 Fragment header - first fragment
4  UNK  Unknown Layer 4 header
        (compressed, encrypted, not supported)
5  Res  Reserved
6  HOP  Hop-by-hop option header
7  DST  Destination option header
8  PAY Payload compression header
9  AH  Authentication Header
10 ESP Encrypted security payload
11 to 31 Reserved

For more information on IPv6 headers, refer to RFC 2460 Internet Protocol, Version 6 (IPv6) at the following URL: http://www.ietf.org/rfc/rfc2460.txt .

Examples

The following example configures the IPv6 bitmap of the IPv6 extension header map of the packets in the flow as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 extension map

Examples

The following example configures the IPv6 bitmap of the IPv6 extension header map of the packets in the flow as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv6 extension map

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv6 fragmentation

To configure one or more of the IPv6 fragmentation fields as a key field for a flow record, use the match ipv6 fragmentation command in flow record configuration mode. To disable the use of the IPv6 fragmentation field as a key field for a flow record, use the no form of this command.

match IPv6 fragmentation {flags | id | offset}

no match IPv6 fragmentation {flags | id | offset}

Syntax Description

flags

Configures the IPv6 fragmentation flags as a key field.

id

Configures the IPv6 fragmentation ID as a key field.

offset

Configures the IPv6 fragmentation offset value as a key field.

Command Default

The IPv6 fragmentation field is not configured as a key field.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the IPv6 fragmentation flags a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 fragmentation flags

The following example configures the IPv6 offset value a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 fragmentation offset

Examples

The following example configures the IPv6 offset value as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv6 fragmentation offset

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv6 hop-limit

To configure the IPv6 hop limit as a key field for a flow record, use the match ipv6 hop-limit command in Flexible NetFlow flow record configuration mode. To disable the use of a section of an IPv6 packet as a key field for a flow record, use the no form of this command.

match ipv6 hop-limit

no match ipv6 hop-limit

Syntax Description

This command has no arguments or keywords.

Command Default

The use of the IPv6 hop limit as a key field for a user-defined flow record is not enabled by default.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the hop limit of the packets in the flow as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 hop-limit

The following example configures the hop limit of the packets in the flow as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv6 hop-limit

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv6 length

To configure one or more of the IPv6 length fields as a key field for a flow record, use the match ipv6 length command in flow record configuration mode. To disable the use of the IPv6 length field as a key field for a flow record, use the no form of this command.

match ipv6 length {header | payload | total}

no match ipv6 length {header | payload | total}

Syntax Description

header

Configures the length in bytes of the IPv6 header, not including any extension headers as a key field.

payload

Configures the length in bytes of the IPv6 payload, including any extension header as a key field.

total

Configures the total length in bytes of the IPv6 header and payload as a key field.

Command Default

The IPv6 length field is not configured as a key field.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the length of the IPv6 header in bytes, not including any extension headers, as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 length header

Examples

The following example configures the length of the IPv6 header in bytes, not including any extension headers, as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv6 length header

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv6 section

To configure a section of an IPv6 packet as a key field for a flow record, use the match ipv6 section command in flow record configuration mode. To disable the use of a section of an IPv6 packet as a key field for a flow record, use the no form of this command.

match ipv6 section {header size header-size | payload size payload-size}

no match ipv6 section {header size header-size | payload size payload-size}

Syntax Description

header size header-size

Configures the number of bytes of raw data starting at the IPv6 header, to use as a key field. Range: 1 to 1200

payload size payload-size

Configures the number of bytes of raw data starting at the IPv6 payload, to use as a key field. Range: 1 to 1200

Command Default

A section of an IPv6 packet is not configured as a key.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

match ipv6 section header

This command uses the section of the IPv6 header indicated by the headersize header-size keyword and argument as a key field. Only the configured size in bytes will be matched, and part of the payload will also be matched if the configured size is larger than the size of the header.


Note

This command can result in large records that use a large amount of router memory and export bandwidth.

match ipv6section payload

This command uses the section of the IPv6 payload indicated by the payloadsize payload-size keyword and argument as a key field.


Note

This command can result in large records that use a large amount of router memory and export bandwidth.

Examples

The following example configures the first four bytes (the IP version field) from the IPv6 header of the packets in the flows as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 section header size 4

The following example configures the first 16 bytes from the payload of the IPv6 packets in the flows as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 section payload size 16

Examples

The following example configures the first 16 bytes from the payload of the IPv6 packets in the flows as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv6 section payload size 16

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match ipv6 source

To configure the IPv6 source address as a key field for a flow record, use the match ipv6 source command in Flexible NetFlow flow record configuration mode. To disable the use of the IPv6 source address as a key field for a flow record, use the no form of this command.

match ipv6 source {address | {mask | prefix} [minimum-mask mask]}

no match ipv6 source {address | {mask | prefix} [minimum-mask mask]}

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match ipv6 source address

no match ipv6 source address

Cisco IOS XE Release 3.2SE

match ipv6 source address

no match ipv6 source address

Syntax Description

address

Configures the IPv6 source address as a key field.

mask

Configures the mask for the IPv6 source address as a key field.

prefix

Configures the prefix for the IPv6 source address as a key field.

minimum-mask mask

(Optional) Specifies the size, in bits, of the minimum mask. Range: 1 to 128.

Command Default

The IPv6 source address is not configured as a key field.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was modified. The mask , prefix , and minimum-mask keywords were removed.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was modified. The mask , prefix , and minimum-mask keywords were removed.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures a 16-bit IPv6 source address prefix as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 source prefix minimum-mask 16

The following example specifies a 16-bit IPv6 source address mask as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match ipv6 source mask minimum-mask 16

The following example configures the 16-bit IPv6 source address mask as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match ipv6 source mask minimum-mask 16

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match mpls label

To configure MPLS label fields as a key field for a flow record, use the match mpls label command in flow record configuration mode. To disable the use of the MPLS label fields as a key field for a flow record, use the no form of this command.

match mpls {label 1 | {details | exp | ttl} | label 2 | {details} | label 3 | {details} | label 4 | {details} | label 5 | {details} | label 6 | {details}}

no match mpls {label 1 | {details | exp | ttl} | label 2 | {details} | label 3 | {details} | label 4 | {details} | label 5 | {details} | label 6 | {details}}

Syntax Description

label 1

Configures the first MPLS label as a nonkey field.

details

Configures the details of the MPLS label as a nonkey field.

exp

Configures the MPLS experimental level field as a nonkey field.

ttl

Configures the time-to-life (TTL) for the MPLS label as a nonkey field.

label 2

Configures the second MPLS label as a nonkey field.

label 3

Configures the third MPLS label as a nonkey field.

label 4

Configures the fourth MPLS label as a nonkey field.

label 5

Configures the fifth MPLS label as a nonkey field.

label 6

Configures the sixth MPLS label as a nonkey field.

Command Default

MPLS label fields are not configured as a key field.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

Cisco IOS XE Release 3.9S

This command was introduced.

Usage Guidelines

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the details of the first MPLS label as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match mpls label 1 details

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

match routing

To configure one or more of the routing fields as a key field for a flow record, use the match routing command in flow record configuration mode. To disable the use of one or more of the routing fields as a key field for a flow record, use the no form of this command.

match routing {destination | source} [as [4-octet | peer [4-octet]] | traffic-index | forwarding-status | next-hop address {ipv4 | ipv6} [bgp] | vrf input | vrf output]

no match routing {destination | source} [as [4-octet | peer [4-octet]] | traffic-index | forwarding-status | next-hop address {ipv4 | ipv6} [bgp] | vrf input | vrf output]

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match routing vrf input

no match routing vrf input

Syntax Description

destination

Specifies one or more of the destination routing attributes fields as a key field.

source

Specifies one or more of the source routing attributes fields as a key field.

as

Configures the autonomous system field as a key field.

4-octet

(Optional) Configures the 32-bit autonomous system number as a key field.

peer

(Optional) Configures the autonomous system number of the peer network as a key field.

traffic-index

Configures the Border Gateway Protocol (BGP) destination traffic index as a key field.

forwarding-status

Configures the forwarding status of the packet as a key field.

next-hop address

Configures the next-hop address value as a key field. The type of address (IPv4 or IPv6) is determined by the next keyword entered.

ipv4

Specifies that the next-hop address value is an IPv4 address.

ipv6

Specifies that the next-hop address value is an IPv6 address.

bgp

(Optional) Configures the IPv4 address of the BGP next hop as a key field.

vrf input

Configures the virtual routing and forwarding (VRF) ID for incoming packets as a key field.

vrf output

Configures the virtual routing and forwarding (VRF) ID for outgoing packets as a key field.

Command Default

The use of one or more of the routing fields as a key field for a user-defined flow record is disabled.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

Support for this command was added for Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.4(20)T

ipv6 keyword was added.

15.0(1)M

This command was modified. The vrf input keywords were added.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS Release XE 3.2S

This command was modified. The 4-octet keyword was added.

12.2(50)SY

This command was modified. The vrf input keywords are the only keywords supported in Cisco IOS Release 12.2(50)SY.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Cisco IOS XE Release 3.8S

This command was modified. The vrf output keywords were added.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command; however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

match routing source as [peer]

This command matches the 16-bit autonomous system number based on a lookup of the router’s routing table using the source IP address. The optional peer keyword provides the expected next network, as opposed to the originating network.

match routing source as [peer [4-octet ]]

This command matches the 32-bit autonomous system number based on a lookup of the router’s routing table using the source IP address. The optional peer keyword provides the expected next network, as opposed to the originating network.

match routing destination as [peer]

This command matches the 16-bit autonomous system number based on a lookup of the router’s routing table using the destination IP address. The peer keyword provides the expected next network, as opposed to the destination network.

match routing destination as [peer [4-octet ]]

This command matches the 32-bit autonomous system number based on a lookup of the router’s routing table using the destination IP address. The peer keyword provides the expected next network, as opposed to the destination network.

match routing destination traffic-index

This command matches the traffic-index field based on the destination autonomous system for this flow. The traffic-index field is a value propagated through BGP.

This command is not supported for IPv6.

match routing source traffic-index

This command matches the traffic-index field based on the source autonomous system for this flow. The traffic-index field is a value propagated through BGP.

This command is not supported for IPv6.

match routing forwarding-status

This command matches a field to indicate if the packets were successfully forwarded. The field is in two parts and may be up to 4 bytes in length. For the releases specified in the Command History table, only the status field is used: 


+-+-+-+-+-+-+-+-+
    | S | Reason    |
    | t | codes     |
    | a | or        |
    | t | flags     |
    | u |           |
    | s |           |
    +-+-+-+-+-+-+-+-+
     0 1 2 3 4 5 6 7
  Status:
  00b=Unknown, 01b = Forwarded, 10b = Dropped, 11b = Consumed

match routing vrf input

This command matches the VRF ID from incoming packets on a router. In the case where VRFs are associated with an interface via methods such as VRF Selection Using Policy Based Routing/Source IP Address, a VRF ID of 0 will be recorded. If a packet arrives on an interface that does not belong to a VRF, a VRF ID of 0 is recorded.

The match routing vrf input command must be configured to capture data if the interface is part of a VRF.

  • If the command is not configured and match and collect fields other than MAC address and IP physical interface are added, an error message asking the user to configure match routing vrf input command is displayed.

  • If the command is not configured and the MAC address and IP physical interface fields are added, there is no error message and these fields are not updated in the exported data.

match routing vrf output

This command matches the VRF ID from outgoing packets on a router.

Examples

The following example configures the source autonomous system as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match routing source as

The following example configures the destination autonomous system as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match routing destination as

The following example configures the BGP source traffic index as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match routing source traffic-index

The following example configures the forwarding status as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match routing forwarding-status

The following example configures the VRF ID for incoming packets as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match routing vrf input

The following example configures the VRF ID for outgoing packets as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match routing vrf output

Examples

The following example configures the VRF ID for incoming packets as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match routing vrf input

Related Commands

Command

Description

flow record

Creates a flow record and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record and enters Performance Monitor flow record configuration mode.

match routing is-multicast

To configure the use of the is-multicast field (indicating that the IPv4 traffic is multicast traffic) as a key field for a flow record, use the match routing is-multicast command in flow record configuration mode. To disable the use of the is-multicast field as a key field for a flow record, use the no form of this command.

match routing is-multicast

no match routing is-multicast

Syntax Description

This command has no arguments or keywords

Command Default

The is-multicast field is not configured as a key field.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(22)T

This command was introduced.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

Examples

The following example configures the is-multicast field as a key field for a flow record: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match routing is-multicast

Examples

The following example configures the is-multicast field as a key field for a Performance Monitor flow record: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match routing multicast replication-factor

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match routing multicast replication-factor

To configure the multicast replication factor value for IPv4 traffic as a key field for a flow record, use the match multicast replication-factor command in flow record configuration mode. To disable the use of the multicast replication factor value as a key field for a flow record, use the no form of this command.

match routing multicast replication-factor

no match routing multicast replication-factor

Syntax Description

This command has no arguments or keywords.

Command Default

The multicast replication factor value is not configured as a key field.

Command Modes


Flow record configuration(config-flow-record)

Command History

Release

Modification

12.4(22)T

This command was introduced.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

When the replication-factor field is used in a flow record, it will only have a non-zero value in the cache for ingress multicast traffic that is forwarded by the router. If the flow record is used with a flow monitor in output (egress) mode or to monitor unicast traffic or both, the cache data for the replication factor field is set to 0.


Note

This command is not supported on ASR and ISR platforms.

Examples

The following example configures the multicast replication factor value as a key field for a flow record: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match routing multicast replication-factor

Examples

The following example configures the multicast replication factor value as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match routing multicast replication-factor

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match transport

To configure one or more of the transport fields as a key field for a flow record, use the match transport command in Flexible NetFlow flow record configuration mode. To disable the use of one or more of the transport fields as a key field for a flow record, use the no form of this command.

match transport {destination-port | igmp type | source-port}

no match transport {destination-port | igmp type | source-port}

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

match transport {destination-port | source-port}

no match transport {destination-port | source-port}

Syntax Description

destination-port

Configures the transport destination port as a key field.

igmp type

Configures time stamps based on the system uptime as a key field.

source-port

Configures the transport source port as a key field.

Command Default

The transport fields are not configured as a key field.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was modified. The igmp type keyword combination was removed.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the destination port as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport destination-port

The following example configures the source port as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport source-port

The following example configures the source port as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match transport source-port

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match transport icmp ipv4

To configure the ICMP IPv4 type field and the code field as key fields for a flow record, use the match transport icmp ipv4 command in Flexible NetFlow flow record configuration mode. To disable the use of the ICMP IPv4 type field and code field as key fields for a flow record, use the no form of this command.

match transport icmp ipv4 {code | type}

no match transport icmp ipv4 {code | type}

Syntax Description

code

Configures the IPv4 ICMP code as a key field.

type

Configures the IPv4 ICMP type as a key field.

Command Default

The ICMP IPv4 type field and the code field are not configured as key fields.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the IPv4 ICMP code field as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport icmp ipv4 code

The following example configures the IPv4 ICMP type field as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport icmp ipv4 type

The following example configures the IPv4 ICMP type field as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match transport icmp ipv4 type

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match transport icmp ipv6

To configure the internet control message protocol ICMP IPv6 type field and the code field as key fields for a flow record, use the match transport icmp ipv6 command in Flexible NetFlow flow record configuration mode. To disable the use of the ICMP IPv6 type field and code field as key fields for a flow record, use the no form of this command.

match transport icmp ipv6 {code | type}

no match transport icmp ipv6 {code | type}

Syntax Description

code

Configures the ICMP code as a key field.

type

Configures the ICMP type as a key field.

Command Default

The ICMP IPv6 type field and the code field are not configured as key fields.

Command Modes


Flexible Netflow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(20)T

This command was introduced.

12.2(33)SRE

This command was modified. Support for this command was implemented on for the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.5S

This command was modified. Support for the Cisco Performance Monitor was added.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A Flow Record requires at least one key field before it can be used in a Flow Monitor. The Key fields differentiate Flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the IPv6 ICMP code field as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport icmp ipv6 code

The following example configures the IPv6 ICMP type field as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport icmp ipv6 type

The following example configures the IPv6 ICMP type field as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match transport icmp ipv6 type

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match transport tcp

To configure one or more of the TCP fields as a key field for a flow record, use the match transport tcp command in flow record configuration mode. To disable the use of a TCP field as a key field for a flow record, use the no form of this command.

match transport tcp {acknowledgement-number | bytes out-of-order | destination-port | flags { [ack] | [cwr] | [ece] | [fin] | [psh] | [rst] | [syn] | [urg]} | header-length | maximum-segment-size | packets out-of-order | sequence-number | source-port | urgent-pointer | window-size | window-size-average | window-size-maximum | window-size-minimum}

no match transport tcp {acknowledgement-number | bytes out-of-order | destination-port | flags { [ack] | [cwr] | [ece] | [fin] | [psh] | [rst] | [syn] | [urg]} | header-length | maximum-segment-size | packets out-of-order | sequence-number | source-port | urgent-pointer | window-size | window-size-average | window-size-maximum | window-size-minimum}

Syntax Description

acknowledgement -number

Configures the TCP acknowledgement number as a key field.

bytes out-of-order

Configures the number of out-of-order bytes as a key field.

destination-port

Configures the TCP destination port as a key field.

flags

Configures one or more of the TCP flags as a key field. If you configure the flags keyword you must also configure at least one of the optional keywords for the flags keyword.

ack

(Optional) Configures the TCP acknowledgement flag as a key field.

cwr

(Optional) Configures the TCP congestion window reduced flag as a key field.

ece

(Optional) Configures the TCP Explicit Notification Congestion echo (ECE) flag as a key field.

fin

(Optional) Configures the TCP finish flag as a key field.

psh

(Optional) Configures the TCP push flag as a key field.

rst

(Optional) Configures the TCP reset flag as a key field.

syn

(Optional) Configures the TCP synchronize flag as a key field.

urg

(Optional) Configures the TCP urgent flag as a key field.

header-length

Configures the TCP header length (in 32-bit words) as a key field.

maximum-segment-size

Configures the maximum segment size as a key field.

packets out-of-order

Configures the number of out-of-order packets as a key field.

sequence-number

Configures the TCP sequence number as a key field.

source-port

Configures the TCP source port as a key field.

urgent-pointer

Configures the TCP urgent pointer as a key field.

window-size

Configures the TCP window size as a key field.

window-size-average

Configures the average window size as a key field.

window-size-maximum

Configures the maximum window size as a key field.

window-size-minimum

Configures the minimum window size as a key field.

Command Default

The use of one or more of the TCP fields as a key field for a user-defined flow record is not enabled by default.

Command Modes


Flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

Support for this command was added for Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Cisco IOS XE Release 3.6S

This command was modified. The bytes out-of-order , packets out-of-order , maximum-segment-size , window-size-average , window-size-maximum , and window-size-minimum keywords were added into Cisco IOS XE Release 3.6S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the TCP acknowledgement flag as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport tcp flags ack

The following example configures the TCP finish flag as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport tcp flags fin

The following example configures the TCP reset flag as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport tcp flags rst

The following example configures the transport destination port as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport tcp destination-port

The following example configures the transport source port as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport tcp source-port

Examples

The following example configures the IPv4 ICMP type field as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match transport tcp source-port

Related Commands

Command

Description

flow record

Creates a flow record, and enters Flexible NetFlow flow record configuration mode.

flow record type performance-monitor

Creates a flow record, and enters Performance Monitor flow record configuration mode.

match transport udp

To configure one or more of the user datagram protocol UDP fields as a key field for a Flexible NetFlow flow record, use the match transport udp command in Flexible NetFlow flow record configuration mode. To disable the use of a UDP field as a key field for a Flexible NetFlow flow record, use the no form of this command.

match transport udp {destination-port | message-length | source-port}

no match transport udp {destination-port | message-length | source-port}

Syntax Description

destination-port

Configures the UDP destination port as a key field.

message-length

Configures the UDP message length as a key field.

source-port

Configures the UDP source port as a key field.

Command Default

The UDP fields are not configured as a key field.

Command Modes


Flexible NetFlow flow record configuration (config-flow-record)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

Support for this command was added for Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7300 Network Processing Engine (NPE) series routers.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T for Cisco Performance Monitor.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command, however the mode prompt is the same for both products. For Performance Monitor, you must first enter the flow record type performance-monitor command before you can use this command.

Because the mode prompt is the same for both products, here we refer to the command mode for both products as flow record configuration mode. However, for Flexible NetFlow, the mode is also known as Flexible NetFlow flow record configuration mode; and for Performance Monitor, the mode is also known as Performance Monitor flow record configuration mode.

A flow record requires at least one key field before it can be used in a flow monitor. The key fields differentiate flows, with each flow having a unique set of values for the key fields. The key fields are defined using the match command.

Examples

The following example configures the UDP destination port as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport udp destination-port

The following example configures the UDP message length as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport udp message-length

The following example configures the UDP source port as a key field: 


Router(config)# flow record FLOW-RECORD-1
Router(config-flow-record)# match transport udp source-port

Examples

The following example configures the UDP source port as a key field: 


Router(config)# flow record type performance-monitor RECORD-1
Router(config-flow-record)# match transport udp source-port

Related Commands

Command

Description

flow record

Creates a flow record.

mode (Flexible NetFlow)

To specify the type of sampling and the packet interval for a Flexible NetFlow sampler, use the mode command in Flexible NetFlow sampler configuration mode. To unconfigure the type of sampling and the packet interval for a Flexible NetFlow sampler, use the no form of this command.

mode {deterministic | random} 1 out-of window-size

no mode

Syntax Description

deterministic

Enables deterministic mode sampling for the sampler.

random

Enables random mode sampling for the sampler.

1 out-of window-size

Specifies the window size from which to select packets. Range: 2 to 32768.

Command Default

The mode and the packet interval for a sampler are not configured.

Command Modes


Flexible NetFlow sampler configuration (config-sampler)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

Deterministic Mode

In deterministic mode, packets are chosen periodically based on the configured interval. This mode has less overhead than random mode and can be useful when the router samples traffic that is random in nature.

Random Mode

In random mode, packets are chosen in a manner that should eliminate any bias from traffic patterns and counter any attempt by users to avoid monitoring.

Examples

The following example enables deterministic sampling with a window size of 1000: 


Router(config)# sampler SAMPLER-1
Router(config-sampler)# mode deterministic 1 out-of 1000

The following example enables random sampling with a window size of 1000: 


Router(config)# sampler SAMPLER-1
Router(config-sampler)# mode random 1 out-of 1000

Related Commands

Command

Description

clear sampler

Clears the sampler statistics.

debug sampler

Enables debugging output for samplers.

show sampler

Displays sampler status and statistics.

option (Flexible NetFlow)

To configure optional data parameters for a flow exporter for Flexible NetFlow or the Cisco Performance Monitor, use the option command in Flexible NetFlow flow exporter configuration mode. To remove optional data parameters for a flow exporter, use the no form of this command.

option {application-attributes | application-table | c3pl-class-table | c3pl-policy-table | class-qos-table | exporter-stats | inspect-class-table | inspect-ext-event-table | inspect-protocol-table | inspect-zonepair-table | interface-table | metadata-version-table | policy-qos-table | sampler-table | sub-application-table | vrf-table} [timeout seconds]

no option {application-attributes | application-table | c3pl-class-table | c3pl-policy-table | class-qos-table | exporter-stats | inspect-class-table | inspect-ext-event-table | inspect-protocol-table | inspect-zonepair-table | interface-table | metadata-version-table | policy-qos-table | sampler-table | sub-application-table | vrf-table}

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

option {exporter-stats | interface-table | sampler-table | vrf-table} [timeout seconds]

no option {exporter-stats | interface-table | sampler-table | vrf-table}

Cisco IOS XE Release 3.2SE

option {exporter-stats | interface-table | sampler-table} [timeout seconds]

option {exporter-stats | interface-table | sampler-table} [timeout seconds]

Syntax Description

application-attributes

Configures the application attributes option for flow exporters.

application-table

Configures the application table option for flow exporters.

c3pl-class-table

Configures the Cisco Common Classification Policy Language (C3PL) class table.

c3pl-policy-table

Configures the C3PL policy table.

class-qos-table

Configures the quality of service (QoS) class table option for flow exporters.

exporter-stats

Configures the exporter statistics option for flow exporters.

inspect-class-table

Configures the policy-firewall class table option for flow exporters.

inspect-ext-event-table

Configures the policy-firewall extended events table for flow exporters.

inspect-protocol-table

Configures the policy-firewall protocol table for flow exporters.

inspect-zonepair-table

Configures the policy-firewall zone pair table for flow exporters.

interface-table

Configures the interface table option for flow exporters.

metadata-version-table

Configures the metadata version table for flow exporters.

policy-qos-table

Configures the QoS policy table option for flow exporters.

sampler-table

Configures the export sampler information option for flow exporters.

sub-application-table

Configures the subapplication table option for flow exporters.

vrf-table

Configures the virtual routing and forwarding (VRF) ID-to-name table option for flow exporters.

timeout seconds

(Optional) Configures the option resend time in seconds for flow exporters. The range is from 1 to 86400. The default is 600.

Command Default

The optional data parameters are not configured.

Command Modes

Flow exporter configuration (config-flow-exporter)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

15.0(1)M

This command was modified. The application-table and vrf-table keywords were added.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE Release 3.1S

This command was integrated into Cisco IOS XE Release 3.1S.

15.1(3)T

This command was modified. Support for the Cisco Performance Monitor was added.

12.2(58)SE

This command was modified. Support for the Cisco Performance Monitor was added.

12.2(50)SY

This command was modified. The application-table keyword was removed.

Cisco IOS XE Release 3.5S

This command was modified. The application-attributes keyword was added.

15.2(1)S2

This command was modified. The sub-application-table keyword was added.

15.2(4)M2

This command was modified. The class-qos-table and policy-qos-table keywords were added.

Cisco IOS XE Release 3.2SE

This command was modified. The application-attributes , application-table , and vrf-table keywords were removed.

15.4(2)T

This command was modified. The c3pl-class-table, c3pl-policy-table, inspect-class-table, inspect-ext-event-table, inspect-protocol-table, inspect-zonepair-table , and metadata-version-table keywords were added.

Usage Guidelines

The option command can be used with both Flexible NetFlow and the Cisco Performance Monitor.

Use the timeout keyword to alter the frequency at which reports are sent.

The option application-attributes command causes the periodic sending of network-based application recognition (NBAR) application attributes to an external collector.

The following application attributes are sent to the collector per protocol:

  • Application-Group—Group applications that belong to the same networking application.

  • Category—Provides first-level categorization for each application.

  • Encrypted—Specifies whether the application is an encrypted networking protocol.

  • P2P-Technology—Specifies whether the application is based on peer-to-peer technology.

  • Sub-Category—Provides second-level categorization for each application.

  • Tunnel-Technology—Specifies whether the application tunnels the traffic of other protocols.

The option application-table command enables the periodic sending of an options table that allows the collector to map NBAR application IDs provided in the flow records to application names.

The option class-qos-table command enables the periodic sending of an options table that allows the collector to map QoS class IDs to class names in the flow records.

The option exporter-stats command enables the periodic sending of exporter statistics, including the number of records, bytes, and packets. This command allows the collector to estimate packet loss for the export records it receives.

The option inspect-class-table command enables the export of option templates that map inspect class-ID-to-class-name.

The option inspect-ext-event-table command enables the export option templates that map the firewall Event-ID-to-Event-name.

The option inspect-protocol-table command enables the export of option templates that map the firewall protocol-ID-to-protocol-name.

The option inspect-zonepair-table command enables the export of option templates that map Zone-Pair-ID-to-Zone-Pair-Name.

The option interface-table enables the periodic sending of an options table that allows the collector to map the interface Simple Network Management Protocol (SNMP) indexes provided in flow records to interface names.

The option policy-qos-table command enables the periodic sending of an options table that allows the collector to map QoS policy IDs to policy names in the flow records.

The option sampler-table command enables the periodic sending of an options table that provides complete information about the configuration of each sampler and allows the collector to map the sampler ID provided in any flow record to a configuration that it can use to scale up the flow statistics.

The option sub-application-table command enables the periodic sending of an options table that allows the collector to map NBAR subapplication tags, subapplication names, and subapplication descriptions provided in the flow records to application IDs.

The option vrf-table command enables the periodic sending of an options table that allows the collector to map the VRF IDs provided in the flow records to VRF names.

Examples

The following example shows how to enable the periodic sending of NBAR application attributes to the collector: 

 
Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option application-attributes

The following example shows how to enable the periodic sending of an options table that allows the collector to map QoS class IDs provided in flow records to class names: 


Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option class-qos-table

The following example shows how to enable the periodic sending of an options table that allows the collector to map QoS policy IDs provided in flow records to policy names: 


Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option policy-qos-table

The following example shows how to enable the periodic sending of exporter statistics, including the number of records, bytes, and packets sent: 


Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option exporter-stats

The following example shows how to enable the periodic sending of an options table that allows the collector to map the interface SNMP indexes provided in flow records to interface names: 


Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option interface-table

The following example shows how to enable the periodic sending of an options table that allows the collector to map NBAR application IDs provided in flow records to application names: 


Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option application-table

The following example shows how to enable the periodic sending of an options table that details the configuration of each sampler and allows the collector to map the sampler ID provided in any flow record to a configuration that the collector can use to scale up the flow statistics: 


Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option sampler-table

The following example shows how to enable the periodic sending of an options table that allows the collector to map the NBAR subapplication tags, subapplication names, and subapplication descriptions provided in flow records to application IDs: 


Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option sub-application-table

The following example shows how to enable the periodic sending of an options table that allows the collector to map the virtual routing and forwarding (VRF) IDs provided in flow records to VRF names: 


Device(config)# flow exporter FLOW-EXPORTER-1
Device(config-flow-exporter)# option vrf-table

Related Commands

Command

Description

flow exporter

Creates a flow exporter.

output-features

To enable sending export packets for Flexible NetFlow or Performance Monitor using quality of service (QoS) or encryption, use the output-features command in flow exporter configuration mode. To disable sending export packets using QoS or encryption, use the no form of this command.

output-features

no output-features

Syntax Description

This command has no arguments or keywords.

Command Default

If QoS or encryption is configured on the router, neither QoS or encryption is run on Flexible NetFlow or Performance Monitor export packets.

Command Modes


flow exporter configuration (config-flow-exporter)

Command History

Release

Modification

12.4(20)T

This command was introduced.

15.1(3)T

This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor.

12.2(58)SE

This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor.

If the router has the output feature quality of service (QoS) or encryption configured, the output-features command causes the output features to be run on Flexible NetFlow or Performance Monitor export packets.

Examples

The following example configures the use of QoS or encryption on Flexible NetFlow or Performance Monitor export packets: 


Router(config)# flow exporter FLOW-EXPORTER-1
Router(config-flow-exporter)# output-features

Related Commands

Command

Description

flow exporter

Creates a flow exporter.

record

To configure a flow record for a Flexible NetFlow flow monitor, use the record command in Flexible NetFlow flow monitor configuration mode. To remove a flow record for a Flexible NetFlow flow monitor, use the no form of this command.

record {record-name | netflow-original | netflow {ipv4 | ipv6} record [peer]}

no record

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

record {record-name | platform-original {ipv4 | ipv6} record}

no record

Cisco IOS XE Release 3.2SE

record record-name

no record

Syntax Description

record-name

Name of a user-defined flow record that was previously configured.

netflow-original

Configures the flow monitor to use the Flexible NetFlow implementation of original NetFlow with origin autonomous systems.

netflow ipv4

Configures the flow monitor to use one of the predefined IPv4 records.

netflow ipv6

Configures the flow monitor to use one of the predefined IPv6 records. This keyword is not supported on the Cisco ASR 1000 Series Aggregation Services router.

record

Name of the predefined record. See the table below for a listing of the available records and their definitions.

peer

(Optional) Configures the flow monitor to use one of the predefined records with peer autonomous systems. The peer keyword is not supported for every type of Flexible NetFlow predefined record. See the table below.

platform-original ipv4

Configures the flow monitor to use one of the predefined IPv4 records.

platform-original ipv4

Configures the flow monitor to use one of the predefined IPv6 records.

Command Default

A flow record is not configured.

Command Modes


Flexible NetFlow flow monitor configuration (config-flow-monitor)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.4(20)T

This command was modified. The ipv6 keyword was added.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE 3.1S

This command was integrated into Cisco IOS XE Release 3.1S.

12.2(50)SY

This command was modified. The netflow-original , netflow ipv4 , and netflow ipv6 keywords were removed.

The platform-originalipv4 a nd platform-originalipv4 keywords were added.

Cisco IOS XE Release 3.2SE

This command was modified. The netflow-original , netflow ipv4 , and netflow ipv6 keywords were removed.

Usage Guidelines

Each flow monitor requires a record to define the contents and layout of its cache entries. The flow monitor can use one of the wide range of predefined record formats, or advanced users may create their own record formats.


Note

You must use the no ip flowmonitor command to remove a flow monitor from all of the interfaces to which you have applied it before you can modify the parameters for the record command for the flow monitor.

The table below describes the keywords and descriptions for the record argument.

Table 1. Keywords and Descriptions for the record Argument

Keyword

Description

IPv4 Support

IPv6 Support

as

Autonomous system record.

Yes

Yes

as-tos

Autonomous system and ToS record.

Yes

bgp-nexthop-tos

BGP next-hop and ToS record.

Yes

bgp-nexthop

BGP next-hop record.

Yes

destination

Original 12.2(50)SY platform IPv4/IPv6 destination record.

Yes

Yes

destination-prefix

Destination Prefix record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

destination-prefix-tos

Destination prefix and ToS record.

Yes

destination-source

Original 12.2(50)SY platform IPv4/IPv6 destination-source record.

Yes

Yes

full

Original 12.2(50)SY platform IPv4/IPv6 full record.

Yes

Yes

interface-destination

Original 12.2(50)SY platform IPv4/IPv6 interface-destination record.

Yes

Yes

interface-destination- source

Original 12.2(50)SY platform IPv4/IPv6 interface-destination-source record.

Yes

Yes

interface-full

Original 12.2(50)SY platform IPv4/IPv6 interface-full record.

Yes

Yes

interface-source

Original 12.2(50)SY platform IPv4/IPv6 interface-source only record.

Yes

Yes

original-input

Traditional IPv4 input NetFlow.

Yes

Yes

original-output

Traditional IPv4 output NetFlow.

Yes

Yes

prefix

Source and destination prefixes record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

prefix-port

Prefix port record.

Note 

The peer keyword is not available for this record.

Yes

--

prefix-tos

Prefix ToS record.

Yes

--

protocol-port

Protocol ports record.

Note 

The peer keyword is not available for this record.

Yes

Yes

protocol-port-tos

Protocol port and ToS record.

Note 

The peer keyword is not available for this record.

Yes

source-prefix

Source autonomous system and prefix record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

source-prefix-tos

Source Prefix and ToS record.

Yes

Examples

The following example configures the flow monitor to use the NetFlow original record: 


Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# record netflow-original

The following example configures the flow monitor to use a user-defined record named collect-ipv4-data: 


Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# record collect-ipv4-data

The following example configures the flow monitor to use the Flexible NetFlow IPv4 destination prefix record: 


Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# record netflow ipv4 destination-prefix

The following example configures the flow monitor to use a the Flexible NetFlow IPv6 destination prefix record: 


Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# record netflow ipv6 destination-prefix

Related Commands

Command

Description

flow monitor

Creates a flow monitor.

sampler

To create a Flexible NetFlow flow sampler, or to modify an existing Flexible NetFlow flow sampler, and to enter Flexible NetFlow sampler configuration mode, use the sampler command in global configuration mode. To remove a sampler, use the no form of this command.

sampler sampler-name

no sampler sampler-name

Syntax Description

sampler-name

Name of the flow sampler that is being created or modified.

Command Default

Flexible NetFlow flow samplers are not configured.

Command Modes


Global configuration (config)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

15.1(2)S

This command was modified. A hash collision between the name supplied and any existing name is now possible. If this happens, you can retry, supplying another name.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

Flow samplers are used to reduce the load placed by Flexible NetFlow on the networking device to monitor traffic by limiting the number of packets that are analyzed. You configure a rate of sampling that is 1 out of a range of 2 to 32,768 packets. For example, a rate of 1 out of 2 results in analysis of 50 percent of the packets sampled. Flow samplers are applied to interfaces in conjunction with a flow monitor to implement sampled Flexible NetFlow.

To enable flow sampling, you configure the record that you want to use for traffic analysis and assign it to a flow monitor. When you apply a flow monitor with a sampler to an interface, the sampled packets are analyzed at the rate specified by the sampler and compared with the flow record associated with the flow monitor. If the analyzed packets meet the criteria specified by the flow record, they are added to the flow monitor cache.

In Cisco IOS Release 15.1(2)S and later releases, a hash collision between the name supplied and any existing name is possible. If this happens, you can retry, supplying another name.

Examples

The following example creates a flow sampler name SAMPLER-1: 


Router(config)# sampler SAMPLER-1
Router(config-sampler)#

The following example shows the output when there is a hash collision between the name supplied and any existing name: 


Router(config-sampler)# sampler SAMPLER-1
% sampler: Failed to create a new Sampler (Hash value in use).
Router(config)#

Related Commands

Command

Description

clear sampler

Clears the flow sampler statistics.

debug sampler

Enables debugging output for flow samplers.

mode

Configures a packet interval for a flow sampler.

show sampler

Displays flow sampler status and statistics.

show flow exporter

To display Flexible NetFlow flow exporter status and statistics, use the show flow exporter command in privileged EXEC mode.

show flow exporter [broker {detail | picture} | export-ids {netflow-v5 | netflow-v9} | [name] exporter-name [statistics | templates] [option application {engines | table}]]

Cisco IOS XE Release 3.2SE

show flow exporter [export-ids netflow-v9 | [name] exporter-name [statistics | templates]]

Syntax Description

broker

(Optional) Displays the flow exporter broker.

broker detail

(Optional) Displays detailed information about the flow exporter broker.

broker picture

(Optional) Displays picture of flow exporter broker state.

export-ids netflow-v5

(Optional) Displays the NetFlow Version 5 export fields that can be exported and their IDs.

export-ids netflow-v9

(Optional) Displays the NetFlow Version 9 export fields that can be exported and their IDs.

name

(Optional) Specifies the name of a flow exporter.

exporter-name

(Optional) Name of a flow exporter that was previously configured.

statistics

(Optional) Displays flow exporter statistics.

templates

(Optional) Displays flow exporter template information.

option application engines

(Optional) Displays the application engines option for flow exporters.

option application table

(Optional) Displays the application table option for flow exporters.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE 3.1S

This command was modified. The option and application keywords were added.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

15.2.(2)T

This command was modified. The ability to display IPv6 addresses was added.

Cisco IOS XE 3.5S

This command was modified. The ability to display IPv6 addresses was added.

Cisco IOS XE Release 3.2SE

This command was modified. The export-ids netflow-v5 , option application engines , and option application table keywords were removed.

Examples

The following example displays the status and statistics for all of the flow exporters configured on a router: 


Router# show flow exporter

Flow Exporter FLOW-MONITOR-1:
  Description:              Exports to the datacenter
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: 172.16.10.2
    Source IP address:      172.16.6.2
    Source Interface:       Ethernet0/0
    Transport Protocol:     UDP
    Destination Port:       650
    Source Port:            55864
    DSCP:                   0x3F
    TTL:                    15
    Output Features:        Used

Flow Exporter FLOW-MONITOR-2:
  Description:              Exports to the datacenter
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: 2222::2/64
    Source IP address:      1111::1/64
    Transport Protocol:     UDP
    Destination Port:       4739
    Source Port:            49936
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Not Used

Options Configuration:
    exporter-stats (timeout 120 seconds)
    interface-table (timeout 120 seconds)

sampler-table (timeout 120 seconds)

The table below describes the significant fields shown in the display.

Table 2. show flow exporter Field Descriptions

Field

Description

Flow Exporter

The name of the flow exporter that you configured.

Description

The description that you configured for the exporter, or the default description “User defined”.

Transport Configuration

The transport configuration fields for this exporter.

Destination IP address

The IP address of the destination host.

Source IP address

The source IP address used by the exported packets.

Transport Protocol

The transport layer protocol used by the exported packets.

Destination Port

The destination UDP port to which the exported packets are sent.

Source Port

The source UDP port from which the exported packets are sent.

DSCP

The differentiated services code point (DSCP) value.

TTL

The time-to-live value.

The following example displays the NetFlow Version 9 export IDs for all of the flow exporters configured on a router. This output will vary according to the flow record configured: 

Router#show flow exporter export-ids netflow-v9
Export IDs used by fields in NetFlow-v9 export format:
  misc unsupported                           : 37027
  datalink source-vlan-id                    :    58
  datalink destination-vlan-id               :    59
  datalink encap-size                        :   242
  datalink ethertype                         :   256
  datalink length header                     :   240
  datalink length payload                    :   241
  datalink section header                    :   315
  datalink vlan input                        :    58
  datalink dot1q vlan input                  :   243
  datalink dot1q vlan output                 :   254
  datalink dot1q ce-vlan                     :   245
  datalink dot1q priority                    :   244
  datalink dot1q ce-priority                 :   246
  datalink l2vpn metro vcid                  :   247
  datalink l2vpn metro vctype                :   248
  datalink mac source-address                :    56
  datalink mac destination-address           :    80
  datalink mac source address input          :    56
  datalink mac source address output         :    81
  datalink mac destination address input     :    80
  datalink mac destination address output    :    57
  ip version                                 :    60
  ip tos                                     :     5
  ip dscp                                    :   195
  ip precedence                              :   196
  ip protocol                                :     4
  ip ttl                                     :   192
  ip ttl minimum                             :    52
  ip ttl maximum                             :    53
  ip length header                           :   189
  ip length payload                          :   204
  ip length total                            :   224
  ip length total minimum                    :    25
  ip length total maximum                    :    26
  ip fragmentation flags                     :   197
  ip fragmentation offset                    :    88
  ip fragmentation id                        :    54
  ip section header                          :   313
  ip section payload                         :   314
  routing source as                          :    16
  routing destination as                     :    17
  routing source as peer                     :   129
  routing destination as peer                :   128
  routing source as 4-octet                  :    16
  routing destination as 4-octet             :    17
  routing source as peer 4-octet             :   129
  routing destination as peer 4-octet        :   128
  routing source traffic-index               :    92
  routing destination traffic-index          :    93
  routing forwarding-status                  :    89
  routing is-multicast                       :   206
  routing multicast replication-factor       :    99
  routing vrf input                          :   234
  routing vrf name                           :   236
  routing next-hop address ipv4              :    15
  routing next-hop address ipv4 bgp          :    18
  routing next-hop address ipv6              :    62
  routing next-hop address ipv6 bgp          :    63
  ipv4 header-length                         :   207
  ipv4 total-length                          :   190
  ipv4 source address                        :     8
  ipv4 source prefix                         :    44
  ipv4 source mask                           :     9
  ipv4 destination address                   :    12
  ipv4 destination prefix                    :    45
  ipv4 destination mask                      :    13
  ipv4 option map                            :   208
  ipv6 flow-label                            :    31
  ipv6 next-header                           :   193
  ipv6 payload-length                        :   191
  ipv6 extension map                         :    64
  ipv6 source address                        :    27
  ipv6 source prefix                         :   170
  ipv6 source mask                           :    29
  ipv6 destination address                   :    28
  ipv6 destination prefix                    :   169
  ipv6 destination mask                      :    30
  transport source-port                      :     7
  transport destination-port                 :    11
  transport packets expected counter         : 37014
  transport packets expected counter long    : 37014
  transport packets expected counter permane : 37015
  transport packets lost counter             : 37019
  transport packets lost counter long        : 37019
  transport packets lost counter permanent   : 37020
  transport packets lost rate                : 37021
  transport round-trip-time                  : 37016
  transport event packet-loss counter        : 37017
  transport event packet-loss counter long   : 37017
  transport event packet-loss counter perman : 37018
  transport rtp jitter mean                  : 37023
  transport rtp jitter minimum               : 37024
  transport rtp jitter maximum               : 37025
  transport rtp ssrc                         : 37022
  transport icmp ipv4 type                   :   176
  transport icmp ipv4 code                   :   177
  transport icmp ipv6 type                   :   178
  transport icmp ipv6 code                   :   179
  transport igmp type                        :    33
  transport tcp source-port                  :   182
  transport tcp destination-port             :   183
  transport tcp sequence-number              :   184
  transport tcp acknowledgement-number       :   185
  transport tcp header-length                :   188
  transport tcp window-size                  :   186
  transport tcp urgent-pointer               :   187
  transport tcp flags                        :     6
  transport tcp option map                   :   209
  transport udp source-port                  :   180
  transport udp destination-port             :   181
  transport udp message-length               :   205
  interface input snmp                       :    10
  interface output snmp                      :    14
  interface input snmp short                 :    10
  interface output snmp short                :    14
  interface input physical snmp              :   252
  interface output physical snmp             :   253
  interface name short                       :    82
  interface name long                        :    83
  flow direction                             :    61
  flow exporter                              :   144
  flow sampler                               :    48
  flow sampler algorithm export              :    49
  flow sampler interval                      :    50
  flow sampler name                          :    84
  flow class                                 :    51
  flow class export                          :    95
  flow class name                            :    96
  flow class description                     :    94
  stats error absolute                       :   320
  flow cts source group-tag                  : 34000
  flow cts destination group-tag             : 34001
  counter flows                              :     3
  counter bytes                              :     1
  counter bytes long                         :     1
  counter packets                            :     2
  counter packets long                       :     2
  counter bytes replicated                   :    20
  counter bytes replicated long              :    20
  counter packets replicated                 :    19
  counter packets replicated long            :    19
  counter bytes squared long                 :   198
  counter bytes permanent                    :    85
  counter packets permanent                  :    86
  counter bytes replicated permanent         :   175
  counter packets replicated permanent       :   174
  counter bytes squared permanent            :   199
  counter bytes exported                     :    40
  counter packets exported                   :    41
  counter bytes rate                         : 37003
  counter packets rate                       : 37002
  counter flows exported                     :    42
  counter packets dropped                    : 37000
  counter packets dropped long               : 37000
  counter packets dropped permanent          : 37001
  timestamp sys-uptime first                 :    22
  timestamp sys-uptime last                  :    21
  timestamp interval                         : 37013
  timestamp absolute first                   :   152
  timestamp absolute last                    :   153
  application id                             :    95
  application name                           :    96
  application description                    :    94
  application media bytes counter            : 37004
  application media bytes counter long       : 37004
  application media bytes counter permanent  : 37005
  application media bytes rate               : 37006
  application media packets counter          : 37007
  application media packets counter long     : 37007
  application media packets counter permanen : 37008
  application media packets rate             : 37009
  application media packets rate variation   : 37010
  application media event                    : 37011
  monitor event                              : 37012
  waas dre input                             : 36000
  waas dre output                            : 36001
  waas lz input                              : 36002
  waas lz output                             : 36003
  waas original bytes                        : 36004
  waas optimised bytes                       : 36005
  waas application                           : 36006
  waas class                                 : 36007
  waas connection mode                       : 36008
  art response time sum                      : 42071
  art response time minimum                  : 42073
  art response time maximum                  : 42072
  art server response time sum               : 42074
  art server response time minimum           : 42076
  art server response time maximum           : 42075
  art network time sum                       : 42081
  art network time minimum                   : 42083
  art network time maximum                   : 42082
  art client network time sum                : 42084
  art client network time minimum            : 42086
  art client network time maximum            : 42085
  art server network time sum                : 42087
  art server network time minimum            : 42089
  art server network time maximum            : 42088
  art total response time sum                : 42077
  art total response time minimum            : 42079
  art total response time maximum            : 42078
  art total transaction time sum             : 42041
  art total transaction time minimum         : 42043
  art total transaction time maximum         : 42042
  art count transactions                     : 42040
  art server packets                         :   299
  art server bytes                           :   232
  art count retransmissions                  : 42036
  art client packets                         :   298
  art client bytes                           :   231
  art count new connections                  : 42050
  art count responses                        : 42060
  art count late responses                   : 42068
  waas bytes input                           : 36009
  waas bytes output                          : 36010
  waas optimization segment                  : 42020
  art count responses histogram bucket1      : 42061
  art count responses histogram bucket2      : 42062
  art count responses histogram bucket3      : 42063
  art count responses histogram bucket4      : 42064
  art count responses histogram bucket5      : 42065
  art count responses histogram bucket6      : 42066
  art count responses histogram bucket7      : 42067
  counter server bytes                       :    23
  counter server packets                     :    24
  datalink event                             : 43000
  datalink event extended                    : 43002
  flow end-reason                            :   136
  connection initiator                       :   239
  connection new-connections                 :   278
  connection sum-duration                    :   279
  connection transaction-id                  :   280
  counter bytes rate per-flow                : 37028
  counter bytes rate per-flow min            : 37029
  counter bytes rate per-flow max            : 37030
  counter packets rate per-flow              : 37031
  counter packets rate per-flow min          : 37032
  counter packets rate per-flow max          : 37033
  application media bytes rate per-flow min  : 37035
  application media bytes rate per-flow max  : 37036
  application media packets rate variation m : 37038
  application media packets rate variation m : 37039
  transport rtp flow count                   : 37040
  transport event packet-loss counter min    : 37044
  transport event packet-loss counter max    : 37045
  transport packets lost counter min         : 37042
  transport packets lost counter max         : 37043
  transport tcp flow count                   : 37049
  transport round-trip-time min              : 37052
  transport round-trip-time max              : 37053
  transport round-trip-time sum              : 37050
  transport round-trip-time samples          : 37051
  application media bytes rate per-flow      : 37034
  transport rtp payload-type                 : 37041
  transport packets lost rate min            : 37047
  transport packets lost rate max            : 37048
  flow active timeout                        :    36
  flow end                                   :   153
  package id                                 : 32775
  access string                              : 32789
  info string                                : 32790
  link id                                    : 32810
  mos worst 100                              : 42115
  mos quality                                : 42123
  mos total count                            : 42124
  counter server bytes                       :    23
  counter server packets                     :    24
  flow class wide                            :    95
  counter packets dropped permanent short    : 37001
  transport packets lost counter permanent s : 37020
  transport round-trip-time sum short        : 37050
  transport packet loss                      :    65
  transport unreachability                   :    66
  tranport latency                           :    67
  data points                                :    68
  variance                                   :    69
  pfr br ipv4 address                        : 39000
  pfr status                                 : 39001
  reason id                                  : 39002
  threshold                                  : 39003
  pfr priority                               : 39004
  long-term round-trip-time                  : 39006
  mos below                                  : 39007
  rsvp bw pool                               : 39008
  flow left time                             : 39009
  bw percentage                              : 39010
  bw fee                                     : 39011
  transport source-port min                  : 39012
  transport source-port max                  : 39013
  transport destination-port min             : 39014
  transport destination-port max             : 39015
  application version                        :   105
  application version name                   :   106
  application vendor                         :   107
  metadata global-session-id                 : 37054
  metadata multi-party-session-id            : 37055
  metadata clock-rate                        : 37056
  capacity                                   : 39016
  ingress bw                                 : 39017
  ingress bw long                            : 39017
  max ingress bw                             : 39018
  egress bw                                  : 39019
  egress bw long                             : 39019
  max egress bw                              : 39020
  ingress rollup bw                          : 39021
  egress rollup bw                           : 39022
  kth rollup bw                              : 39023
  link group name                            : 39024
  bgp community                              : 39025
  bgp prepend                                : 39026
  entrance downgrade                         : 39027
  discard rollup count                       : 39028
  l4r server ipv4 address                    : 44000
  l4r server transport port                  : 44001
  l4r server ipv6 address                    : 44002
  l4r event                                  : 44003
  l4r event timestamp                        : 44004
  flow id                                    :   148
  application category name                  : 45000
  application sub category name              : 45001
  application group name                     : 45002
  p2p technology                             :   288
  tunnel technology                          :   289
  encrypted technology                       :   290
  server response time average               : 37059
  refused sessions                           : 37060
  client network delay average               : 37061
  server network delay average               : 37062
  network delay average                      : 37063
  application delay average                  : 37064
  session time minimum                       : 37065
  session time maximum                       : 37066
  session time average                       : 37067
  transaction time average                   : 37068
  closed sessions                            : 37069
  retransmitted packets                      : 37070
  transport bytes out-of-order               : 37071
  client throughput average                  : 37072
  unresponsive sessions                      : 37073
  transport packets out-of-order             : 37074
  IPv4 source observation node               : 37075
  IPv4 destination observation node          : 37076
  IPv6 source observation node               : 37077
  IPv6 destination observation node          : 37078
  pfr one-way-delay sum                      : 37079
  pfr one-way-delay samples                  : 37080
  pfr one-way-delay                          : 37081
  packet arrival timestamp                   : 37082
  transport tcp window-size minimum          : 37083
  transport tcp window-size maximum          : 37084
  transport tcp window-size average          : 37085
  transport tcp maximum-segment-size         : 37086
  sub application tag                        :    97
  sub application name                       :   109
  sub application description                :   110
  datalink vlan output                       :    59
  application http uri statistics            : 42125
  flow sampler hash digest-value             :   326
  c3pl class cce-id                          : 41001
  c3pl class name                            : 41002
  c3pl class type                            : 41003
  c3pl policy cce-id                         : 41004
  c3pl policy name                           : 41005
  c3pl policy type                           : 41006
  mpls label 1 ttl                           :   200
  mpls label 1 exp                           :   203
  mpls label 1 type                          :    46
  mpls label 1 details                       :    70
  mpls label 2 details                       :    71
  mpls label 3 details                       :    72
  mpls label 4 details                       :    73
  mpls label 5 details                       :    74
  mpls label 6 details                       :    75
  template parameter range end               :   111
  template identifier                        :   145
  template element identifier                :   303
  transport tcp window-size sum              : 37091
  timestamp absolute monitoring-interval end :   360
  transport rtp jitter mean sum              : 37093
  application media packets rate variation s : 37094
  connection delay response to-server sum    : 42071
  connection delay response to-server min    : 42073
  connection delay response to-server max    : 42072
  connection server counter responses        : 42060
  connection delay response to-server histog : 42061
  connection delay response to-server histog : 42062
  connection delay response to-server histog : 42063
  connection delay response to-server histog : 42064
  connection delay response to-server histog : 42065
  connection delay response to-server histog : 42066
  connection delay response to-server histog : 42067
  connection delay response to-server histog : 42068
  connection delay network to-server sum     : 42087
  connection delay network to-server min     : 42089
  connection delay network to-server max     : 42088
  connection delay network to-client sum     : 42084
  connection delay network to-client min     : 42086
  connection delay network to-client max     : 42085
  connection client counter packets retransm : 42036
  connection delay network client-to-server  : 42081
  connection delay network client-to-server  : 42083
  connection delay network client-to-server  : 42082
  connection delay application sum           : 42074
  connection delay application min           : 42076
  connection delay application max           : 42075
  connection delay response client-to-server : 42077
  connection delay response client-to-server : 42079
  connection delay response client-to-server : 42078
  connection transaction duration sum        : 42041
  connection transaction duration min        : 42043
  connection transaction duration max        : 42042
  connection transaction counter complete    : 42040
  connection server counter bytes long       :   232
  connection server counter packets long     :   299
  connection client counter bytes long       :   231
  connection client counter packets long     :   298
  connection client ipv4 address             : 45004
  connection client transport port           : 45008
  connection client ipv6 address             : 45006
  connection server ipv4 address             : 45005
  connection server transport port           : 45009
  connection server ipv6 address             : 45007
  routing vrf output                         :   235
  services waas segment                      : 42020
  services waas passthrough-reason           : 42021
  policy qos classification hierarchy        : 41000
  policy performance-monitor classification  : 41000
  template enterprise number                 :   346
  policy qos queue index                     : 42128
  policy qos queue drops                     : 42129
  counter bytes layer2                       :   352
  counter bytes layer2 long                  :   352
  counter bytes layer2 permanent             :   353
  transport tcp option map long              :   209
  timestamp absolute monitoring-interval sta :   359
  transport tcp window-size average sum      : 37095
  flow cts source group-tag name             : 34002
  connection id                              : 45010
  application video resolution width last    : 37500
  application video resolution height last   : 37501
  application video frame rate               : 37502
  application video payload bitrate average  : 37503
  application video payload bitrate fluctuat : 37504
  application video frame I counter frames   : 37505
  application video frame I counter packets  : 37506
  application video frame I counter bytes    : 37507
  application video frame STR counter frames : 37508
  application video frame STR counter packet : 37509
  application video frame STR counter bytes  : 37510
  application video frame LTR counter frames : 37511
  application video frame LTR counter packet : 37512
  application video frame LTR counter bytes  : 37513
  application video frame super-P counter fr : 37514
  application video frame super-P counter pa : 37515
  application video frame super-P counter by : 37516
  application video frame NR counter frames  : 37517
  application video frame NR counter packets : 37518
  application video frame NR counter bytes   : 37519
  application video frame I slice-quantizati : 37520
  application video frame STR slice-quantiza : 37521
  application video frame LTR slice-quantiza : 37522
  application video frame super-P slice-quan : 37523
  application video frame NR slice-quantizat : 37524
  application video eMOS compression bitstre : 37525
  application video eMOS compression network : 37526
  application video frame I counter packets  : 37527
  application video frame STR counter packet : 37528
  application video frame LTR counter packet : 37529
  application video frame super-P counter pa : 37530
  application video frame NR counter packets : 37531
  application video frame percentage damaged : 37532
  application video eMOS packet-loss bitstre : 37533
  application video eMOS packet-loss network : 37534
  application video scene-complexity         : 37535
  application video level-of-motion          : 37536
  transport rtp sequence-number              : 37537
  transport rtp sequence-number last         : 37538
  services pfr class-tag-id                  : 39029
  services pfr mc-id                         : 39030
  interface input type                       :   368
  interface output type                      :   369
  interface input fex-node-id                : 41101
  interface output fex-node-id               : 41102
  flow username                              :   371
  interface power                            : 41103
  monitor device-type                        : 41104
  transport tcp maximum-segment-size         : 37086
  wireless ssid                              :   147
  wireless ap mac address                    :   367
  wireless client mac address                :   365
  wireless client ipv4 address               :   366
  ip dscp output                             :    98
  pbhk mapped ipv4 address                   : 44005
  pbhk mapped transport port                 : 44006
  pbhk event                                 : 44007
  pbhk event timestamp                       : 44008
  transport rtp jitter inter arrival sum     : 37096
  transport rtp jitter inter arrival samples : 37097
  transport rtp jitter inter arrival mean    : 37098
  pfr site source id ipv4                    : 37099
  pfr site destination id ipv4               : 37100
  transport bytes lost                       : 37101
  transport bytes expected                   : 37102
  transport bytes lost rate                  : 37103
  transport jitter mean                      :   385
  transport jitter mean                      :   386
  transport jitter mean                      :   387
  connection client counter bytes retransmit : 42035
  connection server counter bytes retransmit : 42037
  connection server counter packets retransm : 42038
  counter bytes long aor                     :     1
  counter packets long aor                   :     2
  timestamp sys-uptime first aor             :    22
  application voice number called            : 37200
  application voice number calling           : 37201
  application voice setup time               : 37202
  application voice call duration            : 37203
  application voice rx bad-packet            : 37204
  application voice rx out-of-sequence       : 37205
  application voice codec id                 : 37206
  application voice play delay current       : 37207
  application voice play delay minimum       : 37208
  application voice play delay maximum       : 37209
  application voice sip call-id              : 37210
  application voice router global-call-id    : 37211
  application voice delay round-trip         : 37212
  application voice delay end-point          : 37213
  application voice r-factor 1               : 37214
  application voice r-factor 2               : 37215
  application voice mos conversation         : 37216
  application voice mos listening            : 37217
  application voice concealment-ratio averag : 37218
  application voice jitter configured type   : 37219
  application voice jitter configured minimu : 37220
  application voice jitter configured maximu : 37221
  application voice jitter configured initia : 37222
  application voice rx early-packet count    : 37223
  application voice rx late-packet count     : 37224
  application voice jitter buffer-overrun    : 37225
  application voice packet conceal-count     : 37226
  flow monitor                               :   143
  application http uri statistics            : 42125
  flow observation point                     :   138
  pfr site source id ipv6                    : 37099
  pfr site destination id ipv6               : 37100
  network delay sum                          : 37104
  network delay sample                       : 37105
  pfr counter event error traffic-class miti : 37106
  pfr counter event error traffic-class miti : 37107
  pfr counter event error traffic-class miti : 37108
  pfr site source prefix ipv4                : 37109
  pfr site destination prefix ipv4           : 37110
  pfr site source prefix ipv6                : 37111
  pfr site destination prefix ipv6           : 37112
  pfr site source prefix mask ipv4           : 37113
  pfr site destination prefix mask ipv4      : 37114
  pfr site source prefix mask ipv6           : 37115
  pfr site destination prefix mask ipv6      : 37116
  connection server counter bytes network lo : 41105
  connection client counter bytes network lo : 41106
  connection server counter bytes transport  :   232
  connection client counter bytes transport  :   231
  connection concurrent-connections          : 42018
  application transaction counter new        : 42019
  connection delay network long-lived to-ser : 42022
  connection delay network long-lived to-cli : 42023
  connection delay network long-lived client : 42024
  connection delay network client-to-server  : 42025
  connection delay network to-server num-sam : 42026
  connection delay network to-client num-sam : 42027
  ipv4 source address nat                    :   225
  ipv4 destination address nat               :   226
  transport source-port nat                  :   227
  transport destination-port nat             :   228
  policy firewall class name                 :   100
  policy firewall event                      :   233
  policy firewall event extended             : 35001
  policy firewall event extended description : 35010
  policy firewall event timestamp            :   323
  policy firewall event level                : 33003
  policy firewall event level id             : 33004
  policy firewall zone-pair id               : 35007
  policy firewall zone-pair name             : 35009
  policy firewall incomplete count           : 35012
  policy firewall incomplete high-watermark  : 35005
  policy firewall incomplete rate            : 35006
  policy firewall blackout time              : 35004
  policy firewall sessions maximum           : 35008
  policy firewall configured value           : 33005
  flow class                                 :    51
  wireless afd drop packets                  : 41107
  wireless afd accept packets                : 41108
  wireless afd drop bytes                    : 41109
  wireless afd accept bytes                  : 41110
  audio rtp packets lost                     : 33050
  audio rtp packets expected                 : 33051
  audio rtp fwd out-of-sequence sum          : 33052
  audio rtp seconds ok                       : 33053
  audio rtp seconds concealed                : 33054
  audio rtp seconds concealed severe         : 33055
  audio rtp jitter ticks                     : 33056
  audio g107 impairment                      : 33057
  audio g107 lossRate                        : 33058
  audio g107 codec baseline                  : 33059
  audio g107 codec baseline bpl              : 33060
  audio g107 impairment one-way-delay        : 33061
  audio concealment ratio now                : 33062
  audio concealment ratio minimum            : 33063
  audio concealment ratio maximum            : 33064
  audio concealment time                     : 33065
  audio speech time                          : 33066
  audio packets ok                           : 33067
  audio packets cs                           : 33068
  audio packets scs                          : 33069
  audio packets rtp                          : 33070
  audio packets silence                      : 33071
  audio duration receive                     : 33072
  audio duration receive voice               : 33073
  audio duration early packet                : 33074
  audio duration clock adjust                : 33075
  audio duration playout increase            : 33076
  audio duration playout decrease            : 33077
  audio duration late discard                : 33078
  audio frame size                           : 33079
  audio frames-per-packet                    : 33080
  audio frame arriving times difference      : 33081
  audio frame arriving times difference vari : 33082
  audio noise level current                  : 33083
  audio noise level average                  : 33084
  audio noise level minimum                  : 33085
  audio noise level maximum                  : 33086
  audio noise level configured               : 33087
  audio snr current                          : 33088
  audio snr average                          : 33089
  audio snr minimum                          : 33090
  audio snr maximum                          : 33091
  audio snr configured                       : 33092
  pfr service provider tag identifier        : 37117
  pfr label identifier                       : 37118
  routing pw destination address             :   432
  flow cts switch derived-sgt                : 34004
  application traffic-class                  : 45011
  application business-relevance             : 45012
  iOAM my node-id                            : 38001
  iOAM my node name                          : 38002
  start timestamp                            : 38003
  end timestamp                              : 38004
  IOAM packet counter                        : 38005
  IOAM byte count                            : 38006
  IOAM cs0 packet counter                    : 38007
  IOAM cs0 byte count                        : 38008
  IOAM cs1 packet counter                    : 38009
  IOAM cs1 byte count                        : 38010
  IOAM cs2 packet counter                    : 38011
  IOAM cs2 byte count                        : 38012
  IOAM cs3 packet counter                    : 38013
  IOAM cs3 byte count                        : 38014
  IOAM cs4 packet counter                    : 38015
  IOAM cs4 byte count                        : 38016
  IOAM cs5 packet counter                    : 38017
  IOAM cs5 byte count                        : 38018
  IOAM cs6 packet counter                    : 38019
  IOAM cs6 byte count                        : 38020
  IOAM cs7 packet counter                    : 38021
  IOAM cs7 byte count                        : 38022
  IOAM lost packet counter                   : 38023
  IOAM duplicate packet counter              : 38024
  IOAM reordered packet counter              : 38025
  IOAM highest PPC sequence number           : 38026
  iOAM node-id                               : 38027
  ipv6 protocol filed                        : 38028
  iOAM E2E Header                            : 38029
  iOAM Path Map                              : 38030
  iOAM number of nodes                       : 38031
  iOAM node1 id                              : 38032
  iOAM node1 in if id                        : 38033
  iOAM node1 eif id                          : 38034
  iOAM node2 id                              : 38035
  iOAM node2 in if id                        : 38036
  iOAM node2 eif id                          : 38037
  iOAM node3 id                              : 38038
  iOAM node3 in if id                        : 38039
  iOAM node3 eif id                          : 38040
  iOAM node4 id                              : 38041
  iOAM node4 in if id                        : 38042
  iOAM node4 eif id                          : 38043
  iOAM Application metadata                  : 38044
  iOAM sfc-id                                : 38045
  iOAM sfc validated count                   : 38046
  iOAM sfc invalidated count                 : 38047
  ipv4 splt                                  : 44941
  ipv4 idp                                   : 44940
  ipv4 bd                                    : 44944
  application set name                       : 44999
  vxlan vnid                                 :   351
  vxlan sgt                                  : 33200
  vxlan flags                                : 33201
  application family name                    : 44998
  overlay session id input                   : 45200
  overlay session id output                  : 45201
  routing vrf service                        : 45202
  tloc table overlay session id              : 45203
  tloc local system ip address               : 45204
  tloc local color                           : 45205
  tloc remote system ip address              : 45206
  tloc remote color                          : 45207
  tloc tunnel protocol                       : 45208
  connection id long                         : 45209
  bandwidth used                             : 37300
  bandwidth used percentage                  : 37301
  Layer3 Virtual-Private-Network ID          :   482
  drop cause id                              : 45210
  counter bytes sdwan dropped long           : 45211
  sdwan sla-not-met                          : 45212
  sdwan preferred-color-not-met              : 45213
  sdwan qos-queue-id                         : 45214
  drop cause name                            : 45215
  counter packets sdwan dropped long         : 37000
  counter packets appqoe fec-d-pkts          : 45216
  counter packets appqoe fec-r-pkts          : 45217
  counter packets appqoe pkt-dup-d-pkts-orig : 45218
  counter packets appqoe pkt-dup-d-pkts-dup  : 45219
  counter packets appqoe pkt-dup-r-pkts      : 45220
  counter packets sdwan pkt-cxp-d-pkts       : 45221
  counter bytes appqoe ssl-read              : 45222
  counter bytes appqoe ssl-written           : 45223
  counter bytes appqoe ssl-en-read           : 45224
  counter bytes appqoe ssl-en-written        : 45225
  counter bytes appqoe ssl-de-read           : 45226
  counter bytes appqoe ssl-de-written        : 45227
  vxlan vtep input                           : 33202
  vxlan vtep output                          : 33203
  appqoe ssl service type                    : 45228
  appqoe ssl traffic type                    : 45229
  appqoe ssl policy action                   : 45230

The following example displays the status and statistics for all of the flow exporters configured on a router: 

Router#show flow exporter name sdwan_flow_exporter_1 statistics
Flow Exporter sdwan_flow_exporter_1:
  Packet send statistics (last cleared 1w4d ago):
    Successfully sent:         320167                (281428348 bytes)
    Reason not given:          21045                 (2435564 bytes)
 
  Client send statistics:
    Client: Option options interface-table
      Records added:           86676
        - sent:                86676
      Bytes added:             8667600
        - sent:                8667600
 
    Client: Option options tunnel-tloc-table
      Records added:           16605
        - sent:                16605
      Bytes added:             863460
        - sent:                863460
 
    Client: Option options drop-cause-table
      Records added:           7107432
        - sent:                7107432
      Bytes added:             248760120
        - sent:                248760120
 
    Client: Flow Monitor sdwan_flow_monitor
      Records added:           121918
        - sent:                117907
        - failed to send:      4011
      Bytes added:             9753440
        - sent:                9432560
        - failed to send:      320880

The table below describes the significant fields shown in the display.

Table 3. show flow exporter name exporter-name statistics Field Descriptions

Field

Description

Flow Exporter

The name of the flow exporter that you configured.

Packet send statistics

The packet transmission statistics for this exporter.

Ok

The number of packets that have been sent successfully.

No FIB

No entry in the Forwarding Information Base (FIB) to forward to.

Adjacency failure

No Cisco Express Forwarding (CEF) adjacency available for forwarding.

Enqueued to process level

Packets that were sent to the processor for forwarding.

Enqueueing failed

Packets that could not be queued for transmission.

IPC failed

Packets for which interprocess communication (IPC) failed.

Output failed

Packets that were dropped because the output queue was full.

Fragmentation failed

Packets that were not able to be fragmented.

Encap fixup failed

Packets that were not able to be encapsulated for transmission on the egress interface.

No destination address

No destination address configured for the exporter.

Client send statistics

Statistics for the flow monitors that are using the exporters.

Client

The name of the flow monitor that is using the exporter.

Records added

The number of flow records that have been added for this flow monitor.

Netflow records are sent by HSL. Record sending may fail due to the following causes:

  • No valid destination is configured. Verify the route using show ip cef dest-addr .

  • The packets built by HSL are dropped when sending to destination. Check for dropped packets using show platform hardware qfp active statistics drop .

Packets sent

The number of packets that have been exported for this flow monitor.

Packets dropped

The number of packets that were dropped for this flow monitor.

No Packet available error

The number of times that no packets were available to transmit the records.

The following example displays the template format for the exporters configured on the router. This output will vary according to the flow record configured: 


Router# show flow exporter FLOW_EXPORTER-1 templates

Flow Exporter FLOW-MONITOR-1:
  Client: Flow Monitor FLOW-MONITOR-1
  Exporter Format: NetFlow Version 9
  Template ID    : 256
  Record Size    : 53
  Template layout
  _____________________________________________________________________
  |                 Field                   |  Type1 | Offset2 |  Size3 |
  ---------------------------------------------------------------------
  | ipv4 source address                     |     8 |     0  |     4  |
  | ipv4 destination address                |    12 |     4  |     4  |
  | interface input snmp                    |    10 |     8  |     4  |
  | flow sampler                            |    48 |    12  |     4  |
  | transport source-port                   |     7 |    16  |     2  |
  | transport destination-port              |    11 |    18  |     2  |
  | ip tos                                  |   194 |    20  |     1  |
  | ip protocol                             |     4 |    21  |     1  |
  | ipv4 source mask                        |     9 |    22  |     1  |
  | ipv4 destination mask                   |    13 |    23  |     1  |
  | transport tcp flags                     |     6 |    24  |     1  |
  | routing source as                       |    16 |    25  |     2  |
  | routing destination as                  |    17 |    27  |     2  |
  | routing next-hop address ipv4           |    15 |    29  |     4  |
  | interface output snmp                   |    14 |    33  |     4  |
  | counter bytes                           |     1 |    37  |     4  |
  | counter packets                         |     2 |    41  |     4  |
  | timestamp sys-uptime first              |    22 |    45  |     4  |
  | timestamp sys-uptime last               |    21 |    49  |     4  |
  ---------------------------------------------------------------------

Related Commands

Command

Description

clear flow exporter

Clears the statistics for exporters.

debug flow exporter

Enables debugging output for flow exporters.

flow exporter

Creates a flow exporter.

show flow interface

To display the Flexible NetFlow configuration and status for an interface, use the show flow interface command in privileged EXEC mode.

show flow interface [type number]

Syntax Description

type

(Optional) The type of interface on which you want to display Flexible NetFlow accounting configuration information.

number

(Optional) The number of the interface on which you want to display Flexible NetFlow accounting configuration information.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Examples

The following example displays the Flexible NetFlow accounting configuration on Ethernet interfaces 0/0 and 0/1: 


Router# show flow interface ethernet 1/0

Interface Ethernet1/0
  FNF:  monitor:         FLOW-MONITOR-1
        direction:       Output
        traffic(ip):     on
Router# show flow interface ethernet 0/0
Interface Ethernet0/0
  FNF:  monitor:         FLOW-MONITOR-1
        direction:       Input
        traffic(ip):     sampler SAMPLER-2#

The table below describes the significant fields shown in the display.

Table 4. show flow interface Field Descriptions

Field

Description

Interface

The interface to which the information applies.

monitor

The name of the flow monitor that is configured on the interface.

direction:

The direction of traffic that is being monitored by the flow monitor.

The possible values are:

  • Input—Traffic is being received by the interface.

  • Output—Traffic is being transmitted by the interface.

traffic(ip)

Indicates if the flow monitor is in normal mode or sampler mode.

The possible values are:

  • on—The flow monitor is in normal mode.

  • sampler—The flow monitor is in sampler mode (the name of the sampler will be included in the display).

Related Commands

Command

Description

show flow monitor

Displays flow monitor status and statistics.

show flow monitor

To display the status and statistics for a Flexible NetFlow flow monitor, use the show flow monitor command in privileged EXEC mode.

show flow monitor [ [name] monitor-name [cache [format {csv | record | table}]] [statistics]]

Syntax Description

name

(Optional) Specifies the name of a flow monitor.

monitor-name

(Optional) Name of a flow monitor that was previously configured.

cache

(Optional) Displays the contents of the cache for the flow monitor.

format

(Optional) Specifies the use of one of the format options for formatting the display output.

csv

(Optional) Displays the flow monitor cache contents in comma separated variables (CSV) format.

record

(Optional) Displays the flow monitor cache contents in record format.

table

(Optional) Displays the flow monitor cache contents in table format.

statistics

(Optional) Displays the statistics for the flow monitor.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.4(20)T

This command was modified. Support for displaying IPv6 data in Flexible NetFlow flow monitor caches was added.

15.0(1)M

This command was modified. Support for displaying virtual routing and forwarding (VRF) and Network Based Application Recognition (NBAR) data in Flexible NetFlow flow monitor caches was added.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

The cache keyword uses the table format by default.

The uppercase field names in the display output of the show flowmonitor monitor-name cache command are key fields that Flexible NetFlow uses to differentiate flows. The lowercase field names in the display output of the show flow monitor monitor-name cache command are nonkey fields from which Flexible NetFlow collects values as additional data for the cache.

Examples

The following example displays the status for a flow monitor: 


Router# show flow monitor FLOW-MONITOR-1
 
Flow Monitor FLOW-MONITOR-1:
  Description:       Used for basic traffic analysis
  Flow Record:       netflow-original
  Flow Exporter:     EXP-DC-TOPEKA
                     EXP-DC-PHOENIX
  Cache:
    Type:              normal
    Status:            allocated
    Size:              4096 entries / 311316 bytes
    Inactive Timeout:  15 secs
    Active Timeout:    1800 secs
    Update Timeout:    1800 secs

The table below describes the significant fields shown in the display.

Table 5. show flow monitor monitor-name Field Descriptions

Field

Description

Flow Monitor

Name of the flow monitor that you configured.

Description

Description that you configured or the monitor, or the default description “User defined”.

Flow Record

Flow record assigned to the flow monitor.

Flow Exporter

Exporters that are assigned to the flow monitor.

Cache

Information about the cache for the flow monitor.

Type

Flow monitor cache type.

The possible values are:

  • immediate—Flows are expired immediately.

  • normal—Flows are expired normally.

  • Permanent—Flows are never expired.

Status

Status of the flow monitor cache.

The possible values are:

  • allocated—The cache is allocated.

  • being deleted—The cache is being deleted.

  • not allocated—The cache is not allocated.

Size

Current cache size.

Inactive Timeout

Current value for the inactive timeout in seconds.

Active Timeout

Current value for the active timeout in seconds.

Update Timeout

Current value for the update timeout in seconds.

The following example displays the status, statistics, and data for the flow monitor named FLOW-MONITOR-1: 


Router# show flow monitor FLOW-MONITOR-1 cache
 
  Cache type:                            Normal
  Cache size:                              4096
  Current entries:                            8
  High Watermark:                            10
  Flows added:                             1560
  Flows aged:                              1552
    - Active timeout   (  1800 secs)         24
    - Inactive timeout (    15 secs)       1528
    - Event aged                              0
    - Watermark aged                          0
    - Emergency aged                          0
IP TOS:                    0x00
IP PROTOCOL:               6
IPV4 SOURCE ADDRESS:       10.10.10.2
IPV4 DESTINATION ADDRESS:  172.16.10.2
TRNS SOURCE PORT:          20
TRNS DESTINATION PORT:     20
INTERFACE INPUT:           Et0/0
FLOW SAMPLER ID:           0
ip source as:              0
ip destination as:         0
ipv4 next hop address:     172.16.7.2
ipv4 source mask:          /0
ipv4 destination mask:     /24
tcp flags:                 0x00
interface output:          Et1/0
counter bytes:             198520
counter packets:           4963
timestamp first:           10564356
timestamp last:            12154104

The table below describes the significant fields shown in the display.

Table 6. show flow monitor monitor-name cache Field Descriptions

Field

Description

Cache type

Flow monitor cache type.

The possible values are:

  • Immediate—Flows are expired immediately.

  • Normal—Flows are expired normally.

  • Permanent—Flows are never expired.

Cache Size

Number of entries in the cache.

Current entries

Number of entries in the cache that are in use.

High Watermark

Highest number of cache entries seen.

Flows added

Flows added to the cache since the cache was created.

Flows aged

Flows expired from the cache since the cache was created.

Active timeout

Current value for the active timeout in seconds.

Inactive timeout

Current value for the inactive timeout in seconds.

Event aged

Number of flows that have been aged by an event such as using the force-export option for the clear flow monitor command.

Watermark aged

Number of flows that have been aged because they exceeded the maximum high watermark value.

Emergency aged

Number of flows that have been aged because the cache size was exceeded.

IP TOS

IP type of service (ToS) value.

IP PROTOCOL

Protocol number.

IPV4 SOURCE ADDRESS

IPv4 source address.

IPV4 DESTINATION ADDRESS

IPv4 destination address.

TRNS SOURCE PORT

Source port for the transport protocol.

TRNS DESTINATION PORT

Destination port for the transport protocol.

INTERFACE INPUT

Interface on which the input is received.

FLOW SAMPLER ID

Flow sampler ID number.

ip source as

Border Gateway Protocol (BGP) source autonomous system number.

ip destination as

BGP destination autonomous system number.

ipv4 next hop address

IPv4 address of the next hop to which the packet is forwarded.

ipv4 source mask

IPv4 source address mask.

ipv4 destination mask

IPv4 destination address mask.

tcp flags

Value of the TCP flags.

interface output

Interface on which the input is transmitted.

counter bytes

Number of bytes that have been counted.

counter packets

Number of packets that have been counted.

timestamp first

Time stamp of the first packet in the flow.

timestamp last

Time stamp of the last packet in the flow.

The following example displays the status, statistics, and data for the flow monitor named FLOW-MONITOR-1 in a table format: 


Router# show flow monitor FLOW-MONITOR-1 cache format table
 
  Cache type:                            Normal
  Cache size:                              4096
  Current entries:                            4
  High Watermark:                             6
  Flows added:                               90
  Flows aged:                                86
    - Active timeout   (  1800 secs)          0
    - Inactive timeout (    15 secs)         86
    - Event aged                              0
    - Watermark aged                          0
    - Emergency aged                          0
IP TOS  IP PROT  IPV4 SRC ADDR    IPV4 DST ADDR    TRNS SRC PORT  TRNS DST PORT
======  =======  ===============  ===============  =============  ==============
0x00          1  10.251.10.1      172.16.10.2                  0              02
0x00          1  10.251.10.1      172.16.10.2                  0           20484
0xC0         17  172.16.6.1       224.0.0.9                  520            5202
0x00          6  10.10.11.1       172.16.10.5                 25             252
Router#

The following example displays the status, statistics, and data for the flow monitor named FLOW-MONITOR-IPv6 (the cache contains IPv6 data) in record format: 


Router# show flow monitor name FLOW-MONITOR-IPv6 cache format record

  Cache type:                            Normal
  Cache size:                              4096
  Current entries:                            6
  High Watermark:                             8
  Flows added:                             1048
  Flows aged:                              1042
    - Active timeout   (  1800 secs)         11
    - Inactive timeout (    15 secs)       1031
    - Event aged                              0
    - Watermark aged                          0
    - Emergency aged                          0
IPV6 FLOW LABEL:           0
IPV6 EXTENSION MAP:        0x00000040
IPV6 SOURCE ADDRESS:       2001:DB8:1:ABCD::1
IPV6 DESTINATION ADDRESS:  2001:DB8:4:ABCD::2
TRNS SOURCE PORT:          3000
TRNS DESTINATION PORT:     55
INTERFACE INPUT:           Et0/0
FLOW DIRECTION:            Input
FLOW SAMPLER ID:           0
IP PROTOCOL:               17
IP TOS:                    0x00
ip source as:              0
ip destination as:         0
ipv6 next hop address:     ::
ipv6 source mask:          /48
ipv6 destination mask:     /0
tcp flags:                 0x00
interface output:          Null
counter bytes:             521192
counter packets:           9307
timestamp first:           9899684
timestamp last:            11660744

The table below describes the significant fields shown in the display.

Table 7. show flow monitor monitor-name cache format record Field Descriptions

Field

Description

Cache type

Flow monitor cache type.

The possible values are:

  • Immediate—Flows are expired immediately.

  • Normal—Flows are expired normally.

  • Permanent—Flows are never expired.

Cache Size

Number of entries in the cache.

Current entries

Number of entries in the cache that are in use.

High Watermark

Highest number of cache entries seen.

Flows added

Flows added to the cache since the cache was created.

Flows aged

Flows expired from the cache since the cache was created.

Active timeout

Current value for the active timeout in seconds.

Inactive timeout

Current value for the inactive timeout in seconds.

Event aged

Number of flows that have been aged by an event such as using the force-export option for the clear flow monitor command.

Watermark aged

Number of flows that have been aged because they exceeded the maximum high watermark value.

Emergency aged

Number of flows that have been aged because the cache size was exceeded.

IPV6 FLOW LABEL

Label number for the flow.

IPV6 EXTENSION MAP

Pointer to the IPv6 extensions.

IPV6 SOURCE ADDRESS

IPv6 source address.

IPV6 DESTINATION ADDRESS

IPv6 destination address.

TRNS SOURCE PORT

source port for the transport protocol.

TRNS DESTINATION PORT

Destination port for the transport protocol.

INTERFACE INPUT

Interface on which the input is received.

FLOW DIRECTION

Input or output.

FLOW SAMPLER ID

Flow sampler ID number.

IP PROTOCOL

IP protocol number.

IP TOS

IP ToS number.

ip source as

BGP source autonomous system number.

ip destination as

BGP destination autonomous system number.

ipv6 next hop address

IPv4 address of the next hop to which the packet is forwarded.

ipv6 source mask

IPv6 source address mask.

ipv6 destination mask

IPv6 destination address mask.

tcp flags

Value of the TCP flags.

interface output

Interface on which the input is transmitted.

counter bytes

Number of bytes that have been counted.

counter packets

Number of packets that have been counted.

timestamp first

Time stamp of the first packet in the flow.

timestamp last

Time stamp of the last packet in the flow.

The following example displays the status and statistics for a flow monitor: 


Router# show flow monitor FLOW-MONITOR-1 statistics
  
  Cache type:                            Normal
  Cache size:                              4096
  Current entries:                            4
  High Watermark:                             6
  Flows added:                              116
  Flows aged:                               112
    - Active timeout   (  1800 secs)          0
    - Inactive timeout (    15 secs)        112
    - Event aged                              0
    - Watermark aged                          0
    - Emergency aged                          0

The table below describes the significant fields shown in the display.

Table 8. show flow monitor monitor-name statistics Field Descriptions

Field

Description

Cache Type

Flow monitor cache type.

The possible values are:

  • Immediate—Flows are expired immediately.

  • Normal—Flows are expired normally.

  • Permanent—Flows are never expired.

Cache Size

Size of the cache.

Current entries

Number of entries in the cache that are in use.

High Watermark

Highest number of cache entries seen.

Flows added

Flows added to the cache since the cache was created.

Flows aged

Flows expired from the cache since the cache was created.

Active Timeout

Current value for the active timeout in seconds.

Inactive Timeout

Current value for the inactive timeout in seconds.

Event aged

Number of flows that have been aged by an event such as using the force-export option for the clear flow monitor command.

Watermark aged

Number of flows that have been aged because they exceeded the maximum high watermark value.

Emergency aged

Number of flows that have been aged because the cache size was exceeded.

Related Commands

Command

Description

clear flow monitor

Clears the flow monitor.

debug flow monitor

Enables debugging output for flow monitors.

show flow monitor cache aggregate

To display aggregated flow statistics from a flow monitor cache, use the show flow monitor cache aggregate command in privileged EXEC mode.

show flow monitor [name] monitor-name cache aggregate {options [. . . options] [collect options [. . . options]] | record record-name} [format {csv | record | table}]

Syntax Description

name

(Optional) Specifies the name of a flow monitor.

monitor-name

Name of a flow monitor that was previously configured.

options

Fields upon which aggregation is performed; and from which additional data from the cache is displayed when the collect keyword is used. You can specify multiple values for the options argument. See the “Usage Guidelines” section.

collect

(Optional) Displays additional data from the cache. See the “Usage Guidelines” section.

record record-name

Specifies the name of a user-defined flow record or a predefined flow record. See the first table below for a listing of the available predefined records and their definitions.

format

(Optional) Specifies the use of one of the format options for formatting the display output.

csv

Displays the flow monitor cache contents in comma-separated variables (CSV) format.

record

Displays the flow monitor cache contents in record format.

table

Displays the flow monitor cache contents in table format.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(22)T

This command was introduced.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

Flexible NetFlow—Top N Talkers Support

The show flow monitor cacheaggregate command is one of a set of three commands that make up the Flexible NetFlow—Top N Ta lkers Support feature. The Flexible NetFlow—Top N Talkers Support feature is used to manipulate the display output from the Flexible NetFlow cache to facilitate the analysis of network traffic.

The other two commands that make up the Flexible NetFlow—Top N Talkers Support feature are show flow monitor cache filter and show flow monitor cache sort . The three commands can be used together or on their own, depending on your requirements. For more detailed information about these commands, see the show flow monitor cache filter command and the show flow monitor cache sort command. For information about how the three commands are used together, refer to the “Configuring Cisco IOS Flexible NetFlow—Top N Talkers Support” module in the Configuring Cisco IOS Flexible NetFlow Configuration Guide.

Flow Aggregation

Flow aggregation using the showflow monitor cache aggregate command allows you to dynamically display the flow information in a cache using a different flow record than the cache was originally created from. Only the fields in the cache will be available for the aggregated flows.


Note

The key and nonkey fields in the flows are defined in the flow record that you assigned to the flow monitor from which the cache data is being aggregated.

Aggregation helps you achieve a higher-level view of the traffic in your network by combining flow data from multiple flows based on the criteria that interest you, for example, displaying flow data for:

  • All the HTTP traffic in your network.

  • All the traffic being forwarded to a specific Border Gateway Protocol (BGP) next hop.

  • Identifying a device that is sending several types of traffic to one or more hosts in your network, perhaps as part of a denial of service (DoS) attack.

Aggregation options Argument

The options that you can use for the options argument of the show flow monitor cache aggregate command are dependent on the fields that are used for the user-defined flow record that you configured for the flow monitor using the record command. To identify the options that you can use, use the show flow record record-name command in privileged EXEC mode, where record-name is the name of the record that you configured for the flow monitor.

For example, if you assigned the “NetFlow Original” predefined record to a flow monitor, you use the show flow record netflow-original command to display its key (match) and nonkey (collect) fields. The following is partial output from the show flow record netflow-original command: 


flow record netflow-original:
  Description:        Traditional IPv4 input NetFlow with origin ASs
  No. of users:       2
  Total field space:  53 bytes
  Fields:
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
.
.
.
    collect counter packets
    collect timestamp sys-uptime first
    collect timestamp sys-uptime last

The fields from this partial output that you can use for the option argument follow the match (key fields) and collect (nonkey fields) words. For example, you can use the “ipv4 tos” field to aggregate the flows as shown in the first example in the “Examples section.

Cache Data Fields Displayed

By default the data fields from the cache that are shown in the display output of the show flow monitor cache aggregate command are limited to the field used for aggregation and the counter fields such as flows, number of bytes, and the number of packets. The following is partial output from the show flow monitor FLOW-MONITOR-3 cache aggregate ipv4 destination address command: 


IPV4 DST ADDR         flows       bytes        pkts
===============  ==========  ==========  ==========
224.192.16.1              2       97340        4867
224.192.18.1              3       96080        4804
224.192.16.4              4       79760        3988
224.192.45.12             3       77480        3874
255.255.255.255           1          52           1

Notice that the data contains only the IPv4 destination addresses for which flows have been aggregated and the counter values.

The flow monitor (FLOW-MONITOR-3) referenced by the show flow monitor FLOW-MONITOR-3 cache aggregate ipv4 destination address command uses the “NetFlow Original” predefined record, which contains the following key and nonkey fields:

  • match ipv4 tos

  • match ipv4 protocol

  • match ipv4 source address

  • match ipv4 destination address

  • match transport source-port

  • match transport destination-port

  • match interface input

  • match flow sampler

  • collect routing source as

  • collect routing destination as

  • collect routing next-hop address ipv4

  • collect ipv4 source mask

  • collect ipv4 destination mask

  • collect transport tcp flags

  • collect interface output

  • collect counter bytes

  • collect counter packets

  • collect timestamp sys-uptime first

  • collect timestamp sys-uptime last

The collect keyword is used to include additional cache data in the display output of the show flow monitor cache aggregate command. The following partial output from theshow flow monitor FLOW-MONITOR-3 cache aggregate ipv4 destination address collect transport tcp flags command shows the transport TCP flags data from the cache: 


IPV4 DST ADDR    tcp flags       flows       bytes        pkts
===============  =========  ==========  ==========  ==========
224.192.16.1     0x00                4      165280        8264
224.192.18.1     0x00                4      158660        7933
224.192.16.4     0x00                3      146740        7337
224.192.45.12    0x00                4      145620        7281
255.255.255.255  0x00                1          52           1
224.0.0.13       0x00                1          54           1

You can add cache data fields after the collect keyword to show additional data from the cache in the display output of the show flow monitor cache aggregate command.

Keywords and Descriptions for the record Argument

The table below describes the keywords for the record argument.

Table 9. Keywords and Descriptions for the Aggregate record Argument

Keyword

Description

IPv4 Support

IPv6 Support

as

Autonomous system record.

Yes

Yes

as-tos

Autonomous system and ToS record.

Yes

No

bgp-nexthop-tos

BGP next-hop and ToS record.

Yes

No

bgp-nexthop

BGP next-hop record.

No

Yes

destination-prefix

Destination prefix record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

destination-prefix-tos

Destination prefix and ToS record.

Yes

No

original-input

Traditional IPv4 input NetFlow.

Yes

Yes

original-output

Traditional IPv4 output NetFlow.

Yes

Yes

prefix

Source and destination prefixes record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

prefix-port

Prefix port record.

Note 

The peer keyword is not available for this record.

Yes

No

prefix-tos

Prefix ToS record.

Yes

No

protocol-port

Protocol ports record.

Note 

The peer keyword is not available for this record.

Yes

Yes

protocol-port-tos

Protocol port and ToS record.

Note 

The peer keyword is not available for this record.

Yes

No

source-prefix

Source autonomous system and prefix record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

source-prefix-tos

Source prefix and ToS record.

Yes

No

Examples

The following example aggregates the flow monitor cache data on the destination and source IPv4 addresses: 


Router# show flow monitor FLOW-MONITOR-1 cache aggregate ipv4 destination address ipv4 source address
 
Processed 26 flows
Aggregated to 17 flows
IPV4 SRC ADDR    IPV4 DST ADDR         flows       bytes        pkts
===============  ===============  ==========  ==========  ==========
10.251.10.1      172.16.10.2               2     1400828        1364
192.168.67.6     172.16.10.200             1       19096         682
10.234.53.1      172.16.10.2               3       73656        2046
172.30.231.193   172.16.10.2               3       73616        2045
10.10.10.2       172.16.10.2               2       54560        1364
192.168.87.200   172.16.10.2               2       54560        1364
10.10.10.4       172.16.10.4               1       27280         682
10.10.11.1       172.16.10.5               1       27280         682
10.10.11.2       172.16.10.6               1       27280         682
10.10.11.3       172.16.10.7               1       27280         682
10.10.11.4       172.16.10.8               1       27280         682
10.1.1.1         172.16.10.9               1       27280         682
10.1.1.2         172.16.10.10              1       27280         682
10.1.1.3         172.16.10.11              1       27280         682
172.16.1.84      172.16.10.19              2       54520        1363
172.16.1.85      172.16.10.20              2       54520        1363
172.16.6.1       224.0.0.9                 1          52           1

The table below describes the significant fields shown in the display.

Table 10. show flow monitor cache aggregate Field Descriptions

Field

Description

IPV4 SOURCE ADDRESS

IPv4 source address.

IPV4 DESTINATION ADDRESS

IPv4 destination address.

flows

Numbers of flows associated with the source/destination IP address combination

bytes

Number of bytes contained in the flows.

packets

Number of packets contained in the flows.

Related Commands

Command

Description

show flow monitor cache filter

Filters the display output of flow records from a flow monitor cache.

show flow monitor cache sort

Sorts the display output of flow records from a flow monitor cache.

show flow monitor cache filter

To filter the display output of statistics from the flows in a flow monitor cache, use the show flow monitor cache filter command in privileged EXEC mode.

show flow monitor [name] monitor-name cache filter options [regexp regexp] [. . . options [regexp regexp]] [format {csv | record | table}]

Syntax Description

name

(Optional) Specifies the name of a flow monitor.

monitor-name

Name of a flow monitor that was previously configured.

options

Fields upon which filtering is performed. You can specify multiple values for the options argument. See the “Usage Guidelines” section.

regexp regexp

(Optional) Match the field specified with the options argument against a regular expression. See the “Usage Guidelines” section.

format

(Optional) Specifies the use of one of the format options for formatting the display output.

csv

Displays the flow monitor cache contents in comma-separated variables (CSV) format.

record

Displays the flow monitor cache contents in record format.

table

Displays the flow monitor cache contents in table format.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(22)T

This command was introduced.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

Flexible NetFlow—Top N Talkers Support

The show flow monitor cache filter command is one of a set of three commands that make up the Flexible NetFlow—Top N Talkers Support feature. The Flexible NetFlow—Top N Talkers Support feature is used to manipulate the display output from the Flexible NetFlow cache to facilitate the analysis of network traffic.

The other two commands that make up the Flexible NetFlow—Top N Talkers Support feature are show flow monitor cache sort and show flow monitor cache aggregate . The three commands can be used together or on their own, depending on your requirements. For more detailed information about these commands, see the show flow monitor cache sort command and the show flow monitor cache aggregate command. For information about how the three commands are used together, refer to the “Configuring Cisco IOS Flexible NetFlow—Top N Talkers Support” module in the Configuring Cisco IOS Flexible NetFlow Configuration Guide.

Filter options Argument

The options that you can use for the options argument of the show flow monitor cache filter command are dependent on the fields that are used for the record that you configured for the flow monitor using the record command. To identify the options that you can use, use the show flow record record-name command in privileged EXEC mode, where record-name is the name of the record that you configured for the flow monitor.

For example, if you assigned the “NetFlow Original” predefined record to a flow monitor, you use the show flow record netflow-original command to display its key (match) and nonkey (collect) fields. The following is partial output from the show command: 


flow record netflow-original:
  Description:        Traditional IPv4 input NetFlow with origin ASs
  No. of users:       2
  Total field space:  53 bytes
  Fields:
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
.
.
.
    collect counter packets
    collect timestamp sys-uptime first
    collect timestamp sys-uptime last

The fields from this partial output that you can use for the option argument follow the match (key fields) and collect (nonkey fields) words. For example, you can use the “ipv4 tos” field to filter the flows as shown in the first example in the “Examples” section.

Filtering Criteria

The following are examples of the types of filtering criteria available for the show flow monitorcache filter command:

  • Perform an exact match on any numerical fields in either decimal or hexadecimal format. For example, these two commands match flows in the flow monitor cache that contain either “0xA001” or “1”:
    • show flow monitor FLOW-MONITOR-1 cache filter transport source-port 0xA001
    • show flow monitor FLOW-MONITOR-1 cache filter transport source-port 1
  • Perform a match on a range for any numerical fields in either decimal or hexadecimal format. For example, these two commands match flows in the flow monitor cache that contain either “0xA000 0xB000” or “1 1024”:
    • show flow monitor FLOW-MONITOR-1 cache filter transport source-port 0xA000 0xB000
    • show flow monitor FLOW-MONITOR-1 cache filter transport source-port 1 1024
  • Perform an exact match for any alphanumerical field. For example, this command matches flows in the flow monitor cache having a MAC address of ABCD:0012:01FE:
    • show flow monitor FLOW-MONITOR-1 cache filter datalink mac source address ABCD:0012:01FE
  • Perform a regular-expression match on any alphanumerical field. For example, this command matches flows in the flow monitor cache having a MAC address that starts with ABCD:
    • show flow monitor FLOW-MONITOR-1 cache filter datalink mac source address regexp ABCD:*
  • Perform a match on flag fields with an implicit <and>. For example, this command matches flows in the flow monitor cache that contain the urg and syn TCP flags:
    • show flow monitor FLOW-MONITOR-1 cache filter transport tcp flags urg syn
  • Perform a match against flags that are not present. For example, this command matches flows in the flow monitor cache that contain the syn and rst TCP flags and do not contain the urg and fin TCP flags:
    • show flow monitor FLOW-MONITOR-1 cache filter transport tcp flags syn rst not urg fin
  • Perform an exact match on an IP address field. For example, this command matches flows in the flow monitor cache that contain the source IPv4 address “192.168.0.1”:
    • show flow monitor FLOW-MONITOR-1 cache filter ipv4 source address 192.168.0.1
  • Perform a prefix match on an IPv4 or IPv6 address field. For example, these two commands match flows in the flow monitor cache that contain either “192.168.0.0 255.255.0.0” or “7:20ac::/64”:
    • show flow monitor FLOW-MONITOR-1 cache filter ipv4 source address 192.168.0.0 255.255.0.0
    • show flow monitor FLOW-MONITOR-1 cache filter ipv6 source address 7:20ac::/64
  • Perform a match on a range of relative time stamps. For example, this command matches flows in the flow monitor cache that were created within the last “500” seconds:
    • show flow monitor FLOW-MONITOR-1 cache filter timestamp sys-uptime first 0 500 seconds
  • Perform a match on range of the time stamp that is configured (uptime or absolute). For example, this command matches flows in the flow monitor cache that were created between 0800 and 0815, within the last 24 hours:
    • show flow monitor FLOW-MONITOR-1 cache filter timestamp sys-uptime last 08:00:00 08:15:00 t
  • Perform an exact match on an interface. For example, this command matches flows in the flow monitor cache which are received on Ethernet interface 0/0.
    • show flow monitor FLOW-MONITOR-1 cache filter interface input Ethernet0/0
  • Perform a regular-expression match on an interface. For example, this command matches flows in the flow monitor cache that begin with Ethernet0/ and have either 1, 2, or 3 as the port number:
    • show flow monitor FLOW-MONITOR-1 cache filter interface input regexp Ethernet0/1

Regular Expressions

The table below shows the syntax for regular expressions.

Table 11. Syntax for Regular Expressions

Option

Description

*

Match zero or more characters in this position.

?

Match any one character in this position.

|

Match any one character in this position.

(|)

Match one of a choice of characters in a range. For example, aa:(0033|4455):3456 matches either aa:0033:3456 or aa:4455:3456.

[]

Match any character in the range specified, or one of the special characters. For example, [0-9] is all of the digits. [*] is the “*” character, and [[] is the “[ ” character.

Examples

The following example filters the flow monitor cache data on the source IPv4 address of 10.234.53.1: 


Router# show flow monitor FLOW-MONITOR-1 cache filter ipv4 source address 10.234.53.1
  
  Cache type:                            Normal
  Cache size:                              4096
  Current entries:                           26
  High Watermark:                            26
  Flows added:                               87
  Flows aged:                                61
    - Active timeout   (  1800 secs)          0
    - Inactive timeout (    15 secs)         61
    - Event aged                              0
    - Watermark aged                          0
    - Emergency aged                          0
IPV4 SOURCE ADDRESS:       10.234.53.1
IPV4 DESTINATION ADDRESS:  172.16.10.2
TRNS SOURCE PORT:          0
TRNS DESTINATION PORT:     2048
INTERFACE INPUT:           Et0/0.1
FLOW SAMPLER ID:           0
IP TOS:                    0x00
IP PROTOCOL:               1
ip source as:              0
ip destination as:         0
ipv4 next hop address:     172.16.7.2
ipv4 source mask:          /0
ipv4 destination mask:     /24
tcp flags:                 0x00
interface output:          Et1/0.1
counter bytes:             24724
counter packets:           883
timestamp first:           16:03:56.007
timestamp last:            16:27:07.063
IPV4 SOURCE ADDRESS:       10.234.53.1
IPV4 DESTINATION ADDRESS:  172.16.10.2
TRNS SOURCE PORT:          20
TRNS DESTINATION PORT:     20
INTERFACE INPUT:           Et0/0.1
FLOW SAMPLER ID:           0
IP TOS:                    0x00
IP PROTOCOL:               6
ip source as:              0
ip destination as:         0
ipv4 next hop address:     172.16.7.2
ipv4 source mask:          /0
ipv4 destination mask:     /24
tcp flags:                 0x00
interface output:          Et1/0.1
counter bytes:             35320
counter packets:           883
timestamp first:           16:03:56.267
timestamp last:            16:27:07.323
IPV4 SOURCE ADDRESS:       10.234.53.1
IPV4 DESTINATION ADDRESS:  172.16.10.2
TRNS SOURCE PORT:          21
TRNS DESTINATION PORT:     21
INTERFACE INPUT:           Et0/0.1
FLOW SAMPLER ID:           0
IP TOS:                    0x00
IP PROTOCOL:               6
ip source as:              0
ip destination as:         0
ipv4 next hop address:     172.16.7.2
ipv4 source mask:          /0
ipv4 destination mask:     /24
tcp flags:                 0x00
interface output:          Et1/0.1
counter bytes:             35320
counter packets:           883
timestamp first:           16:03:56.327
timestamp last:            16:27:07.363
Matched 3 flows

The table below describes the significant fields shown in the display.

Table 12. show flow monitor monitor-name cache filter Field Descriptions

Field

Description

Cache type

Flow monitor cache type.

The possible values are:

  • Immediate—Flows are expired immediately.

  • Normal—Flows are expired normally.

  • Permanent—Flows are never expired.

Cache Size

Number of entries in the cache.

Current entries

Number of entries in the cache that are in use.

High Watermark

Highest number of cache entries seen.

Flows added

Flows added to the cache since the cache was created.

Flows aged

Flows expired from the cache since the cache was created.

Active timeout

Current value for the active timeout in seconds.

Inactive timeout

Current value for the inactive timeout in seconds.

Event aged

Number of flows that have been aged by an event such as using the force-export option for the clear flow monitor command.

Watermark aged

Number of flows that have been aged because they exceeded the maximum high watermark value.

Emergency aged

Number of flows that have been aged because the cache size was exceeded.

IPV4 SOURCE ADDRESS

IPv4 source address.

IPV4 DESTINATION ADDRESS

IPv4 destination address.

TRNS SOURCE PORT

source port for the transport protocol.

TRNS DESTINATION PORT

Destination port for the transport protocol.

INTERFACE INPUT

Interface on which the input is received.

FLOW DIRECTION

Input or output.

FLOW SAMPLER ID

Flow sampler ID number.

IP PROTOCOL

IP protocol number.

IP TOS

IP ToS number.

ip source as

BGP source autonomous system number.

ip destination as

BGP destination autonomous system number.

ipv4 next hop address

IPv4 address of the next hop to which the packet is forwarded.

ipv4 source mask

IPv4 source address mask.

ipv4 destination mask

IPv4 destination address mask.

tcp flags

Value of the TCP flags.

interface output

Interface on which the input is transmitted.

counter bytes

Number of bytes that have been counted.

counter packets

Number of packets that have been counted.

timestamp first

Time stamp of the first packet in the flow.

timestamp last

Time stamp of the last packet in the flow.

Related Commands

Command

Description

show flow monitor cache aggregate

Displays aggregated flow records of flows in a flow monitor cache.

show flow monitor cache sort

Sorts the display output of flow records from a flow monitor cache.

show flow monitor cache sort

To sort the display output of statistics from the flows in a flow monitor cache, use the show flow monitor cache sort command in privileged EXEC mode.

show flow monitor [name] monitor-name cache sort options [top [number] ] [format {csv | record | table}]

Syntax Description

name

(Optional) Specifies the name of a flow monitor.

monitor-name

Name of a flow monitor that was previously configured.

options

Fields upon which aggregation can be performed. See the “Usage Guidelines” section.

top

(Optional) Limits the display output to the 20 highest volume flows (top talkers) unless overridden by the specification of a value for the number argument.

number

(Optional) Overrides the default value of top talkers to display.

format

(Optional) Specifies the use of one of the format options for formatting the display output.

csv

Displays the flow monitor cache contents in comma-separated variables (CSV) format.

record

Displays the flow monitor cache contents in record format.

table

Displays the flow monitor cache contents in table format.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(22)T

This command was introduced.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7200 and Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

Flexible NetFlowNetFlow—Top N Talkers Support

The show flow monitor cache sort command is one of a set of three commands that make up the Flexible NetFlow—Top N Talkers Support feature. The Flexible NetFlow—Top N Talkers Support feature is used to manipulate the display output from the Flexible NetFlow cache to facilitate the analysis of network traffic.

The other two commands that make up the Flexible NetFlow—Top N Talkers Support feature are show flow monitor cache filter and show flow monitor cache aggregate . The three commands can be used together or on their own, depending on your requirements. For more detailed information about these commands, see the show flow monitor cache filter command and the show flow monitor cache aggregate command. For information about how the three commands are used together, refer to the “Configuring Cisco IOS Flexible NetFlow—Top N Talkers Support” module in the Configuring Cisco IOS Flexible NetFlow Configuration Guide.

Flow Sorting

The flow sorting function of the Flexible NetFlow—Top N Talkers Support feature sorts flow data from the Flexible NetFlow cache based on the criteria that you specify, and displays the data. You can also use the flow sorting function of the Flexible NetFlow—Top N Talkers Support feature to limit the display output to a specific number of entries (Top N Talkers) by using the top keyword.

Sort options Argument

The options that you can use for the options argument of the show flow monitor cache filter command are dependent on the fields that are used for the record that you configured for the flow monitor using the record command. To identify the options that you can use, use the show flow record record-name command in privileged EXEC mode, where record-name is the name of the record that you configured for the flow monitor.

For example, if you assigned the “NetFlow Original” predefined record to a flow monitor, you use the show flow record netflow-original command to display its key (match) and nonkey (collect) fields. The following is partial output from the show command: 


flow record netflow-original:
  Description:        Traditional IPv4 input NetFlow with origin ASs
  No. of users:       2
  Total field space:  53 bytes
  Fields:
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
.
.
.
    collect counter packets
    collect timestamp sys-uptime first
    collect timestamp sys-uptime last

The fields from this partial output that you can use for the option argument follow the match (key fields) and collect (nonkey fields) words. For example, you can use the “ipv4 tos” field to sort the flows as shown in the first example in the “Examples” section.

Examples

The following example sorts the flow monitor cache data on the IPv4 ToS value and limits the display output to the top two flows: 


Router# show flow monitor FLOW-MONITOR-3 cache sort ipv4 tos top 2

Processed 17 flows
Aggregated to 17 flows
Showing the top 2 flows
IPV4 SOURCE ADDRESS:       10.1.1.1
IPV4 DESTINATION ADDRESS:  224.192.16.1
TRNS SOURCE PORT:          0
TRNS DESTINATION PORT:     3073
INTERFACE INPUT:           Et0/0
FLOW SAMPLER ID:           0
IP TOS:                    0x55
IP PROTOCOL:               1
ip source as:              0
ip destination as:         0
ipv4 next hop address:     0.0.0.0
ipv4 source mask:          /24
ipv4 destination mask:     /0
tcp flags:                 0x00
interface output:          Null
counter bytes:             33680
counter packets:           1684
timestamp first:           18:39:27.563
timestamp last:            19:04:28.459
          
IPV4 SOURCE ADDRESS:       10.1.1.1
IPV4 DESTINATION ADDRESS:  224.192.16.1
TRNS SOURCE PORT:          0
TRNS DESTINATION PORT:     0
INTERFACE INPUT:           Et0/0
FLOW SAMPLER ID:           0
IP TOS:                    0x55
IP PROTOCOL:               1
ip source as:              0
ip destination as:         0
ipv4 next hop address:     0.0.0.0
ipv4 source mask:          /24
ipv4 destination mask:     /0
tcp flags:                 0x00
interface output:          Et3/0.1
counter bytes:             145040
counter packets:           7252
timestamp first:           18:42:34.043
timestamp last:            19:04:28.459

The table below describes the significant fields shown in the display.

Table 13. show flow monitor monitor-name cache sort Field Descriptions

Field

Description

IPV4 SOURCE ADDRESS

IPv4 source address.

IPV4 DESTINATION ADDRESS

IPv4 destination address.

TRNS SOURCE PORT

source port for the transport protocol.

TRNS DESTINATION PORT

Destination port for the transport protocol.

INTERFACE INPUT

Interface on which the input is received.

FLOW DIRECTION

Input or output.

FLOW SAMPLER ID

Flow sampler ID number.

IP PROTOCOL

IP protocol number.

IP TOS

IP ToS number.

ip source as

BGP source autonomous system number.

ip destination as

BGP destination autonomous system number.

ipv4 next hop address

IPv4 address of the next hop to which the packet is forwarded.

ipv4 source mask

IPv4 source address mask.

ipv4 destination mask

IPv4 destination address mask.

tcp flags

Value of the TCP flags.

interface output

Interface on which the input is transmitted.

counter bytes

Number of bytes that have been counted.

counter packets

Number of packets that have been counted.

timestamp first

Time stamp of the first packet in the flow.

timestamp last

Time stamp of the last packet in the flow.

Related Commands

Command

Description

show flow monitor cache aggregate

Displays aggregated flow records of flows in a flow monitor cache.

show flow monitor cache filter

Filters the display output of flow records from a flow monitor cache.

show flow record

To display the status and statistics for a Flexible NetFlow flow record, use the show flow record command in privileged EXEC mode.

show flow record [ [name] record-name | netflow-original | netflow {ipv4 | ipv6} record [peer]]

Cisco Catalyst 6500 Switches in Cisco IOS Release 12.2(50)SY

show flow record [ [name] record-name | platform-original {ipv4 | ipv6} record]

Cisco IOS XE Release 3.2SE

show flow record [ [name] record-name]

Syntax Description

name

(Optional) Specifies the name of a flow record.

record-name

(Optional) Name of a user-defined flow record that was previously configured.

netflow-original

(Optional) Specifies the Flexible NetFlow implementation of original NetFlow with origin autonomous systems.

netflow ipv4

(Optional) Configures the flow monitor to use one of the IPv4 predefined records.

netflow ipv6

(Optional) Configures the flow monitor to use one of the IPv6 predefined records.

record

(Optional) Name of the predefined record. See the first table below for a listing of the available records and their definitions.

peer

(Optional) Configures the flow monitor to use one of the predefined records with peer autonomous systems. The peer keyword is not supported for every type of Flexible NetFlow predefined record. See the first table below.

platform-original ipv4

Configures the flow monitor to use one of the predefined IPv4 records.

platform-original ipv6

Configures the flow monitor to use one of the predefined IPv6 records.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.4(20)T

This command was modified. The ipv6 keyword was added.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was modified. The netflow-original , netflow ipv4 , and netflow ipv6 keywords were removed. The platform-originalipv4 and platform-originalipv6 keywords were added.

Cisco IOS XE Release 3.2SE

This command was modified. The netflow-original , netflow ipv4 , and netflow ipv6 keywords were removed.

Usage Guidelines

The table below describes the keywords and descriptions for the record argument.

Table 14. Keywords and Descriptions for the record Argument

Keyword

Description

IPv4 Support

IPv6 Support

as

Autonomous system record.

Yes

Yes

as-tos

Autonomous system and Type of Service (ToS) record.

Yes

bgp-nexthop-tos

BGP next-hop and ToS record.

Yes

bgp-nexthop

BGP next-hop record.

Yes

destination

Original platform IPv4/IPv6 destination record.

Yes

Yes

destination-prefix

Destination prefix record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

destination-prefix-tos

Destination prefix and ToS record.

Yes

destination-source

Original platform IPv4/IPv6 destination-source record.

Yes

Yes

full

Original platform IPv4/IPv6 full record.

Yes

Yes

interface-destination

Original platform IPv4/IPv6 interface-destination record.

Yes

Yes

interface-destination- source

Original platform IPv4/IPv6 interface-destination-source record.

Yes

Yes

interface-full

Original platform IPv4/IPv6 interface-full record.

Yes

Yes

interface-source

Original platform IPv4/IPv6 interface-source only record.

Yes

Yes

original-input

Traditional IPv4 input NetFlow.

Yes

Yes

original-output

Traditional IPv4 output NetFlow.

Yes

Yes

prefix

Source and destination prefixes record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

prefix-port

Prefix port record.

Note 

The peer keyword is not available for this record.

Yes

prefix-tos

Prefix ToS record.

Yes

protocol-port

Protocol ports record.

Note 

The peer keyword is not available for this record.

Yes

Yes

protocol-port-tos

Protocol port and ToS record.

Note 

The peer keyword is not available for this record.

Yes

source

Original platform IPv4/IPv6 source only record.

Yes

Yes

source-prefix

Source autonomous system and prefix record.

Note 

For IPv6, a minimum prefix mask length of 0 bits is assumed.

Yes

Yes

source-prefix-tos

Source prefix and ToS record.

Yes

Examples

The following example displays the status and statistics for the original Flexible NetFlow record: 


Router# show flow record FLOW-RECORD-1 platform-original ipv4 destination

flow record FLOW_RECORD-1:
  Description: Flow Record for IPv4 traffic
  No. of users:       3
  Total field space:  53 bytes
  Fields:
    match interface input
    match transport destination-port
    match transport source-port
    match ipv4 destination address
    match ipv4 source address
    match ipv4 protocol
    match ipv4 tos
    collect counter bytes
    collect counter packets
    collect timestamp sys-uptime last
    collect timestamp sys-uptime first
    collect ipv4 destination mask
    collect ipv4 source mask
    collect routing destination as
    collect routing source as
    collect transport tcp flags
    collect routing next-hop address ipv4
    collect interface output

The table below describes the significant fields shown in the display.

Table 15. show flow record netflow-original Field Descriptions

Field

Description

Description

Description that you configured for the record, or the default description “User defined.”

No. of users

Number of monitors in the configuration that use the flow record.

Total field space

Number of bytes required to store these fields for one flow.

Fields

The fields that are included in this record. For more information about the fields, refer to the match and collect commands.

Related Commands

Command

Description

record

Configures a flow record for a flow monitor.

show platform flow

To display information for Flexible NetFlow platform parameters. use the showplatform flow command in privileged EXEC mode.

show platform flow [aging | {export | usage | table-contention {aggregate | detailed | summary}} [instance | module] | {ip | ipv6} [count | destination | instance | module | multicast | protocol | source] | {layer2 | mpls} [count | instance | module]]

Syntax Description

aging

(Optional) Displays the Flexible NetFlow parameter aging information.

export

(Optional) Displays the Flexible NetFlow parameter export information.

usage

(Optional) Displays the Flexible NetFlow table usage information.

table-contention

(Optional) Displays the Flexible NetFlow table contention information.

aggregate

(Optional) Displays the Flexible NetFlow table contention aggregate information.

detailed

(Optional) Displays the Flexible NetFlow table contention detailed information.

summary

(Optional) Displays theFlexible NetFlow table contention summary information.

ip

(Optional) Displays the Flexible NetFlow IP entry information.

ipv6

(Optional) Displays the Flexible NetFlow IPv6 entry information.

count

Total number of entries.

destination

(Optional) Information on entries with destination address.

instance

(Optional) Platform instance information.

module

(Optional) Platform module information.

multicast

(Optional) Flexible NetFlow multicast entry information.

protocol

(Optional) Flexible NetFlow Layer 4 protocol information.

source

(Optional) Information on entries with source address.

layer2

(Optional) Displays the Flexible NetFlow Layer 2 entry information.

mpls

(Optional) Displays the Flexible NetFlow MPLS entry information.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.2(50)SY

This command was introduced.

Examples

The following example displays Flexible NetFlow parameter export information: 


Router# show platform flow export
Yielding NDE is enabled.
Supervisor CPU threshold = 25
Linecard CPU threshold   = 25
 
Module  3:
----------
No of flows read and exported = 0
No of flows discarded         = 0
No of capture+purge requests  = 1695104
No of purge-only requests     = 19
 
Module  5:
----------
No of flows read and exported = 0
No of flows discarded         = 0
No of capture+purge requests  = 1695158
No of purge-only requests     = 0
lionel#

The table below describes the significant fields shown in the display.

Table 16. show platform flow export Field Descriptions

Field

Description

Supervisor CPU threshold

The platform (supervisor) CPU utilization threshold (in percent) up to which NetFlow export is permitted. The number and complexity of flow records to be exported is the prime cause of CPU use in NetFlow. The CPU Friendly NetFlow Export feature (also known as Yielding NetFlow Data Export, or Yielding NDE) monitors CPU use for both the supervisor and line cards according to user-configured thresholds and dynamically adjusts the rate of export as needed.

Linecard CPU threshold

The line-card CPU utilization threshold (in percent) up to which NetFlow export is permitted. The number and complexity of flow records to be exported is the prime cause of CPU use in NetFlow. The CPU Friendly NetFlow Export feature (also known as Yielding NetFlow Data Export, or Yielding NDE) monitors CPU use for both the supervisor and line cards according to user-configured thresholds and dynamically adjusts the rate of export as needed.

No of flows read and exported

Number of Flexible NetFlow flows processed and exported.

No of flows discarded

Number of Flexible NetFlow flows discarded.

No of capture+purge requests

Number of Flexible NetFlow flow capture and purge requests.

No of purge-only requests

Number of Flexible NetFlow flow purge requests.

Related Commands

Command

Description

flow hardware

Configures Flexible NetFlow hardware parameters.

flow platform

Configures Flexible NetFlow platform parameters.

show sampler

To display the status and statistics for a Flexible NetFlow sampler, use the show sampler command in privileged EXEC mode.

show sampler [ [name] sampler-name]

Syntax Description

name

(Optional) Specifies the name of a flow sampler.

sampler-name

(Optional) Name of a sampler that was previously configured.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Examples

The following example displays the status and statistics for all of the flow samplers configured: 


Router# show sampler

Sampler SAMPLER-1:
  ID:             1
  Description:    User defined
  Type:           random
  Rate:           1 out of 3
  Samples:        189
  Requests:       23243
  Users (2):
    flow monitor FLOW-MONITOR-1 (ip,Et0/0,Input) 65 out of 10786
    flow monitor FLOW-MONITOR-2 (ipv6,Et0/0, Input) 124 out of 12457
Sampler sampler-2:
  ID:             2
  Description:    User defined
  Type:           deterministic
  Rate:           1 out of 100
  Samples:        1
  Requests:       124
  Users (1):
    flow monitor FLOW-MONITOR-1 (ip,Et0/0,Input) 1 out of 124

The table below describes the significant fields shown in the display.

Table 17. show sampler Field Descriptions

Field

Description

ID

ID number of the flow sampler. This is used to identify the sampler at the collector.

Description

Description that you configured for the flow sampler, or the default description “User defined.”

Type

Sampling mode that you configured for the flow sampler.

  • deterministic—Deterministic mode of sampling.

  • random—Random mode of sampling.

Rate

Window size (for packet selection) that you configured for the flow sampler. Range: 2 to 32768.

Samples

Number of packets sampled since the flow sampler was configured or the router was restarted. This is equivalent to the number of times a positive response was received when the sampler was queried to determine if the traffic needed to be sampled. Refer to the explanation of the “Requests” field in this table.

Requests

Number of times the flow sampler was queried to determine if the traffic needed to be sampled.

Users

Interfaces on which the flow sampler is configured.

Related Commands

Command

Description

clear sampler

Clears the flow sampler statistics.

debug sampler

Enables debugging output for flow samplers.

sampler

Creates a flow sampler.

source (Flexible NetFlow)

To configure the source IP address interface for all of the packets sent by a Flexible NetFlow flow exporter, use the source command in Flexible NetFlow flow exporter configuration mode. To remove the source IP address interface for all of the packets sent by a Flexible NetFlow flow exporter, use the no form of this command.

source interface-type interface-number

no source

Syntax Description

interface-type

Type of interface whose IP address you want to use for the source IP address of the packets sent by a Flexible NetFlow flow exporter.

interface-number

Interface number whose IP address you want to use for the source IP address of the packets sent by a Flexible NetFlow flow exporter.

Command Default

The IP address of the interface over which the Flexible NetFlow datagram is transmitted is used as the source IP address.

Command Modes


Flexible NetFlow flow exporter configuration (config-flow-exporter)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

The benefits of using a consistent IP source address for the datagrams that NetFlow sends include the following:

  • The source IP address of the datagrams exported by Flexible NetFlow is used by the destination system to determine from which router the Flexible NetFlow data is arriving. If your network has two or more paths that can be used to send Flexible NetFlow datagrams from the router to the destination system and you do not specify the source interface from which the source IP address is to be obtained, the router uses the IP address of the interface over which the datagram is transmitted as the source IP address of the datagram. In this situation the destination system might receive Flexible NetFlow datagrams from the same router, but with different source IP addresses. When the destination system receives Flexible NetFlow datagrams from the same router with different source IP addresses, the destination system treats the Flexible NetFlow datagrams as if they were being sent from different routers. To avoid having the destination system treat the Flexible NetFlow datagrams as if they were being sent from different routers, you must configure the destination system to aggregate the Flexible NetFlow datagrams it receives from all of the possible source IP addresses in the router into a single Flexible NetFlow flow.

  • If your router has multiple interfaces that can be used to transmit datagrams to the destination system, and you do not configure the source command, you will have to add an entry for the IP address of each interface into any access lists that you create for permitting Flexible NetFlow traffic. Creating and maintaining access lists for permitting Flexible NetFlow traffic from known sources and blocking it from unknown sources is easier when you limit the source IP address for Flexible NetFlow datagrams to a single IP address for each router that is exporting Flexible NetFlow traffic.


Caution

The interface that you configure as the source interface must have an IP address configured, and it must be up.


Tip

When a transient outage occurs on the interface that you configured with the source command, the Flexible NetFlow exporter reverts to the default behavior of using the IP address of the interface over which the datagrams are being transmitted as the source IP address for the datagrams. To avoid this problem, use a loopback interface as the source interface because loopback interfaces are not subject to the transient outages that can occur on physical interfaces.

Examples

The following example shows how to configure Flexible NetFlow to use a loopback interface as the source interface for NetFlow traffic: 


Router(config)# flow exporter FLOW-EXPORTER-1
Router(config-flow-exporter)# source loopback 0

Related Commands

Command

Description

flow exporter

Creates a flow exporter.

statistics packet

To collect protocol distribution statistics and size distribution statistics for a Flexible NetFlow flow monitor, use the statisticspacket command in Flexible NetFlow flow monitor configuration mode. To disable collecting protocol distribution statistics and size distribution statistics for a Flexible NetFlow flow monitor, use the no form of this command.

statistics packet {protocol | size}

no statistics packet {protocol | size}

Syntax Description

protocol

Collects packet protocol distribution statistics.

size

Collects packet size distribution statistic.

Command Default

The collection of protocol distribution statistics and size distribution statistics for a Flexible NetFlow flow monitor is not enabled by default.

Command Modes


Flexible NetFlow flow monitor configuration (config-flow-monitor)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

Support for this command was added for Cisco 7200 series routers in Cisco IOS Release 12.2(33)SRC.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE for the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE 3.1S

This command was integrated into Cisco IOS XE Release 3.1S.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Examples

The following example enables the collection of protocol distribution statistics for flow monitors: 


Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# statistics packet protocol

The following example enables the collection of size distribution statistics for flow monitors: 


Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)# statistics packet size

Related Commands

Command

Description

flow monitor

Creates a flow monitor.

template data timeout

To configure the template resend timeout for a flow exporter, use the template data timeout command in Flexible NetFlow flow exporter configuration mode. To remove the template resend timeout for a flow exporter, use the no form of this command.

template data timeout seconds

no template data timeout

Syntax Description

seconds

Configures resending of templates based on the timeout value in seconds, that you enter. Range: 1 to 86400. Default: 600.

Command Default

The default template resend timeout for a flow exporter is 600 seconds.

Command Modes


Flexible NetFlow flow exporter configuration (config-flow-exporter)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE Release 3.1S

This command was integrated into Cisco IOS XE Release 3.1S.

15.1(3)T

This command was modified. Support for the Cisco Performance Monitor was added.

12.2(58)SE

This command was modified. Support for the Cisco Performance Monitor was added.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor.

Examples

The following example configures resending templates based on a timeout of 1000 seconds: 


Router(config)# flow exporter FLOW-EXPORTER-1
Router(config-flow-exporter)# template data timeout 1000

Related Commands

Command

Description

flow exporter

Creates a flow exporter.

transport (Flexible NetFlow)

To configure the transport protocol for a flow exporter for Flexible NetFlow or Performance Monitor, use the transport command in Flexible NetFlow flow exporter configuration mode. To remove the transport protocol for a flow exporter, use the no form of this command.

transport udp udp-port

no transport

Syntax Description

udp udp-port

Specifies User Datagram Protocol (UDP) as the transport protocol and the UDP port number.

Command Default

Flow exporters use UDP on port 9995.

Command Modes


Flexible NetFlow flow  exporter configuration (config-flow-exporter)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE Release 3.1S

This command was integrated into Cisco IOS XE Release 3.1S.

15.1(3)T

This command was modified. Support for the Cisco Performance Monitor was added.

12.2(58)SE

This command was modified. Support for the Cisco Performance Monitor was added.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor.

Examples

The following example configures UDP as the transport protocol and a UDP port number of 250: 


Router(config)# flow exporter FLOW-EXPORTER-1
Router(config-flow-exporter)# transport udp 250

Related Commands

Command

Description

flow exporter

Creates a flow exporter.

ttl (Flexible NetFlow)

To configure the time-to-live (TTL) value for a flow exporter for Flexible NetFlow or Performance Monitor, use the ttl command in Flexible NetFlow flow exporter configuration mode. To remove the TTL value for a flow exporter, use the no form of this command.

ttl ttl

no ttl

Syntax Description

ttl

Time-to-live (TTL) value for exported datagrams. Range: 1 to 255. Default: 255.

Command Default

Flow exporters use a TTL of 255.

Command Modes


Flexible NetFlow flow exporter configuration (config-flow-exporter)

Command History

Release

Modification

12.4(9)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.0(33)S

This command was modified. Support for this command was implemented on the Cisco 12000 series routers.

12.2(33)SRC

This command was modified. Support for this command was implemented on the Cisco 7200 series routers.

12.2(33)SRE

This command was modified. Support for this command was implemented on the Cisco 7300 Network Processing Engine (NPE) series routers.

Cisco IOS XE Release 3.1S

This command was integrated into Cisco IOS XE Release 3.1S.

15.1(3)T

This command was modified. Support for the Cisco Performance Monitor was added.

12.2(58)SE

This command was modified. Support for the Cisco Performance Monitor was added.

12.2(50)SY

This command was integrated into Cisco IOS Release 12.2(50)SY.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

This command can be used with both Flexible NetFlow and Performance Monitor.

Examples

The following example specifies a TTL of 15: 


Router(config)# flow exporter FLOW-EXPORTER-1
Router(config-flow-exporter)# ttl 15

Related Commands

Command

Description

flow exporter

Creates a flow exporter.