Contents

Netflow v9 for IPv6
Finding Feature Information
Information About Netflow v9 for IPv6
NetFlow and NDE on the PFC
NetFlow Export Format Version 9
How to Configure Netflow v9 for IPv6
Configuring Netflow v9 for IPv6
Configuration Examples for Netflow v9 for IPv6
Example: Configuring the NetFlow v9 for IPv6 Feature
Example: Verifying NDE on the Router
Additional References
Feature Information for Netflow v9 for IPv6

Netflow v9 for IPv6

This document contains information about and instructions for configuring NetFlow and NetFlow Data Export (NDE) for capturing and exporting data from IP version 6 (IPv6) traffic flows using the NetFlow version 9 (v9) export format.

Finding Feature Information
Information About Netflow v9 for IPv6
How to Configure Netflow v9 for IPv6
Configuration Examples for Netflow v9 for IPv6
Additional References
Feature Information for Netflow v9 for IPv6

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

NetFlow and NDE on the PFC

The NetFlow cache on the PFC captures statistics for flows routed in hardware.

The PFC uses one of these flow masks to create NetFlow entries:

source-only --The cache contains one entry for each source IP address. All flows from a given source IP address use this entry.
destination --The cache contains one entry for each destination IP address. All flows to a given destination IP address use this entry.
destination-source --The cache contains one entry for each source and destination IP address pair. All flows between the same source and destination IP addresses use this entry.
destination-source-interface --Adds the source VLAN SNMP ifIndex to the information in the destination-source flow mask.
full --A separate cache entry is created for each IP flow. A full entry includes the source IP address, destination IP address, protocol, and protocol interfaces.
full-interface --Adds the source VLAN SNMP ifIndex to the information in the full flow mask.

NetFlow Export Format Version 9

For all NetFlow export versions, the NetFlow export datagram consists of a header and a sequence of flow records. The header contains information such as sequence number, record count, and system uptime. The flow record contains flow information, such as IP addresses, ports, and routing information.

NetFlow version 9 export format is the newest NetFlow export format. The distinguishing feature of the NetFlow version 9 export format is that it is template based. Templates make the record format extensible. NetFlow version 9 export format allows future enhancements to NetFlow without requiring concurrent changes to the basic flow-record format.

The NetFlow version 9 export record format is different from the traditional NetFlow fixed format export record. In NetFlow version 9, a template describes the NetFlow data, and the flow set contains the actual data. This arrangement allows for flexible export.

The use of templates with the NetFlow version 9 export format provides several other key benefits:

You can export almost any information from a router or switch, including Layer 2 through 7 information, routing information, IP version 6 (IPv6), IP version 4 (IPv4), multicast, and Multiprotocol Label Switching (MPLS) information. This new information allows new applications for export data and new views of network behavior.
Third-party business partners who produce applications that provide NetFlow collector or display services for NetFlow are not required to recompile their applications each time a new NetFlow export field is added. Instead, they can use an external data file that documents the known template formats.
New features can be added to NetFlow more quickly, without breaking current implementations.
NetFlow is "future-proofed" against new or developing protocols, because the version 9 export format can be adapted to provide support for them and for other non-NetFlow-based approaches to data collection.

The NetFlow version 9 export packet header format is shown in the figure below.

Table 1 NetFlow Version 9 Export Packet Header Field Names and Descriptions
Bytes	Field Name	Description
0-1	Version	The version of NetFlow records exported in this packet; for version 9, this value is 0x0009.
2-3	Count	Number of FlowSet records (both template and data) contained within this packet.
4-7	System Uptime	Time in milliseconds since this device was first booted.
8-11	UNIX Seconds	Seconds since 0000 Coordinated Universal Time (UTC) 1970.
12-15	Sequence Number	Incremental sequence counter of all export packets sent by this export device; this value is cumulative, and it can be used to find out whether any export packets have been missed. This is a change from the NetFlow version 5 and version 8 headers, where this number represented "total flows."
16-19	Source ID	The Source ID field is a 32-bit value that is used to guarantee uniqueness for each flow exported from a particular device. (The Source ID field is the equivalent of the engine type and engine ID fields found in the NetFlow version 5 and version 8 headers.) The format of this field is vendor specific. In Cisco’s implementation, the first two bytes are reserved for future expansion and are always zero. Byte 3 provides uniqueness with respect to the routing engine on the exporting device. Byte 4 provides uniqueness with respect to the particular line card or Versatile Interface Processor on the exporting device. Collector devices should use the combination of the source IP address and the Source ID field to associate an incoming NetFlow export packet with a unique instance of NetFlow on a particular device.

The table below shows a typical example of exporting data using the NetFlow version 9 export format.

Figure 1. NetFlow Version 9 Export Format Packet Example

Additional information about the NetFlow export format version 9 and the export format architecture is available in the NetFlow version 9 Flow-Record Format document.

How to Configure Netflow v9 for IPv6

Configuring Netflow v9 for IPv6

Configuring Netflow v9 for IPv6

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 unicast-routing

4. mls flow {ip | ipv6} {destination | destination-source | full | interface-destination-source | interface-full | source}

5. mls nde sender

6. ip flow-export version 9

7. ip flow-export destination {ip-address | hostname} udp-port

8. interface type number

9. ipv6 address ip-address/mask

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ipv6 unicast-routing

Example:

Router(config)# ipv6 unicast-routing

Enables the forwarding of IPv6 unicast datagrams.

Step 4

mls flow {ip | ipv6} {destination | destination-source | full | interface-destination-source | interface-full | source}

Example:

Router(config)# mls flow ipv6 interface-full

Specifies the NetFlow flow mask for IPv6 traffic.

Step 5

mls nde sender

Example:

Route(config)# mls nde sender

Enables NDE globally on the router.

Note

NDE does not start exporting data until you specify a destination for the exported traffic. The destination for exported traffic is specified in Step 7.

Step 6

ip flow-export version 9

Example:

Router(config)# ip flow-export version 9

Configures NDE to use the NetFlow version 9 export format.

Step 7

ip flow-export destination {ip-address | hostname} udp-port

Example:

Router(config)# ip flow-export destination 172.16.10.2 88

Specifies the IP address or the hostname of the NetFlow collector and the UDP port on which the NetFlow collector is listening.

Step 8

interface type number

Example:

Router(config)# interface fastethernet 1/1

Specifies the interface that you want to enable NetFlow on and enters interface configuration mode.

Step 9

ipv6 address ip-address/mask

Example:

Router(config-if)# ipv6 address 2001:0DB8:AB::2/64

Configure an IPv6 address on the interface.

Examples

The following output of the show mls nde command verifies that NDE is enabled on the router.

Router# show mls nde

 NetFlow Data Export enabled

 Exporting flows to 10.30.30.2 (12345)  172.16.10.2 (88)

 Exporting flows from 10.4.9.149 (58970)

 Version: 9

 Layer2 flow creation is disabled

 Layer2 flow export is disabled

 Include Filter not configured

 Exclude Filter not configured

 Total NetFlow Data Export Packets are:

    0 packets, 0 no packets, 0 records

 Total NetFlow Data Export Send Errors:

        IPWRITE_NO_FIB = 0

        IPWRITE_ADJ_FAILED = 0

        IPWRITE_PROCESS = 0

        IPWRITE_ENQUEUE_FAILED = 0

        IPWRITE_IPC_FAILED = 0

        IPWRITE_OUTPUT_FAILED = 0

        IPWRITE_MTU_FAILED = 0

        IPWRITE_ENCAPFIX_FAILED = 0

 NetFlow Aggregation Disabled

Configuration Examples for Netflow v9 for IPv6

Example: Configuring the NetFlow v9 for IPv6 Feature
Example: Verifying NDE on the Router

Example: Configuring the NetFlow v9 for IPv6 Feature

ipv6 unicast-routing
mls flow ipv6 interface-full 
mls nde sender 
ip flow-export version 9 
ip flow-export destination 172.16.10.2 88
interface FastEthernet1/1 
ipv6 address 
2001:0DB8::1/64

Example: Verifying NDE on the Router

Router# show mls nde

 NetFlow Data Export enabled 
 Exporting flows to 10.30.30.2 (12345)  172.16.10.2 (88)
 Exporting flows from 10.4.9.149 (58970)
 Version: 9
 Layer2 flow creation is disabled
 Layer2 flow export is disabled
 Include Filter not configured 
 Exclude Filter not configured 
 Total NetFlow Data Export Packets are:
    0 packets, 0 no packets, 0 records
 Total NetFlow Data Export Send Errors:
        IPWRITE_NO_FIB = 0
        IPWRITE_ADJ_FAILED = 0
        IPWRITE_PROCESS = 0
        IPWRITE_ENQUEUE_FAILED = 0
        IPWRITE_IPC_FAILED = 0
        IPWRITE_OUTPUT_FAILED = 0
        IPWRITE_MTU_FAILED = 0
        IPWRITE_ENCAPFIX_FAILED = 0
 NetFlow Aggregation Disabled

Additional References

Related Topic	Document Title
IPv6 addressing and connectivity	IPv6 Configuration Guide
Cisco IOS commands	Master Commands List, All Releases
IPv6 commands	IPv6 Command Reference
Cisco IOS IPv6 features	IPv6 Feature Mapping

Standards and RFCs

Standard/RFC	Title
RFCs for IPv6	IPv6 RFCs

Technical Assistance

Description	Link
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.	http://www.cisco.com/cisco/web/support/index.html

Feature Information for Netflow v9 for IPv6

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Table 2 Feature Information for Netflow v9 for IPv6
Feature Name	Releases	Feature Information
Netflow v9 for IPv6	12.2(33)SRB	The Netflow v9 for IPv6 feature enables the export of NetFlow flow information for IPv6 traffic.

Netflow v9 for IPv6

Contents
Netflow v9 for IPv6
Finding Feature Information
Information About Netflow v9 for IPv6
NetFlow and NDE on the PFC
NetFlow Export Format Version 9
How to Configure Netflow v9 for IPv6
Configuring Netflow v9 for IPv6
Configuration Examples for Netflow v9 for IPv6
Example: Configuring the NetFlow v9 for IPv6 Feature
Example: Verifying NDE on the Router
Additional References
Feature Information for Netflow v9 for IPv6
Netflow v9 for IPv6

This document contains information about and instructions for configuring NetFlow and NetFlow Data Export (NDE) for capturing and exporting data from IP version 6 (IPv6) traffic flows using the NetFlow version 9 (v9) export format.

Finding Feature Information
Information About Netflow v9 for IPv6
How to Configure Netflow v9 for IPv6
Configuration Examples for Netflow v9 for IPv6
Additional References
Feature Information for Netflow v9 for IPv6

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About Netflow v9 for IPv6

NetFlow and NDE on the PFC
NetFlow Export Format Version 9

NetFlow and NDE on the PFC

The NetFlow cache on the PFC captures statistics for flows routed in hardware.

The PFC uses one of these flow masks to create NetFlow entries:

source-only --The cache contains one entry for each source IP address. All flows from a given source IP address use this entry.

destination --The cache contains one entry for each destination IP address. All flows to a given destination IP address use this entry.

destination-source --The cache contains one entry for each source and destination IP address pair. All flows between the same source and destination IP addresses use this entry.

destination-source-interface --Adds the source VLAN SNMP ifIndex to the information in the destination-source flow mask.

full --A separate cache entry is created for each IP flow. A full entry includes the source IP address, destination IP address, protocol, and protocol interfaces.

full-interface --Adds the source VLAN SNMP ifIndex to the information in the full flow mask.

NetFlow Export Format Version 9

For all NetFlow export versions, the NetFlow export datagram consists of a header and a sequence of flow records. The header contains information such as sequence number, record count, and system uptime. The flow record contains flow information, such as IP addresses, ports, and routing information.

NetFlow version 9 export format is the newest NetFlow export format. The distinguishing feature of the NetFlow version 9 export format is that it is template based. Templates make the record format extensible. NetFlow version 9 export format allows future enhancements to NetFlow without requiring concurrent changes to the basic flow-record format.

The NetFlow version 9 export record format is different from the traditional NetFlow fixed format export record. In NetFlow version 9, a template describes the NetFlow data, and the flow set contains the actual data. This arrangement allows for flexible export.

The use of templates with the NetFlow version 9 export format provides several other key benefits:

You can export almost any information from a router or switch, including Layer 2 through 7 information, routing information, IP version 6 (IPv6), IP version 4 (IPv4), multicast, and Multiprotocol Label Switching (MPLS) information. This new information allows new applications for export data and new views of network behavior.

Third-party business partners who produce applications that provide NetFlow collector or display services for NetFlow are not required to recompile their applications each time a new NetFlow export field is added. Instead, they can use an external data file that documents the known template formats.

New features can be added to NetFlow more quickly, without breaking current implementations.

NetFlow is "future-proofed" against new or developing protocols, because the version 9 export format can be adapted to provide support for them and for other non-NetFlow-based approaches to data collection.

The NetFlow version 9 export packet header format is shown in the figure below.

Table 1 NetFlow Version 9 Export Packet Header Field Names and Descriptions

Bytes

Field Name

Description

0-1

Version

The version of NetFlow records exported in this packet; for version 9, this value is 0x0009.

2-3

Count

Number of FlowSet records (both template and data) contained within this packet.

4-7

System Uptime

Time in milliseconds since this device was first booted.

8-11

UNIX Seconds

Seconds since 0000 Coordinated Universal Time (UTC) 1970.

12-15

Sequence Number

Incremental sequence counter of all export packets sent by this export device; this value is cumulative, and it can be used to find out whether any export packets have been missed.

This is a change from the NetFlow version 5 and version 8 headers, where this number represented "total flows."

16-19

Source ID

The Source ID field is a 32-bit value that is used to guarantee uniqueness for each flow exported from a particular device. (The Source ID field is the equivalent of the engine type and engine ID fields found in the NetFlow version 5 and version 8 headers.) The format of this field is vendor specific. In Cisco’s implementation, the first two bytes are reserved for future expansion and are always zero. Byte 3 provides uniqueness with respect to the routing engine on the exporting device. Byte 4 provides uniqueness with respect to the particular line card or Versatile Interface Processor on the exporting device. Collector devices should use the combination of the source IP address and the Source ID field to associate an incoming NetFlow export packet with a unique instance of NetFlow on a particular device.

The table below shows a typical example of exporting data using the NetFlow version 9 export format.

Figure 1. NetFlow Version 9 Export Format Packet Example

Additional information about the NetFlow export format version 9 and the export format architecture is available in the NetFlow version 9 Flow-Record Format document.
How to Configure Netflow v9 for IPv6

Configuring Netflow v9 for IPv6
Configuring Netflow v9 for IPv6
SUMMARY STEPS
1.    enable

2.    configure terminal

3.    ipv6 unicast-routing

4.    mls flow {ip | ipv6} {destination | destination-source | full | interface-destination-source | interface-full | source}

5.    mls nde sender

6.    ip flow-export version 9

7.    ip flow-export destination {ip-address | hostname} udp-port

8.    interface type number

9.    ipv6 address ip-address/mask

DETAILED STEPS
Command or Action Purpose
Step 1
enable

Example:
Router> enable
Enables privileged EXEC mode.

Enter your password if prompted.
Step 2
configure terminal

Example:
Router# configure terminal
Enters global configuration mode.
Step 3
ipv6 unicast-routing

Example:
Router(config)# ipv6 unicast-routing
Enables the forwarding of IPv6 unicast datagrams.
Step 4
mls flow {ip | ipv6} {destination | destination-source | full | interface-destination-source | interface-full | source}

Example:
Router(config)# mls flow ipv6 interface-full
Specifies the NetFlow flow mask for IPv6 traffic.
Step 5
mls nde sender

Example:
Route(config)# mls nde sender
Enables NDE globally on the router.

Note
NDE does not start exporting data until you specify a destination for the exported traffic. The destination for exported traffic is specified in Step 7.
Step 6
ip flow-export version 9

Example:
Router(config)# ip flow-export version 9
Configures NDE to use the NetFlow version 9 export format.
Step 7
ip flow-export destination {ip-address | hostname} udp-port

Example:

Router(config)# ip flow-export destination 172.16.10.2 88
Specifies the IP address or the hostname of the NetFlow collector and the UDP port on which the NetFlow collector is listening.
Step 8
interface type number

Example:
Router(config)# interface fastethernet 1/1
Specifies the interface that you want to enable NetFlow on and enters interface configuration mode.
Step 9
ipv6 address ip-address/mask

Example:
Router(config-if)# ipv6 address 2001:0DB8:AB::2/64 
Configure an IPv6 address on the interface.
Examples

The following output of the show mls nde command verifies that NDE is enabled on the router.
Router# show mls nde
 NetFlow Data Export enabled 
 Exporting flows to 10.30.30.2 (12345)  172.16.10.2 (88)
 Exporting flows from 10.4.9.149 (58970)
 Version: 9
 Layer2 flow creation is disabled
 Layer2 flow export is disabled
 Include Filter not configured 
 Exclude Filter not configured 
 Total NetFlow Data Export Packets are:
    0 packets, 0 no packets, 0 records
 Total NetFlow Data Export Send Errors:
        IPWRITE_NO_FIB = 0
        IPWRITE_ADJ_FAILED = 0
        IPWRITE_PROCESS = 0
        IPWRITE_ENQUEUE_FAILED = 0
        IPWRITE_IPC_FAILED = 0
        IPWRITE_OUTPUT_FAILED = 0
        IPWRITE_MTU_FAILED = 0
        IPWRITE_ENCAPFIX_FAILED = 0
 NetFlow Aggregation Disabled
Configuration Examples for Netflow v9 for IPv6

Example: Configuring the NetFlow v9 for IPv6 Feature
Example: Verifying NDE on the Router
Example: Configuring the NetFlow v9 for IPv6 Feature
ipv6 unicast-routing
mls flow ipv6 interface-full 
mls nde sender 
ip flow-export version 9 
ip flow-export destination 172.16.10.2 88
interface FastEthernet1/1 
ipv6 address 
2001:0DB8::1/64
Example: Verifying NDE on the Router
Router# show mls nde

 NetFlow Data Export enabled 
 Exporting flows to 10.30.30.2 (12345)  172.16.10.2 (88)
 Exporting flows from 10.4.9.149 (58970)
 Version: 9
 Layer2 flow creation is disabled
 Layer2 flow export is disabled
 Include Filter not configured 
 Exclude Filter not configured 
 Total NetFlow Data Export Packets are:
    0 packets, 0 no packets, 0 records
 Total NetFlow Data Export Send Errors:
        IPWRITE_NO_FIB = 0
        IPWRITE_ADJ_FAILED = 0
        IPWRITE_PROCESS = 0
        IPWRITE_ENQUEUE_FAILED = 0
        IPWRITE_IPC_FAILED = 0
        IPWRITE_OUTPUT_FAILED = 0
        IPWRITE_MTU_FAILED = 0
        IPWRITE_ENCAPFIX_FAILED = 0
 NetFlow Aggregation Disabled
Additional References

Related Documents

Related Topic

Document Title

IPv6 addressing and connectivity

IPv6 Configuration Guide

Cisco IOS commands

Master Commands List, All Releases

IPv6 commands

IPv6 Command Reference

Cisco IOS IPv6 features

IPv6 Feature Mapping

Standards and RFCs

Standard/RFC

Title

RFCs for IPv6

IPv6 RFCs

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Netflow v9 for IPv6

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 2 Feature Information for Netflow v9 for IPv6
Feature Name

Releases

Feature Information

Netflow v9 for IPv6

12.2(33)SRB

The Netflow v9 for IPv6 feature enables the export of NetFlow flow information for IPv6 traffic.

NetFlow Configuration Guide, Cisco IOS Release 15S

Bias-Free Language

Book Title

NetFlow Configuration Guide, Cisco IOS Release 15S

Chapter Title