NetFlow Commands


Note

All commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 540 Series Router that is introduced from Cisco IOS XR Release 6.3.2. References to earlier releases in Command History tables apply to only the Cisco NCS 5500 Series Router.


Note

  • Starting with Cisco IOS XR Release 6.6.25, all commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 560 Series Routers.

  • Starting with Cisco IOS XR Release 6.3.2, all commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 540 Series Router.

  • References to releases before Cisco IOS XR Release 6.3.2 apply to only the Cisco NCS 5500 Series Router.

  • Cisco IOS XR Software Release 7.0.1 specific updates are not applicable for the following variants of Cisco NCS 540 Series Routers:

    • N540-28Z4C-SYS-A

    • N540-28Z4C-SYS-D

    • N540X-16Z4G8Q2C-A

    • N540X-16Z4G8Q2C-D

    • N540X-16Z8Q2C-D

    • N540-12Z20G-SYS-A

    • N540-12Z20G-SYS-D

    • N540X-12Z16G-SYS-A

    • N540X-12Z16G-SYS-D

This module provides command line interface (CLI) commands for configuring NetFlow on the Cisco NCS 5500 Series RouterCisco NCS 540 Series Router.

To use commands of this module, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using any command, contact your AAA administrator for assistance.

cache entries

To configure the number of entries in the monitor map flow cache, enter the cache entries command in flow monitor map configuration mode. To remove a configured number of entries and return the cache to the default configuration, use the no form of this command.

cache entries number

Syntax Description

number

Number of entries in the flow cache. Replace the number argument with the number of flow entries allowed in the flow cache. Range is from 4096 through 1000000.

Command Default

number : 65535

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the number of entries in the monitor map flow cache to be 10000: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# cache entries 10000

cache permanent

To disable the removal of entries from the monitor map flow cache, enter the cache permanent command in flow monitor map configuration mode. To re-enable the removal of entries from the flow cache, use the no form of this command.

cache permanent

Syntax Description

This command has no keywords or arguments.

Command Default

The removal of entries from the monitor map flow cache is enabled.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to disable the removal of entries from the monitor map flow cache: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)#flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# cache permanent

This example shows how to re-enable the removal of entries from the monitor map flow cache: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# no cache permanent

cache timeout

To configure the active, inactive, and update flow cache timeout, enter the cache timeout command in flow monitor map configuration mode. To remove the configured timeout value and return the cache to its default timeout value, use the no form of this command.

cache timeout {active | inactive | update} timeout_value

Syntax Description

active

Specifies the active flow timeout.

inactive

Specifies the inactive flow timeout.

update

Specifies the update timeout.

timeout_value

Timeout value for the specified keyword ( active , inactive or update ) in seconds. Range is from 1 through 604800.

Command Default

For active timeout, the default value is 1800 seconds.

For inactive timeout, the default value is 15 seconds.

For update timeout, the default value is 1800 seconds.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

The inactive timeout value should be smaller than the active timeout value. The update keyword is used for permanent caches only. It specifies the timeout value that is used to export entries from permanent caches. In this case, the entries are exported but remain the cache.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to set the active timeout for the monitor map cache to 200,000 seconds: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# cache timeout active 200000

cache immediate

To enable immediate aging cache type, use the cache immediate command in flow monitor map configuration mode. To disable, use no form of the command.

cache immediate

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Flow monitor map configuration

Command History

Release Modification

Release 6.3.2

This command was introduced.

Release 7.0.1

This command was introduced.

Usage Guidelines

Immediate Aging is a special cache type that ensures that the flows are exported as soon as they are added to the cache.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to enable immediate aging cache type: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)#flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# cache immediate

clear flow exporter

To export flow exporter templates to the collector or restart the flow exporter statistics collector, enter the clear flow exporter command in XR EXEC mode.

clear flow exporter [fem-name] {restart | statistics} location node-id

Syntax Description

fem-name

(Optional) Flow exporter name.

restart

Exports all of the current templates to the collector.

statistics

Clears the exporter statistics.

location node-id

Identifies the node whose flow exporter statistics you want to clear, or whose flow exporter statistics collector you want to restart. The node-id argument is expressed in the rack/slot/module notation.

Command Default

No default behavior or values

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

basic-services

read, write

netflow

read, write

Examples

This example exports all templates to the collector: 


RP/0/RP0/CPU0:router# clear flow exporter restart location 0/0/SP
Restart exporter all locations. Continue? [confirm]

This example shows how to clear flow exporter statistics on a specific node: 


RP/0/RP0/CPU0:router# clear flow exporter statistics location 0/0/CPU0
Clear statistics for all exporters on the location. Continue? [confirm]

clear flow monitor

To clear the flow monitor data, enter the clear flow monitor command in XR EXEC mode.

clear flow monitor [name] cache [force-export | statistics] location node-id

Syntax Description

name

(Optional) Identifies a specific cache you want to clear.

cache

Clears all cache related information.

force-export

(Optional) Forces the export of flow records on flushing the cache on the specified node.

statistics

(Optional) Clears cache statistics on a specific node.

location node-id

Node whose flow monitor you want to clear. The node-id argument is expressed in the rack/slot/module notation.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to clear the cache-related flow records on a specific node: 


RP/0/RP0/CPU0:routerclear flow monitor cache force-export location 0/0/CPU0

Clear cache entries for this monitor on this location. Continue? [confirm]

destination

To configure the collector export destination, enter the destination command in flow exporter map configuration mode. To remove a configured export destination, use the no form of this command.

destination hostname_or_IP_address [ vrf vrf_name]

Syntax Description

hostname_or_IP_address

Specify the export destination for the current flow exporter map. Enter the hostname or destination IP address in the A.B.C.D format.

vrf vrf_name

(Optional) Specify the name of the VRF that is used to reach export destination. This is an optional keyword. If the vrf keyword is specified, then the destination is searched in the VRF that is specified (vrf_name). If the vrf keyword is not specified then, the destination is searched in the default routing table.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the flow exporter map export destination to be a specific IP address: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)# destination 172.18.189.38

dscp

To configure the differentiated services codepoint (DSCP) value for export packets, enter the dscp command in flow exporter map configuration mode. To remove a configured DSCP value, use the no form of this command.

dscp dscp_value

Syntax Description

dscp_value

Specifies the DSCP value for export packets. Replace dscp_value with a number. Range is from 0 through 63.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the DSCP value for export packets to be 30: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)# dscp 30

exporter

To associate a flow exporter map with the current flow monitor map, enter the exporter command in flow monitor map configuration mode. To remove an associated flow exporter map from a flow monitor map, use the no form of this command.

exporter map_name

Syntax Description

map_name

Name of the flow exporter map you want to associate with the current flow monitor map. The exporter map name can be a maximum of 32 characters.

Note

 

A single flow monitor map supports up to 8 exporters.

Command Default

None

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to associate a flow exporter map called “fem_1” with the current flow monitor map: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# exporter fem_1

flow

To specify a flow monitor map and a sampler map for the packets on an interface, use the flow command in interface configuration mode. To remove a configured flow monitor map, use the no form of this command.

flow [ipv4 | ipv6 | mpls] monitor name sampler name {ingress}

Syntax Description

ipv4

Enables IPV4 NetFlow on the specified interface.

ipv6

Enables IPV6 NetFlow on the specified interface.

mpls

Enables Multiprotocol Label Switching (MPLS)-aware NetFlow on the specified interface.

monitor name

Specifies the name of the flow monitor map you want to specify for IPv4, IPv6, or MPLS packets.

sampler name

Name of the sampler map you want to apply to the flow monitor map.

ingress

Applies the flow monitor map on incoming packets.

Command Default

None

Command Modes

Interface configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to enable IPV4 NetFlow on a HundredGigE interface, and then apply the flow monitor map, named "map1," on incoming IPv4 packets: 
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface HundredGigE 0/3/0/0
RP/0/RP0/CPU0:router(config-if)# flow ipv4 monitor map1 sampler smap1 ingress

This example shows how to enable MPLS NetFlow on a HundredGigE interface, and apply the flow monitor map, named "map_mpls1," on incoming MPLS packets: 

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface HundredGigE 0/0/0/0
RP/0/RP0/CPU0:router(config-if)# flow mpls monitor map_mpls1 sampler smap1 ingress

This example shows how to enable IPv4 NetFlow on a Bridge-group virtual interface, and then apply the flow monitor map on incoming IPv4 packets: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface BVI 1
RP/0/RP0/CPU0:router(config-if)# flow ipv4 monitor NMS sampler NMS ingress

This example shows how to enable IPv6 NetFlow on a Bridge-group virtual interface, and then apply the flow monitor map on incoming and incoming IPv6packets: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface BVI 1
RP/0/RP0/CPU0:router(config-if)# flow ipv6 monitor NMS sampler NMS ingress

flow exporter-map

To create a flow exporter map and enter flow exporter map configuration mode, use the flow exporter-map command in XR Config mode. To remove a configured flow exporter map, use the no form of this command.

flow exporter-map fem-name

Syntax Description

fem-name

Creates a new exporter map name, or specifies the name of an existing exporter map.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

When you issue the flow exporter-map fem-name command in XR Config mode, the CLI prompt changes to “config-fem,” indicating that you have entered the flow exporter map configuration submode.

In this sample output, the question mark ( ? ) online help function displays all the commands available under flow exporter map configuration submode: 


RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)# ?

RP/0/RP0/CPU0:routerconfig-fem)#?
  clear        Clear the uncommitted configuration
  commit       Commit the configuration changes to running
  describe     Describe a command without taking real actions
  do           Run an exec command
  dscp         Specify DSCP value for export packets
  exit         Exit from this submode
  no           Negate a command or set its defaults
  pwd          Commands used to reach current submode
  root         Exit to the XR Config mode
  show         Show contents of configuration
  source       Source interface
  transport    Specify the transport protocol for export packets
  version      Specify export version parameters

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to create a flow exporter map called “map1,” and then enter the flow exporter map configuration submode for that map: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)#

flow monitor-map

To create and configure a flow monitor map and enter flow monitor map configuration submode, use the flow monitor-map command in XR Config mode. To remove a configured flow monitor map, use the no form of this command:

flow monitor-map map_name

Syntax Description

map_name

New monitor map name, or specifies the name of an existing monitor map. The monitor map name can be a maximum 32 characters.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

When you issue the flow monitor-map map_name command in XR Config mode, the CLI prompt changes to “config-fmm,” indicating that you have entered the flow monitor map configuration submode. In the following sample output, the question mark ( ? ) online help function displays all the commands available under flow monitor map configuration submode: 


RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)#?

  cache     Specify flow cache attributes
  clear     Clear the uncommitted configuration
  commit    Commit the configuration changes to running
  describe  Describe a command without taking real actions
  do        Run an exec command
  exit      Exit from this submode
  exporter  Specify flow exporter map name
  no        Negate a command or set its defaults
  pwd       Commands used to reach current submode
  record    Specify a flow record map name
  root      Exit to the XR Config mode
  show      Show contents of configuration

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to enter flow monitor map configuration mode for a monitor map called “map1:” 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)#

flow datalinkframesection monitor

To monitor and capture information element that carries n octets from the data link frame (IPFIX 315) of a selected frame in the ingress direction of an interface, useflow datalinkframesection monitor command in interface configuration mode.

flow datalinkframesection monitor monitor-map sampler sampler-map ingress

Syntax Description

monitor monitor-map

Specify flow monitor map name.

sampler sampler-map

Specify flow sampler map name.
ingress

Specify ingress direction. The IPFIX 315 info is captured from incoming traffic on specified interface.

Command Default

None.

Command Modes

Interface configuration mode

Command History

Release Modification

Release 6.3.2

This command was introduced.

Release 7.0.1

This command was introduced.

Usage Guidelines

When datalinkframesection flow type is enabled on an interface, other flows like IPv4, IPv6 and MPLS are not allowed. The option field in the frame indicates the IPFIX 315 info.

Task ID

Task ID Operation

netflow

read, write

Examples

This sample shows how to enable flow datalinkframesection monitor on hundredGigE interface: 

RP/0/RP0/CPU0:router(config)#interface hundredGigE 0/0/0/18
RP/0/RP0/CPU0:router(config-if)#flow datalinkframesection monitor ipfix-mon sampler ipfix-sam ingress

hw-module profile netflow fpc-enable

To enable full packet capture feature on a specified node location, use the hw-module profile netflow fpc-enable location command in the configuration mode.

hw-module profile profile netflow fpc-enable location node-id

Syntax Description

node-id

The node-id argument is entered in the rack/slot/module notation.

Command Default

Netflow Full Packet Capture(FPC) is disabled.

Command Modes

Configuration

Command History

Release Modification

Release 7.0.1

This command was introduced.

Usage Guidelines

When no location is specified the full packet capture gets enabled on all line cards.


Note

  • You should reload the line card for the changes to take effect.

  • If full packet capture is disabled, then Netflow captures only IPv4 and IPv6 packets.

  • If full packet capture is enabled, then Netflow captures IPv4, IPv6, and L2VPN pseudo wire (PW) packets.

Task ID

Task ID Operation
netflow

read, write

Examples

This example shows how to enable full packet capture on node location 0/0/cpu0:

(config)# hw-module profile netflow fpc-enable location 0/0/CPU0

options

To export the tables in the options template and specify export timeout values, enter the options command in flow exporter map version configuration mode. To return the options template to its default configuration values, use the no form of this command.

options {interface-table | sampler-table | vrf-table} [timeout seconds]

Syntax Description

interface-table

Export the interface table.

sampler-table

Exports the sampler table.

Use options sampler-table timeout command to send IE 305. This command configures the timeout value for the sampler table. This timeout value can be in the range 1–604800 seconds and the default value is 1800 seconds.

You can also use options sampler-table command to export the following IEs:

  • IE 302—to export selector ID.

  • IE 304—to export sampling algorithm.

  • IE 309—to export sampling size.

  • IE 310—to export sampling population.

  • IE 84—to export sampler name.

  • IE 335—to export selector name.

IE 309, IE 310, and IE 335 are supported starting from Release 7.8.2
vrf-table

Exports the VRF to VRF-Name table.

timeout seconds

Specifies the export timeout value. Replace seconds with the export timeout value. Range is from 1 through 604800 seconds.

Command Default

Without options command, the default value for timeout is 0 seconds, which means that the template options are not exported by default. Where as when options command is used without mentioning any timeout, default timeout is 1800 seconds.

Command Modes

Flow exporter map version configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to export the timeout in the interface table to the options template. 


RP/0/RP0/CPU0:router(config)# flow exporter-map f1
RP/0/RP0/CPU0:router(config-fem)# version v9
RP/0/RP0/CPU0:router(config-fem)# options interface-table timeout 45

Examples

This is the sample output after setting to export the interface table and configure the export timeout value: 


RP/0/RP0/CPU0:router(config-fem-ver)# show running-config flow exporter-map f1
flow exporter-map f1
 version v9
 options vrf-table 50
 !
 transport udp 9321
 source HundredGigE 0/4/3/0
 destination 10.64.81.237
!
		
RP/0/RP0/CPU0:router(config-fem-ver)# do show flow exporter-map f1

Flow Exporter Map : f1
-------------------------------------------------
Id                 : 21
DestinationIpAddr   : 10.64.81.237
SourceIfName        : HundredGigE 0/4/3/0
SourceIpAddr        : 0.0.0.0
DSCP                : 0
TransportProtocol   : UDP
TransportDestPort   : 9321

Export Version: 9
  Common Template Timeout : 1800 seconds
  Options Template Timeout : 1800 seconds
  Data Template Timeout : 1800 seconds
  Interface-Table Export Timeout : 0 seconds
  Sampler-Table Export Timeout : 0 seconds
  VRF-Table Export Timeout : 50 seconds

RP/0/RP0/CPU0:router(config-fem-ver)# do show running-config flow exporter-map f1
flow exporter-map f1
 version v9
  options interface-table
  options sampler-table
  options vrf-table
 !
 transport udp 9321
 source HundredGigE 0/4/3/0
 destination 10.64.81.237
!
RP/0/RP0/CPU0:router(config-fem-ver)# show flow exporter-map f1

Flow Exporter Map : f1
-------------------------------------------------
Id                 : 21
DestinationIpAddr   : 10.64.81.237
SourceIfName        : HundredGigE 0/4/3/0
SourceIpAddr        : 0.0.0.0
DSCP                : 0
TransportProtocol   : UDP
TransportDestPort   : 9321

Export Version: 9
  Common Template Timeout : 1800 seconds
  Options Template Timeout : 1800 seconds
  Data Template Timeout : 1800 seconds
  Interface-Table Export Timeout : 1800 seconds
  Sampler-Table Export Timeout : 1800 seconds
  VRF-Table Export Timeout : 1800 seconds

option filtered

To enable filtering of the Netflow records, use option filtered command in flow monitor map configuration mode.

option filtered

Syntax Description

filtered

Enables filtering of records

Command Default

Flow filtering is disabled.

Command Modes

Flow monitor map configuration

Command History

Release Modification

Release 7.2.2

This command was introduced.

Usage Guidelines

MPLS netflow filtering is not supported.

Since the filtering of packets is based on the ACL, you must define ACL configuration before using option filtered command. Use the capture keyword while defining ACL. For example: 

ipv4 access-list nf_ex
   10 permit ipv4 10.1.1.1/24 any capture

Task ID

Task ID Operation
netflow

read, write

Examples

This example shows how to create flow monitor map that filters Netflow records with cache entries upto 10000: 

RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)# flow monitor-map fmm1
RP/0/RP0/CPU0:router(config-fmm)# record ipv4 
RP/0/RP0/CPU0:router(config-fmm)# option filtered
RP/0/RP0/CPU0:router(config-fmm)# exporter fem1
RP/0/RP0/CPU0:router(config-fmm)# cache entries 10000
RP/0/RP0/CPU0:router(config-fmm)# cache timeout active 1800
RP/0/RP0/CPU0:router(config-fmm)# cache timeout inactive 15
RP/0/RP0/CPU0:router(config-fmm)# exit

random 1 out-of

To configure the packet sampling interval for a monitor map, use the random 1 out-of command in sampler map configuration submode. To remove a configured sampling interval and return to the default sampling interval, use the no form of this command. The limit of sampling rate values per line card per direction is 4, and limit of total samplers per line card per direction is 16.

random 1 out-of number_of_packets

Syntax Description

number_of_packets

Sampling interval in units of packets. Replace the number_of_packets argument with a number. Range is from 1 through 65535 units.

Command Default

There is no default value to number_of_packets . However, for optimal performance, the recommended value for number_of_packets is 10000.

Command Modes

Sampler map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Release 6.3.1

Support for sampling interval of 1:1000 was introduced.

Usage Guidelines

On high bandwidth interfaces, applying NetFlow processing to every single packet can result in significant CPU utilization.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the sampler map to randomly sample 1 out of every 2000 packets: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# sampler map1
RP/0/RP0/CPU0:router(config-sm)# random 1 out-of 2000

record ipv4

To activate an IPv4 flow record, use the record ipv4 command in flow monitor map configuration mode. To deactivate the flow record, use the no form of this command.

record ipv4 [ peer-as | | [srv6][l2-l3] ]

Syntax Description

peer-as

(Optional) Records peer AS.

Note

 

The Border Gateway Protocol (BGP) AS is not collected unless the bgp attribute download command is configured.

srv6

Records SRv6 based NetFlow data.
l2-l3

Records L2 and L3 specific NetFlow data.

Command Default

The default is that no IPv4 flow record is enabled.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Release 7.8.1

This command was modified and a new optional keyword, srv6 is introduced for the record ipv4 option.

Release 7.10.1

This command was modified and a new optional keyword, l2-l3 is introduced for the record ipv4 option.

Usage Guidelines

  • The BGP AS is not collected unless the bgp attribute download command is configured.

  • The record ipv4 command exports the BGP AS information in the following format:

    bgpSourceAsNumber

    bgpDestinationAsNumber

  • The record ipv4 peer-as command exports the adjacent BGP AS information in the following format:

    bgpPrevAdjacentAsNumber

    bgpNextAdjacentAsNumber

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure an IPv4 flow record: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# record ipv4
This example shows how to configure an IPv4 flow record: 

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# record ipv4
RP/0/RP0/CPU0:router(config-fmm)# exit
RP/0/RP0/CPU0:router(config)# interface HundredGigE 0/0/0/0
RP/0/RP0/CPU0:router(config-if)# flow ipv4 monitor monitor1 ingress
RP/0/RP0/CPU0:router(config-if)# end

Examples

This example shows how to configure the srv6 flow record map name for the record ipv4 option: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config-fem)# flow monitor-map MON-MAP-v6
RP/0/RP0/CPU0:router(config-fmm)# record ipv6 srv6
RP/0/RP0/CPU0:router(config-fmm)# exporter EXP
RP/0/RP0/CPU0:router(config-fmm)# cache timeout inactive 5
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# sampler-map SAMP 
RP/0/RP0/CPU0:router(config-fmm)# random 1 out-of 1000
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# interface GigabitEthernet0/1/0/0
RP/0/RP0/CPU0:router(config-fmm)# ipv4 address 1.1.1.1 255.255.255.0
RP/0/RP0/CPU0:router(config-fmm)# flow ipv6 monitor M1 sampler SAMP ingres

Examples

This example shows how to configure the l2-l3 flow record map name for the record ipv4 option: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config-fem)# flow monitor-map M-IPv4
RP/0/RP0/CPU0:router(config-fmm)# record ipv4 l2-l3
RP/0/RP0/CPU0:router(config-fmm)# exporter EXP-ipfix
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# flow monitor-map M-IPv6 
RP/0/RP0/CPU0:router(config-fmm)# record ipv6 l2-l3
RP/0/RP0/CPU0:router(config-fmm)# exporter EXP-ipfix
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# sampler-map SAMP
RP/0/RP0/CPU0:router(config-fmm)# random 1 out-of 1000
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# interface GigabitEthernet0/1/0/0
RP/0/RP0/CPU0:router(config-fmm)# description CE-PE Interface
RP/0/RP0/CPU0:router(config-fmm)# ipv4 address<>
RP/0/RP0/CPU0:router(config-fmm)# ipv6 address<>
RP/0/RP0/CPU0:router(config-fmm)# flow ipv4 monitor M-IPv4 sampler SAMP ingres
RP/0/RP0/CPU0:router(config-fmm)# flow ipv6 monitor M-IPv6 sampler SAMP ingress
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router

record ipv6

To configure the flow record map name for IPv6, use the record ipv6 command in flow monitor map configuration mode. To remove the configured name from a flow record, use the no form of this command.

record ipv6 { [peer-as] | [srv6][l2-l3] }

Syntax Description

peer-as

Records peer AS.

srv6

Records SRv6 based NetFlow data.
l2-l3

Records L2 and L3 specific NetFlow data.

Command Default

The default is that originating AS numbers are recorded.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Release 7.8.1

This command was modified and a new optional keyword, srv6 is introduced for the record ipv6 option.

Release 7.10.1

This command was modified and a new optional keyword, l2-l3 is introduced for the record ipv6 option.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the flow record map name for IPv6: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# record ipv6
This example shows how to configure the peer-as to collect and export the IPv6 peer AS numbers: 

RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#flow monitor-map IPv6-peer
RP/0/RP0/CPU0:router(config-fmm)#record ipv6 peer-as

Examples

This example shows how to configure the srv6 flow record map name for the record ipv6 option: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config-fem)# flow monitor-map MON-MAP-v6
RP/0/RP0/CPU0:router(config-fmm)# record ipv6 srv6
RP/0/RP0/CPU0:router(config-fmm)# exporter EXP
RP/0/RP0/CPU0:router(config-fmm)# cache timeout inactive 5
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# sampler-map SAMP 
RP/0/RP0/CPU0:router(config-fmm)# random 1 out-of 1000
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# interface GigabitEthernet0/1/0/0
RP/0/RP0/CPU0:router(config-fmm)# ipv4 address 1.1.1.1 255.255.255.0
RP/0/RP0/CPU0:router(config-fmm)# flow ipv6 monitor M1 sampler SAMP ingres

Examples

This example shows how to configure the l2-l3 flow record map name for the record ipv6 option: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config-fem)# flow monitor-map M-IPv4
RP/0/RP0/CPU0:router(config-fmm)# record ipv4 l2-l3
RP/0/RP0/CPU0:router(config-fmm)# exporter EXP-ipfix
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# flow monitor-map M-IPv6 
RP/0/RP0/CPU0:router(config-fmm)# record ipv6 l2-l3
RP/0/RP0/CPU0:router(config-fmm)# exporter EXP-ipfix
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# sampler-map SAMP
RP/0/RP0/CPU0:router(config-fmm)# random 1 out-of 1000
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router(config-fmm)# interface GigabitEthernet0/1/0/0
RP/0/RP0/CPU0:router(config-fmm)# description CE-PE Interface
RP/0/RP0/CPU0:router(config-fmm)# ipv4 address<>
RP/0/RP0/CPU0:router(config-fmm)# ipv6 address<>
RP/0/RP0/CPU0:router(config-fmm)# flow ipv4 monitor M-IPv4 sampler SAMP ingres
RP/0/RP0/CPU0:router(config-fmm)# flow ipv6 monitor M-IPv6 sampler SAMP ingress
RP/0/RP0/CPU0:router(config-fmm)# !
RP/0/RP0/CPU0:router

record mpls

To configure the flow record map name for MPLS, use the record mpls command in flow monitor map configuration mode. To remove the configured name from a flow record, use the no form of this command.

record mpls [ipv4-fields] [ipv6-fields] [ipv4-ipv6-fields] [labels number]

Syntax Description

ipv4-fields

(Optional) Collects IPv4 fields in the MPLS-aware Netflow when the payload of the MPLS packet has IPv4 fields. It also collects MPLS traffic with no IPv4 payload, but the IPv4 fields are set to zero.

ipv6-fields

(Optional) Collects IPv6 fields in the MPLS-aware Netflow when the payload of the MPLS packet has IPv6 fields. It also collects MPLS traffic with no IPv6 payload, but the IPv6 fields are set to zero.

ipv4-ipv6-fields

(Optional) Collects IPv4 and IPv6 fields in the MPLS-aware Netflow when the payload of the MPLS packet has either IPv4 fields or IPv6 fields. It also collects MPLS traffic with no IPv4 or IPv6 payload, but those fields are set to zero.

labels number

(Optional) Changes the number of labels stored in the NetFlow cache. The number argument is the number of labels that are used in hashing. The range is from 1 to 6.

Command Default

The default is no IPV4 fields and six labels.

Command Modes

Flow monitor map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

In Cisco IOS XR software, you can have only one MPLS flow monitor running on an interface at a time. If you apply an additional MPLS flow monitor to the interface, the new flow monitor overwrites the existing one.

You can configure the MPLS flow monitor to collect IPv4 fields, IPv6 fields, or both types of fields.

Task ID

Task ID

Operations

netflow

read, write

Examples

This configuration allows you to collect only MPLS fields. No payload information is collected. 


RP/0/RP0/CPU0:router(config)# flow monitor-map MPLS-fmm
RP/0/RP0/CPU0:router(config-fmm)# record mpls labels 3
RP/0/RP0/CPU0:router(config-fmm)# cache permanent
RP/0/RP0/CPU0:router(config)# exit
RP/0/RP0/CPU0:router(config)# interface HundredGigE 0/0/0/0
RP/0/RP0/CPU0:router(config-if)# flow mpls monitor MPLS-fmm sampler fsm ingress

This configuration allows you to collect MPLS traffic with IPv4 fields. It also collects MPLS traffic with no IPv4 payload, but the IPv4 fields are set to zero. 


RP/0/RP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-fmm
RP/0/RP0/CPU0:router(config-fmm)# record mpls IPv4-fields labels 3
RP/0/RP0/CPU0:router(config-fmm)# cache permanent
RP/0/RP0/CPU0:router(config-fmm)# exit
RP/0/RP0/CPU0:router(config)# interface HundredGigE 0/0/0/0
RP/0/RP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-fmm sampler fsm ingress

This configuration allows you to collect MPLS traffic with IPv6 fields. It also collects MPLS traffic with no IPv6 payload, but the IPv6 fields are set to zero. 


RP/0/RP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm
RP/0/RP0/CPU0:router(config-fmm)# record mpls IPv6-fields labels 3
RP/0/RP0/CPU0:router(config-fmm)# cache permanent
RP/0/RP0/CPU0:router(config-fmm)# exit
RP/0/RP0/CPU0:router(config)# interface HundredGigE 0/0/0/0
RP/0/RP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler fsm ingress

This configuration allows you to collect MPLS traffic with both IPv6 and IPv4 fields. It also collects MPLS traffic with no IPv4 or IPv6 payload, but those fields are set to zero. 


RP/0/RP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-IPv6-fmm
RP/0/RP0/CPU0:router(config-fmm)# record mpls IPv4-IPv6-fields labels 3
RP/0/RP0/CPU0:router(config-fmm)# cache permanent
RP/0/RP0/CPU0:router(config-fmm)# exit
RP/0/RP0/CPU0:router(config)# interface HundredGigE 0/0/0/0
RP/0/RP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-IPv6-fmm sampler fsm ingress

This example shows how to configure three labels for hashing: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow monitor-map map1
RP/0/RP0/CPU0:router(config-fmm)# record mpls labels 3

record datalinksection

To record the information element that carries n octets from the data link frame (IPFIX 315), use the record datalinksection command in flow monitor map configuration mode. To disable recording, use the no form of this command.

record datalinksection

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Flow monitor map configuration

Command History

Release Modification

Release 6.3.2

This command was introduced.

Release 7.0.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Task ID

Task ID

Operations

netflow

read, write

Examples

This configuration allows you to collect IPFIX 315 element information: 


RP/0/RP0/CPU0:router(config)# flow monitor-map ipfix-mon
RP/0/RP0/CPU0:router(config-fmm)# record datalinkframesection 
RP/0/RP0/CPU0:router(config-fmm)# cache immediate
RP/0/RP0/CPU0:router(config)# exit
RP/0/RP0/CPU0:router(config)# interface Gigabit Ethernet 0/0/0/1
RP/0/RP0/CPU0:router(config-if)# flow datalinkframesection monitor ipfix-mon sampler ipfix-sm ingress

sampler-map

To enter sampler map configuration submode for a specific monitor map, use the sampler-map command in XR Config mode. To remove a configured sampler map, use the no form of this command.

sampler-map map_name

Syntax Description

map_name

Name of the sampler map you want to configure. The sampler map name can be a maximum 32 characters.

Command Default

None

Command Modes

XR Config mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

When you issue the sampler-map map_name command in XR Config mode, the CLI prompt changes to “config-sm,” indicating that you have entered the sampler map configuration submode. In this sample output, the question mark ( ? ) online help function displays all the commands available under sampler map configuration submode: 


RP/0/RP0/CPU0:router(config)# sampler-map test
RP/0/RP0/CPU0:router(config-sm)# ?

  clear     Clear the uncommitted configuration
  commit    Commit the configuration changes to running
  describe  Describe a command without taking real actions
  do        Run an exec command
  exit      Exit from this submode
  no        Negate a command or set its defaults
  pwd       Commands used to reach current submode
  random    Use random mode for sampling packets
  root      Exit to the XR Config mode
  show      Show contents of configuration

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to use the sampler-map command to enter sampler map configuration submode for the monitor map called “map1:” 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# sampler-map map1
RP/0/RP0/CPU0:router(config-sm)#

show flow exporter

To display flow exporter data, enter the show flow exporter command in XR EXEC mode.

show flow exporter [exporter_name] location node-id

Syntax Description

exporter_name

Identifies the flow exporter whose data you want to display.

location node-id

Location where the cache resides. The node-id argument is expressed in the rack/slot/module notation.

Note

 

Enter the show platform command to see the location of all nodes installed in the router.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display flow exporter map data: 


RP/0/RP0/CPU0:router# show flow exporter fem1 location 0/0/CPU0

Flow Exporter: NFC 
Used by flow monitors: fmm4
 
Status: Normal
Transport   UDP
Destination 12.24.39.0      (50001)
Source      12.25.54.3      (5956)
Flows exported:                                   0 (0 bytes)
Flows dropped:                                    0 (0 bytes)
 
Templates exported:                               1 (88 bytes)
Templates dropped:                                0 (0 bytes)
 
Option data exported:                             0 (0 bytes)
Option data dropped:                              0 (0 bytes)
 
Option templates exported:                        2 (56 bytes)
Option templates dropped:                         0 (0 bytes)
 
Packets exported:                                 3 (144 bytes)
Packets dropped:                                  0 (0 bytes)
 
Total export over last interval of:
  1 hour:                                         0 pkts
                                                  0 bytes
                                                  0 flows
  1 minute:                                       3 pkts
                                                144 bytes
                                                  0 flows
  1 second:                                       0 pkts
                                                  0 bytes
                                                  0 flows
Table 1. show flow exporter Field Descriptions

Field

Description

Id

Identifies the flow exporter map.

Used by flow monitors

Name of the flow monitors associated with the specified flow exporter map.

Status

Status of the exporter.

  • Normal—Exporter is active and can export packets.
  • Disabled—Exporter cannot send out packets because the collector is unreachable or the configuration is incomplete.

Destination

Export destination address the current flow exporter map.

Flows exported

Flows exported, in bytes.

Flows dropped

Flows dropped, in bytes.

Templates exported

Templates exported, in bytes.

Templates dropped

Templates dropped, in bytes.

Option data exported

Option data exported, in bytes.

Option data dropped

Option data dropped, in bytes.

Option templates exported

Option templates exported, in bytes.

Option templates dropped

Option templates dropped, in bytes.

Packets exported:

Packets exported, in bytes.

Packets dropped

Packets dropped, in bytes.

Average export rate over interval of last:

Average export rate, in bytes/pkts. Information is displayed for intervals of the last hour, minute, and second.

show flow exporter-map

To display flow exporter map information for a specific node, enter the show flow exporter-map command in XR EXEC mode.

show flow exporter-map [name]

Syntax Description

name

Name of the exporter map whose information you want to display.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Release 7.10.1

The show command output was updated to display router-id information.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display flow exporter map information: 


RP/0/RP0/CPU0:router# show flow exporter-map map1

Flow Exporter Map : map1
-------------------------------------------------
Id                 : 2
DestinationIpAddr   : 10.1.1.1
SourceIfName        : Loopback0
SourceIpAddr        : 10.1.1.1
DSCP                : 10
TransportProtocol   : UDP
TransportDestPort   : 1024

Export Version: 9
  Common Template Timeout : 1800 seconds
  Options Template Timeout : 1800 seconds
  Data Template Timeout : 600 seconds
  Interface-Table Export Timeout : 1800 seconds
  Sampler-Table Export Timeout : 0 seconds

This example shows how to display flow exporter map with router-id information: 

Router# show flow exporter-map E
Fri Mar 24 13:28:13.617 IST

Flow Exporter Map   : E
-------------------------------------------------
Id                  : 6
Packet-Length       : 1468
DestinationIpAddr   : 
VRFName             : 
SourceIfName        : 
SourceIpAddr        : Unsupported family type (0)
DSCP                : 0
TransportProtocol   : 
TransportDestPort   : 
TransportSourcePortSelectionMethod   : 
Do Not Fragment     : Not Enabled
Router-Id           : 209.165.201.1

Export Version: 9
  Common Template Timeout : 1800 seconds
  Options Template Timeout : 1800 seconds
  Data Template Timeout : 1800 seconds
  Interface-Table Export Timeout : 0 seconds
  Sampler-Table Export Timeout : 0 seconds
  VRF-Table Export Timeout : 0 seconds

This table describes the significant fields shown in the display.

Table 2. show flow exporter-map Field Descriptions

Field

Description

Id

Identifies the flow exporter map.

DestinationIpAddr

Exports destination configuration.

SourceIfName

Source interface for this exporter map. You can specify the source interface with the flow exporter-map command.

SourceIpAddr

IP address of the source interface (SourceIfName).

DSCP

Differentiated services codepoint (DSCP) value for export packets.

Note

 

You can specify the DSCP with the flow exporter-map command.

TransportProtocol

Displays the configured transport protocol.

Note

 

Cisco IOS XR software supports the UDP transport protocol only.

Note

 

You can specify the transport protocol with the flow exporter-map command.

TransportDestPort

Displays the configured destination port for UDP packets.

Router-Id

Displays the configured router-id or agent-id.

Export Version

Displays the configured export format.

Note

 

Cisco IOS XR software supports export format version 9 only.

Common Template Timeout

Displays the configured common template timeout.

Options Template Timeout

Displays the configured options template timeout.

Note

 

You can specify the options template timeout with the flow exporter-map command.

Data Template Timeout

Displays the configured data template timeout.

Note

 

You can specify the data template timeout with the flow exporter-map command.

Interface-Table Export Timeout

Displays the export timeout value for the interface table.

Note

 

You can specify the export timeout for the interface table with the flow exporter-map command.

Sampler-Table Export Timeout

Displays the export timeout value for the sampler table.

Note

 

You can specify the export timeout for the sampler table with the flow exporter-map command.

show flow monitor

To display flow monitor cache data in various formats, enter the show flow monitor command in XR EXEC mode.

To match on Access Control Lists (ACLs) and one or more fields:

show flow monitor monitor-name cache match {ipv4 {acl name | source-address match-options | destination-address match-options | protocol match-options | tos match-options} | ipv6 {acl name | source-address match-options | destination-address match-options | protocol match-options | tc match-options} | layer4 {source-port-overloaded match-options | destination-port-overloaded match-options | tcp-flags match-flags-options} | bgp {source-as match-options | destination-as match-options} | interface {ingress match-if-options} | timestamp {first match-options | last match-options} | counters {byte match-options | packets match-options} | misc {forwarding-status match-options | direction match-dir-options}}

To sort flow record information according to a particular field:

show flow monitor monitor-name cache sort {ipv4 {source-address | destination-address | tos | protocol} | ipv4 {source-address | destination-address | tc | protocol} | mpls {label-2 | label-3 | label-4 | label-5 | label-6 | label-type | prefix | top-label} | layer4 {source-port-overloaded | destination-port-overloaded} | bgp {source-as | destination-as} | timestamp {first | last} | counters {bytes | packets} | misc {forwarding-status | direction} {top | bottom} [entries] }

To include or exclude one or more fields in the show flow monitor command output:

show flow monitor monitor-name cache {include | exclude} {ipv4 {source-address | destination-address | tos | protocol} | ipv6 {source-address | destination-address | tc | flow-label | option-headers | protocol} | mpls {label-2 | label-3 | label-4 | label-5 | label-6 | top-label} | layer4 {source-port-overloaded | destination-port-overloaded} | bgp {source-as | destination-as} | timestamp {first | last} | counters {bytes | packets} | misc {forwarding-status match-options | direction match-dir-options}}

To display summarized flow record statistics:

show flow monitor monitor-name cache summary location node-id

To display only key field, packet, and byte information for the flow records:

show flow monitor monitor-name cache brief location node-id

To display flow record information for a particular node only:

show flow monitor monitor-name cache location node-id

Syntax Description

If you specified the show flow monitor monitor-name cache match command to match on ACL and one or more fields:

Syntax Description

map_name

Name of the sampler map you want to configure. The sampler map name can be a maximum 32 characters.

This table describes the significant fields shown in the display.

Table 3. show flow monitor Field Descriptions

Field

Description

Cache summary for Flow Monitor fmm2

Displays general cache information for the specified flow monitor. The following information is displayed

  • Cache size for the specified flow monitor map
  • Current number of entries in the cache
  • High watermark for this cache
  • Number of flows added to the cache
  • Number of flows not added to the cache

Ager Polls

Displays the following ager statistics:

  • Active timeout
  • Inactive timeout
  • TCP FIN flag
  • Watermark aged
  • Emergency aged
  • Counter wrap aged
  • Total

Periodic export

  • Counter wrap
  • TCP FIN flag

Cache summary for Flow Monitor fmm2

Displays general cache information for the specified flow monitor. The following information is displayed

  • Cache size for the specified flow monitor map
  • Current number of entries in the cache
  • High watermark for this cache
  • Number of flows added to the cache
  • Number of flows not added to the cache

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Release 24.1.1

This command was modified to include additional BGP information elements.

Usage Guidelines

To collect source and destination AS information, you must enable BGP on the relevant BGP AFI/SAFI. Unless this is done, all AS numbers in the flow records are displayed as 0.

Keep these information in mind when using the show flow monitor command:

  • The show flow monitor command can include combinations of these options:

    • format

    • match

    • include

    • exclude

    • sort

    • summary

    • location

  • We do not recommend including the summary option with the sort and format options.
  • The mutually exclusive options are summary, brief, include, and exclude.
  • To see a list of fields that can be included after a keyword, enter the ? command, as shown in this example: 
    
RP/0/RP0/CPU0:router# show flow monitor map1 cache summary ?

  brief     Show just the key fields
  exclude   Exclude field
  format    Display format
  include   Include field
  location  Specify a location
  match     Match criteria
  sort      Sorting criteria

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display flow monitor data for a specific monitor map cache in the location 0/0/CPU0 :

This example shows how to display flow monitor data for a specific monitor map cache in the location 0/0/CPU0 : 

Router#show flow monitor mpls-1 cache summary location 0/0/CPU0

========== Record number: 1 ==========
LabelType        :   Unknown
Prefix/Length    : 20.1.1.0/24
Label1-EXP-S     :    16001-0-1
Label2-EXP-S     :       -
Label3-EXP-S     :       -
Label4-EXP-S     :       -
Label5-EXP-S     :       -
Label6-EXP-S     :       -
InputInterface   : FH0/0/0/1
OutputInterface  : FH0/0/0/0
ForwardStatus    : Fwd
FirstSwitched    : 00 08:28:52:189
LastSwitched     : 00 08:28:57:649
ByteCount        : 2352
PacketCount      : 56
Dir              : Ing
SamplerID        : 1
IPV4SrcAddr      : 30.1.1.1
IPV4DstAddr      : 20.1.1.1
IPV4TOS          : 0
IPV4Prot         : udp
L4SrcPort        : 2025
L4DestPort       : 2500
L4TCPFlags       : 0
IPV4SrcPrfxLen   : 24
IPV4DstPrfxLen   : 24
BGPNextHopV4     : 192.168.10.10
BGPNextHopV6     : ::
BGPSrcOrigAS     : 2000
BGPDstOrigAS     : 1000
IPV4NextHop      : 192.168.10.10
IPV6NextHop      : ::
MinimumTTL       : 90       
MaximumTTL       : 110      
InputVRFID       : default
OutputVRFID      : default
 
 
========== Record number: 1 ==========
LabelType        :   Unknown
Prefix/Length    : ::/0
Label1-EXP-S     :    16001-0-1
Label2-EXP-S     :       -
Label3-EXP-S     :       -
Label4-EXP-S     :       -
Label5-EXP-S     :       -
Label6-EXP-S     :       -
InputInterface   : FH0/0/0/1
OutputInterface  : FH0/0/0/0
ForwardStatus    : Fwd
FirstSwitched    : 00 08:27:38:692
LastSwitched     : 00 08:27:47:572
ByteCount        : 5580
PacketCount      : 90
Dir              : Ing
SamplerID        : 1
IPv6SrcAddr      : 50::1
IPv6DstAddr      : 40::1
IPv6TC           : 0
IPv6FlowLabel    : 0
IPv6OptHdrs      : 0x0
IPV6Prot         : udp
L4SrcPort        : 2025
L4DestPort       : 2500
L4TCPFlags       : 0
IPV6SrcPrfxLen   : 64
IPV6DstPrfxLen   : 64
BGPNextHopV4     : 0.0.0.0
BGPNextHopV6     : ::ffff:192.168.10.10
BGPSrcOrigAS     : 2000
BGPDstOrigAS     : 1000
IPV4NextHop      : 192.168.10.10
IPV6NextHop      : ::
MinimumTTL       : 195      
MaximumTTL       : 205      
InputVRFID       : default
OutputVRFID      : default

show flow monitor-map

To display flow monitor map data, enter the show flow monitor-map command in XR EXEC mode.

show flow monitor-map map-name Optional: [srv6]

Syntax Description

map-name

Name of the monitor map whose data you want to display.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Release 7.8.1

The show flow monitor-map command output was modified to display the monitor-map data for ipv6 srv6 subtypes.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display monitor-map data for a specific flow: 


RP/0/RP0/CPU0:router# show flow monitor-map map1

Flow Monitor Map : map1
-------------------------------------------------
Id:                1
RecordMapName:     ipv4
ExportMapName:     NFC
CacheAgingMode:    Permanent
CacheMaxEntries:   10000
CacheActiveTout:   N/A
CacheInactiveTout: N/A
CacheUpdateTout:   60 seconds
This example shows how to display SRv6 monitor-map data for a specific flow:

RP/0/RP0/CPU0:router# show flow monitor-map MON-MAP-1

Flow Monitor Map : MON
-------------------------------------------------
Id:                1
RecordMapName:     srv6
ExportMapName:     EXP
CacheAgingMode:    Normal
CacheMaxEntries:   65535
CacheActiveTout:   101 seconds
CacheInactiveTout: 15 seconds
CacheUpdateTout:   N/A
CacheRateLimit:    2000
HwCacheExists:     False
HwCacheInactTout:  50

This table describes the significant fields shown in the display.

Table 4. show flow monitor-map Field Descriptions

Field

Description

Flow Monitor Map

Name of the flow monitor map whose information is display in the show flow monitor-map command output.

Id

Number that identifies the flow monitor map.

RecordMapName

Name of the flow record map that is associated with this monitor map. The RecordMapName indicates the type of packets NetFlow captures as they leave the router.

ExportMapName

Name of the export map that is associated with this monitor map.

CacheAgingMode

Current aging mode configured on this cache.“Permanent” indicates that the removal of entries from the monitor map flow cache is disabled.

Note

 

To configure the number of entries allowed in the monitor map flow cache, enter the cache entries command in flow monitor map configuration mode. To disable the removal of entries from the monitor map flow cache, enter the cache permanent command in flow monitor map configuration mode.

CacheMaxEntries

Number of flow entries currently allowed in the flow cache before the oldest entry is removed.

Note

 

To modify the number of entries in the monitor map flow cache, enter the cache entries command in flow monitor map configuration mode

CacheActiveTout

Active flow timeout configured for this cache, in seconds.

Note

 

To modify the configured active flow timeout, use the cache timeout command in flow monitor map configuration mode.

CacheInactiveTout

Inactive flow timeout configured for this cache, in seconds.

Note

 

To modify the configured inactive flow timeout, use the cache timeout command in flow monitor map configuration mode.

CacheUpdateTout

Update timeout configured for this cache, in seconds.

Note

 

To modify the configured update timeout, use the cache timeout command in flow monitor map configuration mode.

This example shows how to display monitor-map data for a specific IPv6 flow: 


RP/0/RP0/CPU0:router# show flow monitor-map map2

Tue Jan 22 00:15:53.424 PST
Flow Monitor Map : map2
-------------------------------------------------
Id: 1
RecordMapName: ipv6
CacheAgingMode: Normal
CacheMaxEntries: 65535
CacheActiveTout: 1800 seconds
CacheInactiveTout: 15 seconds
CacheUpdateTout: N/A

show flow platform producer statistics location

To display statistics collected by the NetFlow producer, use the show flow platform producer statistics location command in XR EXEC mode.

show flow platform producer statistics location node-id

Syntax Description

node-id

Location of the node whose NetFlow producer statistics you want to display. The node-id is expressed in the rack/slot/module notation.

Note

 

Enter the show platform command to see the location of all nodes installed in the router.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display statistics collected by the NetFlow producer for the CPU card in slot 0: 


RP/0/RP0/CPU0:router# show flow platform producer statistics location 0/0/CPU0

Netflow Platform Producer Counters:
IPv4 Ingress Packets:                       0
IPv4 Egress Packets:                        0
IPv6 Ingress Packets:                       0
IPv6 Egress Packets:                        0
MPLS Ingress Packets:                       0
MPLS Egress Packets:                        0
Drops (no space):                           0
Drops (other):                              0
Unknown Ingress Packets:                    0
Unknown Egress Packets:                     0
Worker waiting:                             0

This table describes the significant fields shown in the display.

Table 5. show flow platform producer statistics Field Descriptions

Field

Description

IPv4 Ingress Packets

Number of IPV4 packets that were received from the remote end.

IPv4 Egress Packets

Number of transmitted IPV4 packets.

MPLS Ingress Packets

Number of MPLS packets that were received from the remote end.

MPLS Egress Packets

Number of transmitted MPLS packets.

Drops (no space)

Number of packets that the producer could not enqueue to the NetFlow server because the server input ring was full.

Drops (other)

Number of packets that the producer could not enqueue to the NetFlow server due to errors other than the server input ring being full.

Unknown Ingress Packets

Number of unrecognized packets received from the remote end that were dropped.

Unknown Egress Packets

Number of packets transmitted to the remote end that were dropped because they were not recognized by the remote end.

Worker waiting

Number of times that the producer needed to use the server.

Note

 

This field is strictly informational and does not indicate any error.

show sampler-map

To display sampler map information, enter the show sampler-map command in XR EXEC mode.

show sampler-map [sampler-name]

Syntax Description

sampler-name

Identifies the sampler map whose information you want to display.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read

Examples

This example shows how to display sampler map information for a router: 


RP/0/RP0/CPU0:router# show sampler-map map1

Sampler Map : map1
-------------------------------------------------
Id:      1
Mode:    Random (1 out of 100 Pkts)

This table describes the significant fields shown in the display.

Table 6. show sampler-map Field Descriptions

Field

Description

Id

Flow sampler map identifier.

Mode

Sampling interval in units of packet. “Random” mode is any mode that was configured with the flow monitor-map command.

Note

 

Currently, Cisco IOS XR software supports “Random” mode only.

source (NetFlow)

To configure a source interface for the current collector, use the source command in flow exporter map configuration mode. To remove a configured source interface, use the no form of this command.

source type interface-path-id

Syntax Description

type

Interface type. For more information, use the question mark ( ? ) online help function.

interface-path-id

Physical interface or virtual interface.

Note

 

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark ( ? ) online help function.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

For the interface-path-id argument, use the following guidelines:

  • If specifying T1/E1/DS0 physical interfaces, the naming notation is rack/slot/module/port/t1-num:

  • channel-group-number. If specifying other physical interface types, the naming notation is rack/slot/module/port. The slash between values is required as part of the notation. An explanation of each component of the naming notation is as follows:

    • rack: Chassis number of the rack.

    • slot: Physical slot number of the modular services card or line card.

    • module: Module number. A physical layer interface module (PLIM) is always 0. Shared port adapters (SPAs) are referenced by their subslot number.

    • port: Physical port number of the T3 controller.

    • t1-num : T1 or E1 channel number. T1 channels range from 1 to 24; E1 channels range from 1 to 31.

    • channel-group-number : Time slot number. T1 time slots range from 1 to 24; E1 time slots range from 1 to 31. The channel-group-number is preceded by a colon and not a slash.

    • source-address : Source address supports IPv4 or IPv6 address.

  • If specifying a virtual interface, the number range varies, depending on interface type.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure a physical interface as a source for the current collector: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)# source HundredGigE 0/3/0/0
RP/0/RP0/CPU0:router(config-fem)# source-address 192.127.10.1

This example shows how to configure a virtual interface as a source for the current collector. In this example, the source is an Ethernet bundle: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)# source Bundle-Ether 1

template (NetFlow)

To configure the export timeout value for the data and options templates, enter the template command in flow exporter map version configuration mode. To remove a configured template export timeout value, use the no form of this command.

template [data | options] timeout seconds

Syntax Description

data

(Optional) Specifies the data template.

options

(Optional) Specifies the options template.

timeout seconds

Configures the timeout value for the specified template, or for both the data and options templates. Replace seconds with the export timeout value. Range is from 1 through 604800 seconds.

Command Default

Default timeout value for data and options template is 1800 seconds.

Command Modes

Flow exporter map version configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the export timeout value for the data template to be 300 seconds: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map fem1
RP/0/RP0/CPU0:router(config-fem)# version v9
RP/0/RP0/CPU0:router(config-fem-ver)# template data timeout 300

transport udp

To configure the destination port for User Datagram Protocol (UDP) packets, enter the transport udp command in flow exporter map configuration mode. To remove a configured destination port, use the no form of this command.

transport udp port_value

Syntax Description

port_value

Destination port for UDP packets. Replace port with the destination port value. Range is from 1024 through 65535.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure the destination port for UDP packets: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)# transport udp 1030

version v9

To enter flow exporter map version configuration submode so that you can configure export version parameters, enter the version v9 command in flow exporter map configuration mode. To remove the current export version configuration and return to the default configuration, use the no form of this command.

version v9

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 6.0

This command was introduced.

Usage Guidelines

When you issue the version v9 command, the CLI prompt changes to “config-fem-ver,” indicating that you have entered flow exporter map version configuration submode. In this sample output, the question mark ( ? ) online help function displays all the commands available under flow exporter map version configuration submode: 


RP/0/RP0/CPU0:router(config-fem)# version v9
RP/0/RP0/CPU0:router(config-fem-ver)#?

  clear     Clear the uncommitted configuration
  commit    Commit the configuration changes to running
  describe  Describe a command without taking real actions
  do        Run an exec command
  exit      Exit from this submode
  no        Negate a command or set its defaults
  options   Specify export of options template
  pwd       Commands used to reach current submode
  root      Exit to the XR Config mode
  show      Show contents of configuration
  template  Specify template export parameters

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to enter flow exporter map version configuration submode: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)# version v9
RP/0/RP0/CPU0:router(config-fem-ver)#

version ipfix

To configure Internet Protocol Flow Information Export (IPFIX) as an export version and configure export version parameters, enter the version ipfix command in flow exporter map configuration mode. To remove the current export version configuration and return to the default configuration, use the no form of this command.

version ipfix [options {interface-table | sampler-table | vrf-table} timeout timeout-value | template {data | options } timeout timeout-value]

Syntax Description

options

(Optional) Specifies export of options template. Options template provide extra information about the flow records. The options template include these options:

  • interface-table

  • sampler-table

  • vrf-table

For each options template specify timeout value (in seconds) during which the exporter has to retransmit each active options template.

template

(Optional) Specifies template export parameters such as data template and options template timeout configurations.

timeout timeoutout-value

Specifies custom timeout value (in seconds) during which the exporter has to retransmit each active template. The range of timeout-value is 1 to 604800 seconds.

Command Default

None

Command Modes

Flow exporter map configuration

Command History

Release

Modification

Release 6.2.2

This command was introduced.

Release 6.3.1

This command was introduced.

Usage Guidelines

When you issue the version ipfix command, the CLI prompt changes to “config-fem-ver,” indicating that you have entered flow exporter map version configuration submode. In this sample output, the question mark ( ? ) online help function displays all the commands available under flow exporter map version configuration submode: 


RP/0/RP0/CPU0:router(config-fem)# version ipfix
RP/0/RP0/CPU0:router(config-fem-ver)#?

  clear     Clear the uncommitted configuration
  commit    Commit the configuration changes to running
  describe  Describe a command without taking real actions
  do        Run an exec command
  exit      Exit from this submode
  no        Negate a command or set its defaults
  options   Specify export of options template
  pwd       Commands used to reach current submode
  root      Exit to the  mode
  show      Show contents of configuration
  template  Specify template export parameters

Task ID

Task ID

Operations

netflow

read, write

Examples

This example shows how to configure IPFIX as an exporter in an flow exporter map configuration submode: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# flow exporter-map map1
RP/0/RP0/CPU0:router(config-fem)# version ipfix
RP/0/RP0/CPU0:router(config-fem-ver)#