※noteから引っ越してきた記事※
初期設定
画像に映ってる全ルータにてOSPF起動
show run(設定)
R1#show run | s flow|GigabitEthernet0/2
flow record RECORD
match ipv4 destination address
match flow cts source group-tag
match flow cts destination group-tag
flow exporter EXPORT
destination 155.1.146.4
transport udp 65
flow monitor MONITOR
exporter EXPORT
record RECORD
interface GigabitEthernet0/2
ip address 155.1.146.1 255.255.255.0
ip flow monitor MONITOR input
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45
iosv-1で回収したフローをiosv-4へ送るよう設定。
show flow record/monitor
R1#show flow record RECORD
flow record RECORD:
Description: User defined
No. of users: 1
Total field space: 8 bytes
Fields:
match ipv4 destination address
match flow cts source group-tag
match flow cts destination group-tag
R1#show flow monitor MONITOR
Flow Monitor MONITOR:
Description: User defined
Flow Record: RECORD
Flow Exporter: EXPORT
Cache:
Type: normal
Status: allocated
Size: 4096 entries / 180236 bytes
Inactive Timeout: 15 secs
Active Timeout: 1800 secs
monitorのSizeのbytesが、monitorをI/Fに当てる前は0だったのでおそらく動いてはいるっぽい。
show flow statistics各種
R1#show flow exporter statistics
Flow Exporter EXPORT:
Packet send statistics (last cleared 00:40:24 ago):
Successfully sent: 49 (3080 bytes)
Client send statistics:
Client: Flow Monitor MONITOR
Records added: 49
- sent: 49
Bytes added: 392
- sent: 392
R1#show flow monitor MONITOR statistics
Cache type: Normal
Cache size: 4096
Current entries: 2
High Watermark: 3
Flows added: 52
Flows aged: 50
- Active timeout ( 1800 secs) 0
- Inactive timeout ( 15 secs) 50
- Event aged 0
- Watermark aged 0
- Emergency aged 0
パケットキャプチャ
iosv-3からiosv-6宛にpingを飛ばすとたまに流れてくる。(ICMPみたいに一気にどばっと来たりしない)
宛先ポート番号を65に設定しているので、おそらくFlexibleNetflowのトラフィックだと思われる。