【old】よちよちFlexibleNetflow

※noteから引っ越してきた記事※

初期設定

画像に映ってる全ルータにてOSPF起動

show run(設定)

R1#show run | s flow|GigabitEthernet0/2
flow record RECORD
match ipv4 destination address
match flow cts source group-tag
match flow cts destination group-tag

flow exporter EXPORT
destination 155.1.146.4
transport udp 65

flow monitor MONITOR
exporter EXPORT
record RECORD

interface GigabitEthernet0/2
ip address 155.1.146.1 255.255.255.0
ip flow monitor MONITOR input
ip ospf 1 area 0
duplex auto
speed auto
media-type rj45

iosv-1で回収したフローをiosv-4へ送るよう設定。

show flow record/monitor

R1#show flow record RECORD
flow record RECORD:
  Description:        User defined
  No. of users:       1
  Total field space:  8 bytes
  Fields:
    match ipv4 destination address
    match flow cts source group-tag
    match flow cts destination group-tag

R1#show flow monitor MONITOR
Flow Monitor MONITOR:
  Description:       User defined
  Flow Record:       RECORD
  Flow Exporter:     EXPORT
  Cache:
    Type:                 normal
    Status:               allocated
    Size:                 4096 entries / 180236 bytes
    Inactive Timeout:     15 secs
    Active Timeout:       1800 secs

monitorのSizeのbytesが、monitorをI/Fに当てる前は0だったのでおそらく動いてはいるっぽい。

show flow statistics各種

R1#show flow exporter statistics
Flow Exporter EXPORT:
  Packet send statistics (last cleared 00:40:24 ago):
    Successfully sent:         49                    (3080 bytes)

  Client send statistics:
    Client: Flow Monitor MONITOR
      Records added:           49
        - sent:                49
      Bytes added:             392
        - sent:                392


R1#show flow monitor MONITOR statistics
  Cache type:                               Normal
  Cache size:                                 4096
  Current entries:                               2
  High Watermark:                                3

  Flows added:                                  52
  Flows aged:                                   50
    - Active timeout      (  1800 secs)          0
    - Inactive timeout    (    15 secs)         50
    - Event aged                                 0
    - Watermark aged                             0
    - Emergency aged                             0

パケットキャプチャ

画像

iosv-3からiosv-6宛にpingを飛ばすとたまに流れてくる。(ICMPみたいに一気にどばっと来たりしない)
宛先ポート番号を65に設定しているので、おそらくFlexibleNetflowのトラフィックだと思われる。

参考

Chapter: Flexible Netflow Overview

4.6 Network optimization