ASR9000 / IOS-XR Netflow Configuration

ASR9k / XR netflow configuration consists of three different section, sampler_map, monitor_map and exporter_map. You take a sample of traffic according to your sampler_map then process it with some different parameters like caching/table sizes in you motior map and last you export it with your exported map. Of course you need to add something under interface.

You can basicly configure these like below.

sampler-map sampler_map_netflow

 random 1 out-of 1000 

Sampling frequency which indicates how often the device takes a sample of the frames regardless they are forwarded or not. When you check flow data with some cache commands you can see if it’s forwarded or DroppedAcl etc. That’s pretty good to learn what happened to the packets. 1 out of 1000 or 500 is enough, of course depends on you traffic characteristic or collector mem.

flow monitor-map monitor_map_netflow

 record ipv4

 exporter exporter_map_netflow

 exporter exporter_map_netflow_2 //you can configure more than one exporter map so that you can send data to multiple flow server destinations.

 cache timeout active 30 // that means, if a flow is active for a long time, router will export it after 30 seconds otherwise it’ll wait for 1800 seconds which is the default.So you don’t have to wait 30 min to see the active traffic flow in your collector.

flow exporter-map exporter_map_netflow

 version v9

 !

 transport udp 9996

 source Loopback0

 destination <flow_collector_ip>

And the last one is interface configuration. You can both configure ingress or egress but the recommended is to configure ingress on all interfaces of the router.

interface tex/x

flow ipv4 monitor monitor_map_netflow sampler sampler_map_netflow ingress