Answers: Basic NetFlow 1

Informally, these labs are like any repetitive types of practice when learning a sport. Basketball players take lots of jump shots, soccer players practice long and short passing drills, baseball players take grounders, etc. And the best of the pros keep practicing these fundamentals throughout their career. This post reviews your answer from this latest round of the CCNA-equivalent of practicing jump shots: a lab about configuring NetFlow. Do the lab on paper, and check your answer here in this post.

Answers

Figure 1: Two Routers with IP Addresses

Example 3: R2 Config

Commentary

Netflow provides the ability to monitor the various network ‘flows’ that go through a network to better interpret how a network is being used. It does this by monitoring the traffic that goes in and/or out of an interface, as part of this collection it does not collect the raw packet data but only a limited subset that allows it to determine the type of traffic being received or transmitted. An example of the information collected using Netflow version 5 records includes the Source and Destination IP Addresses, Source and Destination Port numbers, Layer 3 protocol type, Type of Service markings, and the input logical interface. A newer Netflow version 9 record is also available that allows the customization of fields being collected.

NetFlow configuration has two parts: configuring NetFlow capture, to make the device gather statistics, and configuring NetFlow reporting, which tells the device to send statistical information to an external server (the NetFlow collector).

The first half of the answer shows the configuration of NetFlow capture. Specifically, the ip flow ingress interface subcommand enables NetFlow for packets entering the interface, with ip flow egress doing the same but for packets exiting the interface.

The second half of Example 2 shows the configuration of NetFlow data export, sending data to the external NetFlow collector. Specifically, the configuration sets the NetFlow record version number (ip flow-export version), the interface whose source IP address to use for packets sent to the NetFlow collector (ip flow-export source), and the configuration of the NetFlow collector’s IP address and port number 1025 (ip flow-export destination).