For feedback and comments:
documentation.feedback@alcatel-lucent.com

Table of Contents Previous Next Index PDF


Configuring Cflowd with CLI
This section provides information to configure cflowd using the command line interface.
Topics in this section include:
Cflowd Configuration Overview
The SR OS implementation of cflowd supports the option to analyze traffic flow. The implementation also supports the use of traffic/access list (ACL) filters to limit the type of traffic that is analyzed.
 
Traffic Sampling
Traffic sampling does not examine all packets received by a router. Command parameters allow the rate at which traffic is sampled and sent for flow analysis to be modified. The default sampling rate is every 1000th packet. Excessive sampling over an extended period of time, for example, more than every 1000th packet, can burden router processing resources.
The following data is maintained for each individual flow in the raw flow cache:
 
Within the raw flow cache, the following characteristics are used to identify an individual flow:
The SR OS implementation allows you to enable cflowd either at the interface level or as an action to a filter. By enabling cflowd at the interface level, all IP packets forwarded by the interface are subject to cflowd analysis. By setting cflowd as an action in a filter, only packets matching the specified filter are subject to cflowd analysis. This provides the network operator greater flexibility in the types of flows that are captured.
 
Collectors 
A collector defines how data flows should be exported from the flow cache. A maximum of 5 collectors can be configured. Each collector is identified by a unique IP address and UDP port value. Each collector can only export traffic in one version type, either V5, V8, V9, or V10.
The parameters within a collector configuration can be modified or the defaults retained.
The autonomous-system-type command defines whether the autonomous system information to be included in the flow data is based on the originating AS or external peer AS of the flow.
 
Aggregation
V8 aggregation allows for flow data to be aggregated into larger, less granular flows. Use aggregation commands to specify the type of data to be collected. These aggregation types are only applicable to flows being exported to a v8 collector.
The following aggregation schemes are supported:
Basic Cflowd Configuration
This section provides information to configure cflowd and configuration examples of common configuration tasks. In order to sample traffic, the minimal cflowd parameters that need to be configured are:
The following example displays a cflowd configuration.
A:ALA-1>config>cflowd# info detail
----------------------------------------------
	active-timeout 30
	cache-size 65536inactive-timeout 15
	overflow 1
	rate 1000
	collector 10.10.10.103:2055 version 9
		no aggregation
		autonomous-system-type origin
		description "V9 collector"
		no shutdown
	exit
	template-retransmit 330
	exit
	no shutdown
----------------------------------------------
A:ALA-1>config>cflowd#
Common Configuration Tasks
This section provides a brief overview of the tasks that must be performed to configure cflowd and provides the CLI commands. In order to begin traffic flow sampling, cflowd must be enabled and at least one collector must be configured.
 
Global Cflowd Components
The following common (global) attributes apply to all instances of cflowd:
 
Configuring Cflowd
Use the CLI syntax displayed below to perform the following tasks:
 
CLI Syntax: config>cflowd#
active-timeout minutes
cache-size num-entries
inactive-timeout seconds
template-retransmit seconds
overflow percent
rate sample-rate
collector ip-address[:port] {version [5 | 8 | 9 |10]}
aggregation
as-matrix
destination-prefix
protocol-port
raw
source-destination-prefix
source-prefix
template-set {basic | mpls-ip}
autonomous-system-type [origin | peer]
description description-string
no shutdown
no shutdown
 
Enabling Cflowd
Cflowd is disabled by default. Executing the command configure cflowd will enable cflowd, by default cflowd is not shutdown but must be configured including at least one collector to be active.
 
Use the following CLI syntax to enable cflowd:
CLI Syntax: config# cflowd
no shutdown
 
The following example displays the default values when cflowd is initially enabled. No collectors or collector options are configured.
 
A:ALA-1>config# info detail 
...
#------------------------------------------
echo "Cflowd Configuration"
#------------------------------------------
    cflowd
        active-timeout 30
        cache-size 65536
        inactive-timeout 15
        overflow 1
        rate 1000
        template-retransmit 600 
        no shutdown
    exit
#------------------------------------------
A:ALA-1>config#
 
Configuring Global Cflowd Parameters
The following cflowd parameters apply to all instances where cflowd (traffic sampling) is enabled.
Use the following CLI commands to configure cflowd parameters:
CLI Syntax: config>cflowd#
active-timeout minutes
cache-size num-entries
inactive-timeout seconds
overflow percent
rate sample-rate
template-retransmit seconds
no shutdown
 
The following example displays a common cflowd component configuration:
A:ALA-1>config>cflowd# info 
#------------------------------------------
        active-timeout 20
        inactive-timeout 10
        overflow 10
        rate 100
#------------------------------------------
A:ALA-1>config>cflowd# 
 
 
Configuring Cflowd Collectors
To configure cflowd collector parameters, enter the following commands:
CLI Syntax: config>cflowd#
collector ip-address[:port] [version version]
aggregation
as-matrix
destination-prefix
protocol-port
raw
source-destination-prefix
source-prefix
autonomous-system-type [origin | peer]
description description-string
no shutdown
template-set {basic | mpls-ip}
The following example displays a basic cflowd configuration:
A:ALA-1>config>cflowd# info
-----------------------------------------
active-timeout 20
        inactive-timeout 10
        overflow 10
        rate 100
        collector 10.10.10.1:2000 version 8
            aggregation
                as-matrix
                raw
            exit
            description "AS info collector"
        exit
        collector 10.10.10.2:5000 version 8
            aggregation
                protocol-port
                source-destination-prefix
            exit
            autonomous-system-type peer
            description "Neighbor collector"
        exit
-----------------------------------------
A:ALA-1>config>cflowd# 
 
Version 9 Collector example:
collector 10.10.10.9:2000 version 9
           description "v9collector"
           template-set mpls-ip
           no shutdown
exit
 
Version 9 and Version 10 Templates
If the collector is configured to use either version 9 or 10 (IPFIX) formats, the flow data is sent to the designated collector using one of the pre-defined templates. The template used is based on the type of flow for which the data was collected (IPv4, IPv6, MPLS or Ethernet (Layer 2)), and the configuration of the template-set parameter. Table 11 indicates the relationship between these values and the corresponding template used to export the flow data.
 
Table 11: Template-Set 
Each flow exported, to a collector configured for either v9 or v10 formats, will be sent using one of the above flow template sets. As described above, which template is used is based on the flow type and how the collector’s template-set parameter is configured.
The following tables specify the fields present in each template:
Flow Start Milliseconds1

1
Only sent to collectors configured for v10 format

 
Flow Start Milliseconds1

1
Only sent to collectors configured for v10 format

 
Flow Start Milliseconds1

1
Only sent to collectors configured for v10 format

 
Flow Start Milliseconds1

1
Only sent to collectors configured for v10 format

 
Flow Start Milliseconds1

1
Only sent to collectors configured for v10 format

 
Flow Start Milliseconds1

1
Only sent to collectors configured for v10 format

 
Table 18: Ethernet (L2-IP) Flow Template1

1
Ohe Ethernet (L2-IP) flow template is only supported and exported to IPFIX (v10) collectors.
 

 
Enabling Cflowd on Interfaces and Filters
This section discusses the following cflowd configuration management tasks:
 
Specifying Cflowd Options on an IP Interface
When cflowd is enabled on an interface, all packets forwarded by the interface are subject to analysis according to the global cflowd configuration and sorted according to the collector configuration(s).
Refer to Table 19, Cflowd Configuration Dependencies for configuration combinations.
When the cflowd interface option is configured in the config>router>interface context, the following requirements must be met to enable traffic sampling on the specific interface:
1.
2.
3.
The interface>cflowd interface option must be selected. For configuration information, refer to the Filter Policy Overview section of the 7750 SR Router Configuration Guide.
4.
To omit certain types of traffic from being sampled when the interface sampling is enabled, the config>filter>ip-filter>entry>interface-disable-sample option may be enabled via an ip-filter or ipv6-filter. The filter must be applied to the service or network interface on which the traffic to be omitted is to ingress the system.
 
Interface Configurations
CLI Syntax: config>router>if#
cflowd {acl|interface}
no cflowd
Depending on the option selected, either acl or interface, cflowd extracts traffic flow samples from an IP filter or an interface for analysis. All packets forwarded by the interface are analyzed according to the cflowd configuration.
The acl option must be selected in order to enable traffic sampling on an IP filter. Cflowd (filter-sample) must be enabled in at least one IP filter entry.
The interface option must be selected in order to enable traffic sampling on an interface. If cflowd is not enabled (no cflowd) then traffic sampling will not occur on the interface.
 
Service Interfaces
CLI Syntax: config>service>vpls service-id# interface ip-int-name
cflowd {acl|interface}
 
When enabled on a service interface, cflowd collects routed traffic flow samples through a router for analysis. Cflowd is supported on IES and VPRN services interfaces only. Layer 2 traffic is excluded. All packets forwarded by the interface are analyzed according to the cflowd configuration. On the interface level, cflowd can be associated with a filter (ACL) or an IP interface.
 
Specifying Sampling Options in Filter Entries
Packets are matched against filter entries to determine acceptability. With cflowd, only the first packet of a flow is compared. If the first packet matches the filter criteria, then an entry is added to the cflowd cache. Subsequent packets in the same flow are also sampled based on the cache entry.
Since a filter can be applied to more than one interface (when configured with a scope template), the interface-disable-sample option is intended to enable or disable traffic sampling on an interface-by-interface basis. The command can be enabled or disabled as needed instead creating numerous filter versions.
To enable for filtr traffic sampling, the following requirements must be met::
1.
2.
3.
On the IP interface being used, the interface>cflowd acl option must be selected. (See Interfcace Configuration) For configuration information, refer to the IP Router Confguration Overview section of the 7750 SR Router Configuration Guide.
4.
On the IP filter being used, the entry>filter-sample option must be explicitly enabled for the entries matching the traffic that should be sampled. The default is no filter-sample. (See Filter Configuration for more information).
5.
 
Filter Configurations
CLI Syntax: config>filter>ip-filter>entry#
[no] filter-sample
[no] interface-disable-sample
When a filter policy is applied to a service or a network interface, sampling can be configured so that traffic matching the associated IP filter entry is sampled when the IP interface is set to cflowd ACL mode and the filter-sample command is enabled. If cflowd is either not enabled (no filter-sample) or set to the cflowd interface mode, then sampling does not occur.
When the interface-disable-sample command is enabled, then traffic matching the associated IP filter entry is not sampled if the IP interface is set to cflowd ACL mode.
 
Dependencies
In order for cflowd to be operational, the following requirements must be met:
Cflowd can also be dependent on the following entity configurations:
Depending on the combination of interface and filter entry configurations determine if and when flow sampling occurs. Table 19 displays the expected results when specific features are enabled and disabled.
 
router>interface
cflowd
[acl | interface] Setting
 
Cflowd Configuration Management Tasks
This section discusses the following cflowd configuration management tasks:
 
Modifying Global Cflowd Components
Cflowd parameter modifications apply to all instances where cflowd or traffic sampling is enabled. Changes are applied immediately. Use the following cflowd commands to modify global cflowd parameters:
CLI Syntax: config>cflowd#
active-timeout minutes
no active-timeout
cache-size num-entries
no cache-size
inactive-timeout seconds
no inactive-timeout
overflow percent
no overflow
rate sample-rate
no rate
[no] shutdown
template-retransmit seconds
no template-retransmit
 
The following example displays the cflowd command usage to modify configuration parameters:
Example: config>cflowd# active-timeout 60
config>cflowd# no inactive-timeout
config>cflowd# overflow 2
config>cflowd# rate 10
The following example displays the common cflowd component configuration:
A:ALA-1>config>cflowd# info 
#------------------------------------------
        active-timeout 60
        overflow 2
        rate 10
#------------------------------------------
A:ALA-1>config>cflowd# 
 
Modifying Cflowd Collector Parameters
Use the following commands to modify cflowd collector and aggregation parameters:
CLI Syntax: config>cflowd#
collector ip-address[:port] [version version]
no collector ip-address[:port]
[no] aggregation
[no] as-matrix
[no] destination-prefix
[no] protocol-port
[no] raw
[no] source-destination-prefix
[no] source-prefix
[no] autonomous-system-type [origin | peer]
[no] description description-string
[no] shutdown
template-set {basic | mpls-ip | l2-ip}
 
If a specific collector UDP port is not identified then, by default, flows are sent to port 2055.
The following displays basic cflowd modifications:
A:ALA-1>config>cflowd# info
-----------------------------------------
	active-timeout 60
        overflow 2
        rate 10
        collector 10.10.10.1:2000 version 5
            description "AS info collector"
        exit
        collector 10.10.10.2:5000 version 8
            aggregation
                source-prefix
                raw
            exit
            description "Test collector"
        exit
-----------------------------------------
A:ALA-1>config>cflowd#