Cflowd

This chapter provides information about the cflowd tool.

Topics in this chapter include:

Cflowd overview

Cflowd is a tool used to sample IPv4, IPv6, MPLS, and Ethernet traffic data flows through a router. Cflowd enables traffic sampling and analysis by ISPs and network engineers to support capacity planning, trends analysis, and characterization of workloads in a network service provider environment.

Cflowd is also useful for traffic engineering, network planning and analysis, network monitoring, developing user profiles, data warehousing and mining, as well as security-related investigations. Collected information can be viewed in port, AS, or network matrices and pure flow structures. The amount of data stored depends on the cflowd configurations.

Cflowd maintains a list of data flows through a router. A flow is a unidirectional traffic stream defined by several characteristics such as source and destination IP addresses, source and destination ports, inbound interface, IP protocol, and type of service (ToS) bits.

When a router receives a packet that is sampled by cflowd, and for which it currently does not have a flow entry, a flow structure is initialized to maintain state information about that flow, such as the number of bytes exchanged, IP addresses, port numbers, and AS numbers. Each subsequent packet that is sampled and that matches the parameters of the flow contributes to the byte and packet count of the flow until the flow is terminated and exported to a collector for storage.

The 7705 SAR supports cflowd version 9 and 10 on Ethernet ports on all adapter cards. On the 2-port 10GigE (Ethernet) Adapter card and 2-port 10GigE (Ethernet) module, only the virtual port supports sampling.

Operation

The following figure shows the basic operation of the cflowd feature. This flow example is only used to describe the basic steps that are performed. It is not intended to specify how cflowd is implemented.

The basic cflowd steps are as follows.

As a packet ingresses a port, a decision is made to forward or drop the packet.
A decision is then made as to whether the packet should be sampled; if so, the forward/drop status is appended to the header information for processing by cflowd.
If a new flow is found, a new entry is added to the cache. If the flow already exists in the cache, the flow statistics are updated.
If a new flow is found and the maximum number of entries are already in the flow cache, the earliest expiry entry is terminated. The earliest expiry entry is the next flow that will expire due to the active or inactive timer expiration.
If a flow has been inactive for a period of time equal to, or greater than, the inactive timer (default 15 s), the entry is terminated.
If a flow has been active for a period of time equal to, or greater than, the active timer (default 30 min), the entry is terminated.

The sample rate and cache size are configurable values. The sample rate default is 1000 with a range of one to 1 000 000. The cache size default is 65 536 flow entries with a range of 1000 to 250 000.

A flow terminates when one of the following conditions is met:

the inactive timer expires

A flow is terminated when no packets are seen for the flow for a number of seconds equal to, or greater than, the inactive timer. The default inactive timeout period is 15 s, with a range of 10 to 600 s.
the active timer expires

A flow is terminated if it has been active for a period of time equal to, or greater than, the active timer, even if there are packets coming in for the flow. The default active timeout period is 30 min, with a range of 1 to 600 min.
the user executes a clear cflowd command
any other measure is met that applies to aggressively age flows as the cache becomes too full (such as overflow percent)

When a flow is terminated, the collected data is formatted and exported from the cache to an external collector that maintains an accumulation of historical data flows that network operators can use to analyze traffic patterns. Flow data is exported in one of the following formats:

version 9 – generates a variable export record, depending on user configuration and sampled traffic type (IPv4, IPv6, or MPLS) for each individual flow captured. Version 9 is interoperable with RFC 3954, Cisco Systems NetFlow Services Export Version 9.
version 10 (IPFIX) – generates a variable export record, depending on user configuration and sampled traffic type (IPv4, IPv6, MPLS, or Ethernet Layer 2) for each individual flow captured. Version 10 is interoperable with RFC 5101 and 5102 from the IETF as the IP Flow Information Export (IPFIX) standard.

Sampling

To avoid stressing router processors with excessive sampling, cflowd is not required to examine every packet received by the router. The sampling rate can be configured to be every packet or up to every 1 000 000 packets, with a default rate of 1000 packets. A larger rate value provides more flexibility to avoid congestion on smaller platforms. Sampling at too high a rate over an extended period of time can burden router processing resources. Sampling is supported in ingress and egress directions for Layer 3 services. For Layer 2 services, only ingress sampling is supported.

The following data is maintained for each individual flow in the raw flow cache:

source IP address
destination IP address
source port
destination port
forwarding status
input interface
output interface
IP protocol
TCP flags
first timestamp (of the first packet in the flow)
last timestamp (timestamp of last packet in the flow prior to expiry of the flow)
source AS number for peer and origin (taken from BGP)
destination AS number for peer and origin (taken from BGP)
IP next hop
BGP next hop
ICMP type and code
IP version
source prefix (from routing)
destination prefix (from routing)
MPLS label stack from label 1 to 6

Within the raw flow cache, the following characteristics are used to identify an individual flow:

ingress interface
source IP address
destination IP address
source transport port number
destination transport port number
IP protocol type
IP ToS byte
forwarding status
virtual router ID
ICMP type and code
direction
MPLS labels

Collectors

A collector defines how data flows should be exported from the flow cache. A maximum of five collectors can be configured and at least one must be configured for cflowd to be active. Each collector is identified by a unique IP address and UDP port value. Each collector can only export traffic in one version type: version 9 or version 10.

The parameters within a collector configuration can be modified.

Templates

Flow data is sent to the designated collector using a predefined template. The template used is based on the type of flow for which the data was collected (IPv4, IPv6, MPLS, or Ethernet Layer 2) and the configuration of the template-set parameter. The following table lists these values and the corresponding template used to export the flow data.

Table 1. Cflowd templates
Traffic flow	Template set
Traffic flow	basic	mpls-ip	l2-ip
IPv4	Basic IPv4	MPLS-IPv4	—
IPv6	Basic IPv6	MPLS-IPv6	—
MPLS	Basic MPLS	MPLS-IP	—
Ethernet ¹	—	—	L2-IP

Note:

Only supported on collectors configured for version 10 format.

Each flow exported to a collector configured for either the version 9 or version 10 format is sent using one of the templates listed in the table.

The following tables list the fields in each template listed in Cflowd templates.

Table 2. Basic IPv4 template
Field name	Field ID
IPv4 Src Addr	8
IPv4 Dest Addr	12
IPv4 Nexthop	15
BGP Nexthop	18
Ingress Interface	10
Egress Interface	14
Packet Count	2
Byte Count	1
Start Time	22
End Time	21
Flow Start Milliseconds ¹	152
Flow End Milliseconds ¹	153
Src Port	7
Dest Port	11
Forwarding Status	89
TCP control Bits (Flags)	6
IPv4 Protocol	4
IPv4 TOS	5
IP version	60
ICMP Type & Code	32
Direction	61
BGP Source ASN	16
BGP Dest ASN	17
Source IPv4 Prefix Length	9
Dest IPv4 Prefix Length	13
Minimum IP Total Length	25
Maximum IP Total Length	26
Minimum TTL	52
Maximum TTL	53
Multicast Replication Factor	99
IsMulticast ¹	206
Ingress VRFID ¹	234
Egress VRFID ¹	235

Note:

Only sent to collectors configured for version 10 format.

Table 3. Basic IPv6 template
Field name	Field ID
IPv6 Src Addr	27
IPv6 Dest Addr	18
IPv6 Nexthop	62
IPv6 BGP Nexthop	63
IPv4 Nexthop	15
IPv4 BGP Nexthop	18
Ingress Interface	10
Egress Interface	14
Packet Count	2
Byte Count	1
Start Time	22
End Time	21
Flow Start Milliseconds ¹	152
Flow End Milliseconds ¹	153
Src Port	7
Dest Port	11
Forwarding Status	89
TCP control Bits (Flags)	6
Protocol	4
IPv6 Extension Hdr	64
IPv6 Next Header ¹	193
IPv6 Flow Label	31
TOS	5
IP version	60
IPv6 ICMP Type & Code ¹	139
Direction	61
BGP Source ASN	16
BGP Dest ASN	17
IPv6 Src Mask	29
IPv6 Dest Mask	30
Minimum IP Total Length	25
Maximum IP Total Length	26
Minimum TTL	52
Maximum TTL	53
Multicast Replication Factor	99
IsMulticast ¹	206
Ingress VRFID ¹	234
Egress VRFID ¹	235

Note:

Only sent to collectors configured for version 10 format.

Table 4. MPLS-IPv4 template
Field name	Field ID
IPv4 Src Addr	8
IPv4 Dest Addr	12
IPv4 Nexthop	15
BGP Nexthop	18
Ingress Interface	10
Egress Interface	14
Packet Count	2
Byte Count	1
Start Time	22
End Time	21
Flow Start Milliseconds ¹	152
Flow End Milliseconds ¹	153
Src Port	7
Dest Port	11
Forwarding Status	89
TCP control Bits (Flags)	6
IPv4 Protocol	4
IPv4 TOS	5
IP version	60
ICMP Type & Code	32
Direction	61
BGP Source ASN	16
BGP Dest ASN	17
Source IPv4 Prefix Length	9
Dest IPv4 Prefix Length	13
MPLS Label 1	70
MPLS Label 2	71
MPLS Label 3	72
MPLS Label 4	73
MPLS Label 5	74
MPLS Label 6	75
Minimum IP Total Length	25
Maximum IP Total Length	26
Minimum TTL	52
Maximum TTL	53
Multicast Replication Factor	99
IsMulticast ¹	206
Ingress VRFID ¹	234
Egress VRFID ¹	235

Note:

Only sent to collectors configured for version 10 format.

Table 5. MPLS-IPv6 template
Field name	Field ID
IPv6 Src Addr	27
IPv6 Dest Addr	28
IPv6 Nexthop	62
IPv6 BGP Nexthop	63
IPv4 Nexthop	15
IPv4 BGP Nexthop	18
Ingress Interface	10
Egress Interface	14
Packet Count	2
Byte Count	1
Start Time	22
End Time	21
Flow Start Milliseconds ¹	152
Flow End Milliseconds ¹	153
Src Port	7
Dest Port	11
Forwarding Status	89
TCP control Bits (Flags)	6
Protocol	4
IPv6 Extension Hdr	64
IPv6 Next Header	193
IPv6 Flow Label	31
TOS	5
IP version	60
IPv4 ICMP Type & Code ²	32
IPv6 ICMP Type & Code ¹	139
Direction	61
BGP Source ASN	16
BGP Dest ASN	17
IPv6 Src Mask	29
IPv6 Dest Mask	30
MPLS Label 1	70
MPLS Label 2	71
MPLS Label 3	72
MPLS Label 4	73
MPLS Label 5	74
MPLS Label 6	75
Minimum IP Total Length	25
Maximum IP Total Length	26
Minimum TTL	52
Maximum TTL	53
Multicast Replication Factor	99
IsMulticast ¹	206
Ingress VRFID ¹	234
Egress VRFID ¹	235

Notes:

Only sent to collectors configured for version 10 format.
Only sent to collectors configured for version 9 format.

Table 6. L2-IP (Ethernet) flow template for version 10 only
Field name ¹	Field ID
MAC Src Addr	56
MAC Dest Addr	80
Ingress Physical Interface	252
Egress Physical Interface ²	253
Dot1q VLAN ID	243
Dot1q Customer VLAN ID	245
Post Dot1q VLAN ID	254
Post Dot1q Customer VLAN Id ³	255
IPv4 Src Addr	8
IPv4 Dest Addr	12
IPv6 Src Addr	27
IPv6 Dest Addr	28
Packet Count	2
Byte Count	1
Flow Start Milliseconds	152
Flow End Milliseconds	153
Src Port	7
Dest Port	11
TCP control Bits (Flags)	6
Protocol	4
IPv6 Option Header	64
IPv6 Next Header	196
IPv6 Flow Label	31
TOS	5
IP Version	60
ICMP Type Code	32

Notes:

Only one L2-IP (Ethernet) flow template is supported and exported to IPFIX (V10) collectors.
For SAP-to-SDP services, this value is the SDP ID.
For SAP-to-SDP services, this value is the VC ID.

Cflowd configuration process overview

The following components must be configured for cflowd to be operational:

cflowd must be enabled globally
at least one collector must be configured and enabled
sampling must be enabled on an interface on a port or service

Configuring cflowd with CLI

This section provides information to configure cflowd using the command line interface.

Topics in this section include:

Basic cflowd configuration

In order for cflowd to be operational and sampling traffic:

cflowd must be enabled
at least one collector must be configured and enabled
sampling must be enabled on an interface applied to a port

The following example shows a cflowd configuration:

A:NOK-1>config>cflowd# info detail
----------------------------------------------
     active-timeout 30
     cache-size 65536
     inactive-timeout 15
     overflow 1
     rate 1000
     collector 10.10.10.103:2055 version 9
          autonomous-system-type origin
          description "V9 collector"
          no shutdown
     exit
     template-retransmit 330
     exit
     no shutdown
----------------------------------------------
A:NOK-1>config>cflowd#

Common configuration tasks

This section provides a brief overview of the following common configuration tasks that must be performed to configure cflowd:

Enabling cflowd

Cflowd is disabled by default. Use the following CLI syntax to enable cflowd:

CLI syntax:

config# cflowd
    no shutdown

The following example shows the default values when cflowd is initially enabled. No collectors or collector options are configured.

A:NOK-1>config# info detail 
...
#------------------------------------------
echo "Cflowd Configuration"
#------------------------------------------
    cflowd
        active-timeout 30
        cache-size 65536
        inactive-timeout 15
        overflow 1
        rate 1000
        template-retransmit 600 
        no use-vtr-if-index
        no shutdown
    exit
#------------------------------------------
A:NOK-1>config#

Enabling cflowd on a SAP

Use the following CLI syntax to enable cflowd on a VPLS or Epipe SAP:

CLI syntax:

config>service>vpls>sap# cflowd
    no shutdown

CLI syntax:

config>service>epipe>sap# cflowd
    no shutdown

When cflowd is configured on a SAP, all packets received are subject to analysis according to the global cflowd configuration and exported according to the collector configurations.

The following example shows the default values when cflowd is initially enabled on a VPLS SAP. The same defaults apply to cflowd configured on an Epipe SAP.

*A:7705:Dut-A>config>service>vpls$ info
----------------------------------------------
            stp
                shutdown
            exit
            sap 1/1/1 create
                cflowd
                no shutdown
            exit
            sap 1/1/2 create
                cflowd
                no shutdown
            exit
            no shutdown
----------------------------------------------

Configuring global cflowd parameters

The following common attributes apply to all instances of cflowd:

active timeout – controls the maximum time a flow record can be active before it will be automatically exported to the configured collectors
inactive timeout – controls the minimum time before a flow is declared inactive. If the inactive timer expires and no new traffic is sampled for a flow, the flow is declared inactive and marked to be exported to the configured collectors
cache size – defines the maximum size of the flow cache
export mode – controls how exports are generated by the cflowd process
overflow – defines the percentage of flow records that are exported to all collectors if the flow cache size is exceeded
rate – defines the system-wide sampling rate for cflowd
template retransmit – defines the interval (in seconds) before the version 9 and version 10 templates are retransmitted to all matching collectors

Use the following CLI commands to configure cflowd parameters:

CLI syntax:

config>cflowd#
    active-timeout minutes
    cache-size num-entries
    export-mode {automatic | manual}
    inactive-timeout seconds
    overflow percent
    rate sample-rate
    template-retransmit seconds
    no shutdown

The following example shows a global cflowd configuration:

A:NOK-1>config>cflowd# info 
#------------------------------------------
        active-timeout 20
        inactive-timeout 10
        overflow 10
        rate 100
#------------------------------------------
A:NOK-1>config>cflowd#

Configuring cflowd collector parameters

To configure cflowd collector parameters, enter the following commands:

CLI syntax:

config>cflowd#
    collector ip-address[:port] [version version]
        description description-string
        no shutdown
        template-set {basic | mpls-ip | l2-ip}

If a specific collector UDP port is not identified, flows are sent to port 2055 by default.

The following example shows a basic configuration for cflowd collectors:

A:NOK-1>config>cflowd# info
-----------------------------------------
        active-timeout 20
        inactive-timeout 10
        overflow 10
        rate 100
        collector 10.10.10.1:2000 version 9
            description "v9collector"
            template-set mpls-ip
        exit
        collector 10.10.10.2:5000 version 9
            description "Neighbor collector"
        exit
-----------------------------------------
A:NOK-1>config>cflowd#

Specifying cflowd options on an IP interface

When cflowd is enabled on an interface, all packets received or transmitted are subject to analysis according to the global cflowd configuration and exported according to the collector configurations.

The following must be configured to enable traffic sampling on the interface or SAP:

cflowd must be enabled
at least one cflowd collector must be configured and enabled
cflowd sampling parameters must be configured in the config>router>interface or config>service>ies/vprn>interface context.

The interface option must be selected to enable traffic sampling on an interface. If cflowd is not enabled, traffic sampling will not occur on the interface.

Interface configurations

CLI syntax:

config>router>if# cflowd-parameters 
    sampling {unicast | multicast} type {interface} [direction {ingress-only | egress-only | both}]
    no sampling {unicast | multicast}

When enabled on a router interface, cflowd extracts traffic flow samples from the interface for analysis. Sampling is supported in the ingress and egress direction.

Service interfaces

When enabled on a service interface, cflowd collects routed traffic flow samples through the router for analysis. Cflowd is supported on IES and VPRN service interfaces. Sampling is supported in the ingress and/or egress direction.

The following command is used to configure cflowd parameters on an IES interface and the same syntax is used for the VPRN context.

CLI syntax:

config>service>ies>interface# cflowd-parameters 
    sampling {unicast | multicast} type {interface} [direction {ingress-only | egress-only | both}]
    no sampling {unicast | multicast}

Cflowd configuration management tasks

This section provides a brief overview of the following cflowd configuration management tasks:

Modifying global cflowd parameters

Cflowd parameter modifications apply to all instances where cflowd is enabled. Changes are applied immediately. Use the following commands to modify global cflowd parameters:

CLI syntax:

config>cflowd#
    active-timeout minutes
    no active-timeout 
    cache-size num-entries
    no cache-size
    export-mode {automatic | manual}
    inactive-timeout seconds
    no inactive-timeout 
    overflow percent
    no overflow
    rate sample-rate
    no rate
    [no] shutdown
    template-retransmit seconds
    no template-retransmit
    [no] use-vrtr-if-index

The following example shows the cflowd command syntax to modify configuration parameters:

Example:

config>cflowd# active-timeout 60
config>cflowd# no inactive-timeout
config>cflowd# overflow 2
config>cflowd# rate 10

The following example shows the modified cflowd configuration:

A:NOK-1>config>cflowd# info 
#------------------------------------------
        active-timeout 60
        overflow 2
        rate 10
#------------------------------------------
A:NOK-1>config>cflowd#

Modifying cflowd collector parameters

Use the following commands to modify cflowd collector parameters:

CLI syntax:

config>cflowd#
    collector ip-address[:port] [version version]
    no collector ip-address[:port] 
        [no] description description-string
        [no] shutdown
        template-set {basic | mpls-ip | l2-ip}

The following example displays cflowd modifications:

A:NOK-1>config>cflowd# info
-----------------------------------------
        active-timeout 60
        overflow 2
        rate 10
        collector 10.10.10.1:2000 version 9
            description "AS info collector"
        exit
        collector 10.10.10.2:5000 version 9
            description "Test collector"
        exit
-----------------------------------------
A:NOK-1>config>cflowd#

Cflowd command reference

Command hierarchies

Configuration commands
Show commands
Clear commands
Tools Commands (see the Tools section of the 7705 SAR OAM and Diagnostics Guide)

Configuration commands

config
    - [no] cflowd
        - active-timeout minutes
        - no active-timeout
        - cache-size num-entries
        - no cache-size
        - collector ip-address[:port] [version version]
        - no collector ip-address[:port]
            - description description-string
            - no description
            - [no] shutdown
            - template-set {basic | mpls-ip | l2-ip}
        - export-mode {automatic | manual}
        - inactive-timeout seconds
        - no inactive-timeout
        - overflow percent
        - no overflow
        - rate sample-rate
        - no rate
        - [no] shutdown
        - template-retransmit seconds
        - no template-retransmit
        - [no] use-vrtr-if-index

Show commands

show
    - cflowd
        -  collector [ip-address[:port]] [detail]
        -  interface [ip-int-name]
        -  l2-services
        -  status

Clear commands

clear
    - cflowd

Command descriptions

Generic commands

description

Syntax

description description-string

no description

Context

config>cflowd>collector

Description

This command creates a text description stored in the configuration file for a configuration context.

The no form of this command removes the description string from the context.

Default

no description

Parameters

description-string: the description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

shutdown

Syntax

[no] shutdown

Context

config>cflowd

config>cflowd>collector

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted.

The no form of this command administratively enables the entity.

Unlike other commands and parameters where the default state is not indicated in the configuration file, the shutdown and no shutdown states are always indicated in system-generated configuration files.

Default

no shutdown

Configuration commands

cflowd

Syntax

[no] cflowd

Context

config

Description

This command enables the context to configure cflowd.

The no form of this command removes all configuration under the cflowd context. This command can only be executed if cflowd is in a shutdown state.

Default

no cflowd

active-timeout

Syntax

active-timeout minutes

no active-timeout

Context

config>cflowd

Description

This command configures the maximum amount of time before an active flow is aged out of the cflowd cache. If an individual flow is active for this amount of time, the flow is aged out and exported. A new flow is created on the next packet sampled for that flow.

If the active-timeout value is changed while cflowd is active, existing flows do not inherit the new value. The active-timeout value for a flow is set when the flow is first created in the cflowd cache table and does not change dynamically.

The no form of this command resets the active timeout to the default value.

Default

active-timeout 30

Parameters

minutes

the amount of time before an active flow is aged out and exported

Values: 1 to 600

cache-size

Syntax

cache-size num-entries

no cache-size

Context

config>cflowd

Description

This command specifies the maximum number of active flows to maintain in the flow cache table.

The no form of this command resets the number of active entries to the default value.

Default

cache-size 65536

Parameters

num-entries

specifies the maximum number of entries maintained in the cflowd cache

Values: 1000 to 250000

collector

Syntax

collector ip-address[:port] [version version]

no collector ip-address[:port]

Context

config>cflowd

Description

This command defines a flow data collector for cflowd data. The IP address of the flow collector must be specified. The UDP port number is an optional parameter, but if it is not set, the default of 2055 is used for all collector versions. The version must be specified when a collector is first configured. To connect to a version 10 (IPFIX) collector using the IPFIX default port, specify port 4739 when configuring the collector. A maximum of five collectors can be configured.

The no form of this command removes the flow collector definition from the configuration and stops the export of data to the collector. The collector must be shut down to be deleted.

Default

No cflowd collector is configured by default.

Parameters

ip-address

specifies the address of a remote cflowd collector host to receive the exported cflowd data

Values


`ipv4-address`	a.b.c.d
`ipv6-address`	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D

port

specifies the UDP port number on the remote cflowd collector host to receive the exported cflowd data

Values: 1 to 65535

Default: 2055

version

specifies the version of the flow data collector and is required to initially configure the collector

Values: 9 or 10

template-set

Syntax

template-set {basic | mpls-ip | l2-ip}

Context

config>cflowd>collector

Description

This command specifies the set of templates sent to the collector when using cflowd version 9 or version 10. The Layer 2 (Ethernet) template (l2-ip keyword) is only applicable for collectors using cflowd version 10 and is only used for flows sampled on Epipe or VPLS services

Default

template-set basic

Parameters

basic: specifies that basic flow data is sent

mpls-ip: specifies that extended flow data is sent that includes IP and MPLS flow information

l2-ip: specifies that extended flow data is sent that includes Layer 2 (Ethernet) and IP flow information.

export-mode

Syntax

export-mode {automatic | manual}

Context

config>cflowd

Description

This command controls how exports are generated by the cflowd process. The default behavior is for flow data to be exported automatically based on the active and inactive timeout values. If manual mode is used, case flow data is only exported when the tools>perform>cflowd>manual-export command is issued. The only exception is if the cflowd cache overflows, in which case, the automatic export process is used.

Default

export-mode automatic

Parameters

automatic: cflowd flow data is automatically generated

manual: cflowd flow data is exported only when manually triggered

inactive-timeout

Syntax

inactive-timeout seconds

no inactive-timeout

Context

config>cflowd

Description

This command specifies the amount of time, in seconds, that must elapse without a packet matching a flow in order for the flow to be considered inactive.

The no form of this command reverts to the default inactive timeout value.

If the inactive-timeout value is changed while cflowd is active, existing flows do not inherit the new value. The inactive-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.

Default

inactive-timeout 15

Parameters

seconds

the amount of time, that must elapse without a packet matching a flow in order for the flow to be considered inactive

Values: 10 to 600

overflow

Syntax

overflow percent

no overflow

Context

config>cflowd

Description

This command specifies the percentage of the flow cache entries removed when the maximum number of entries is exceeded. The entries removed are the entries that have not been updated for the longest amount of time.

The no form of this command reverts to the default value.

Default

overflow 1

Parameters

percent

specifies the percentage of the flow cache entries removed when the maximum number of entries is exceeded

Values: 1 to 50

rate

Syntax

rate sample-rate

no rate

Context

config>cflowd

Description

This command specifies the rate (N) at which traffic is sampled and sent for flow analysis. A packet is sampled every N packets; for example, when sample-rate is configured as 1, all packets are sent to the cache. When sample-rate is configured as 100, every 100th packet is sent to the cache.

The no form of this command resets the sample rate to the default value.

Default

rate 1000

Parameters

sample-rate

specifies the rate at which traffic is sampled

Values: 1 to 1 000 000

template-retransmit

Syntax

template-retransmit seconds

no template-retransmit

Context

config>cflowd

Description

This command specifies the interval at which template definitions are sent to the collector.

Default

template-retransmit 600

Parameters

seconds

specifies the interval between the sending of template definitions

Values: 10 to 600

use-vrtr-if-index

Syntax

[no] use-vrtr-if-index

Context

config>cflowd

Description

This command is used to export flow data using interface indexes (ifindex values), which can be used directly as the index into the IF-MIB tables for retrieving interface statistics. If this command is enabled, the ingressInterface (ID=10) and egressInterface (ID=14) fields in IP flow templates used to export the flow data to cflowd version 9 and version 10 collectors will be populated with the IF-MIB ifindex of that interface. In addition, for version 10 templates, two fields are available in the IP flow templates to specify the virtual router ID associated with the ingress and egress interfaces.

The no form of this command causes cflowd to return to the default behavior of populating the ingress and egress interface IDs with the global interface index IDs.

Default

no use-vrtr-if-index

Show commands

The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration.

collector

Syntax

collector [ip-addr[:port]] [detail]

Context

show>cflowd

Description

This command displays the administrative and operational status of data collectors.

Parameters

ip-addr

displays information only about the collector with the specified IP address

Default: all collectors

:port

displays information only about the collector with the specified UDP port

Default: all UDP ports

Values: 1 to 65535

detail: displays details about all collectors or the specified collector

Output

The following outputs are examples of cflowd collector information:

cflowd collector output (Output example, Cflowd collector field descriptions)
cflowd collector detail output (Output example, Cflowd collector detailed field descriptions)

Output example

A:NOK1# show cflowd collector
===============================================================================
Cflowd Collectors
Legend: P - Packets, R - Records
===============================================================================
Host Address                        Port  Ver AS Type Admin Oper           Sent
-------------------------------------------------------------------------------
100.120.214.103                     2055  v9    -     up    up              0 P
138.120.214.224                     2055  v10   -     up    up            138 R
-------------------------------------------------------------------------------
Collectors : 2
===============================================================================
A:NOK1#

Table 7. Cflowd collector field descriptions
Label	Description
Host Address	The IP address of a remote cflowd collector host to receive the exported cflowd data
Port	The UDP port number on the remote cflowd collector host to receive the exported cflowd data
Ver	The configured version for the associated collector
AS Type	The style of AS reporting used in the exported flow data. AS Type is not applicable to cflowd version 9 or version 10.
Admin	The configured administrative state for this cflowd remote collector host
Oper	The current operational status of this cflowd remote collector host
Sent	The number of packets (P) or records (R) that have been transmitted to this remote collector host
Collectors	The total number of collectors using this IP address

Output example


A:R51-CfmA# show cflowd collector detail 
===============================================================================
Cflowd Collectors  (detail)
===============================================================================
Address                      : 138.120.135.103
Port                         : 2055
Description                  : Test v9 Collector
Version                      : 9
AS Type                      : -
Admin State                  : up
Oper State                   : up
Packets Sent                 : 1260
Last Changed                 : 03/03/2019 17:24:04
Last Pkt Sent                : 03/03/2019 18:07:10
Template set                 : Basic
-------------------------------------------------------------------------------
Traffic Type            Template Sent          Sent          Open       Errors 
-------------------------------------------------------------------------------
IPv4              03/03/2019 18:06:29            51             1            0
MPLS                 No template sent             0             0            0
IPv6                 No template sent             0             0            0
===============================================================================
A:R51-CfmA#

Table 8. Cflowd collector detailed field descriptions
Label	Description
Address	The IP address of a remote cflowd collector host to receive the exported cflowd data
Port	The UDP port number on the remote cflowd collector host to receive the exported cflowd data
Description	A user-provided descriptive string for this cflowd remote collector host.
Version	The version of the flow data sent to the collector
AS Type	The style of AS reporting used in the exported flow data. AS Type is not applicable to cflowd version 9 or version 10.
Admin State	The configured administrative state for this cflowd remote collector host
Oper State	The current operational status of this cflowd remote collector host
Packets Sent	The number of packets sent to the collector
Records Sent	The number of cflowd records that have been transmitted to this remote collector host
Last Changed	The time that this row entry was last changed
Last Pkt Sent	The time that the last cflowd packet was sent to this remote collector host
Template Set	The type of cflowd template
Traffic Type	The type of traffic flow that was sampled by cflowd
Template Sent	The date and time that the cflowd template was last sent
Sent	The number of packets with flow data sent to the associated collector
Open	The number of partially filled packets that have some flow data but are not yet filled or have been timed out (60 s maximum)
Errors	This counter increments when there was an error during exporting of the collector packet. The most common reason is a UDP unreachable destination for the configured collector.

interface

Syntax

interface [ip-int-name]

Context

show>cflowd

Description

This command displays the administrative and operational status of the interfaces with cflowd enabled.

Parameters

ip-int-name: displays information only for the IP interface with the specified name

Output

The following output is an example of cflowd interface information, and Cflowd interface field descriptions describes the fields.

Output example

*A:7705:Dut-A>config>router>if>cflowd# show cflowd interface "ip-1.20.1.3"
===============================================================================
Cflowd Interfaces
===============================================================================
Interface                        Router       IF Index    Type/Dir  Admin
  IPv4Address                                               Samp      Oper IPv4
  IPv6Address                                                         Oper IPv6
-------------------------------------------------------------------------------
ip-1.20.1.3                      Base         1           intf/ingr Up
  1.20.1.3/24                                               uni       Up
  ::114:103/120                                             uni       Up
ip-1.20.1.3                      Base         1           intf/ingr Up
  1.20.1.3/24                                               multi     Up
  ::114:103/120                                             multi     Up
-------------------------------------------------------------------------------
Interfaces : 2
===============================================================================
*A:7705:Dut-A>config>router>if>cflowd#

Table 9. Cflowd interface field descriptions
Label	Description
Interface	The physical port identifier
IPv4 Address	The primary IPv4 address for the associated IP interface
IPv6 Address	The primary IPv6 address for the associated IP interface
Router	The virtual router index (Base = 1)
IF Index	The Global IP interface index
Type/Dir Samp	The cflowd sampling type and direction
Admin	The administrative state of the interface
Oper IPv4	The operational state for IPv4 sampling
Oper IPv6	The operational state for IPv6 sampling

l2-services

Syntax

l2-services

Context

show>cflowd

Description

This command displays information about the administrative and operational status of cflowd on Layer 2 services.

Output

The following output is an example of cflowd status information, and Cflowd L2-services field descriptions describes the fields.

Output example

*A:7705:Dut-A# show cflowd l2-services
===============================================================================
Cflowd L2-Services
===============================================================================
ServiceId      Type        SAP                                      Admin  Oper
-------------------------------------------------------------------------------
10             Epipe       1/1/1:10                                 Up     Up
20             Epipe       1/1/1:20                                 Up     Up
1000           VPLS        1/1/1:1111                               Up     Up
-------------------------------------------------------------------------------
No. of SAPs: 3
===============================================================================
*A:7705:Dut-A#

Table 10. Cflowd L2-services field descriptions
Label	Description
ServiceID	The service identifier
Type	The service type
SAP	The SAP identifier
Admin	The administrative state of the Layer 2 service
Oper	The operational state of the Layer 2 service
No. of SAPs	The total number of SAPs

status

Syntax

status

Context

show>cflowd

Description

This command displays information about the administrative and operational status of cflowd.

Output

The following output is an example of cflowd status information, and Cflowd status field descriptions describes the fields.

Output example

*A:7705:Dut-A>config>cflowd$ show cflowd status
===============================================================================
Cflowd Status
===============================================================================
Cflowd Admin Status  : Enabled
Cflowd Oper Status   : Disabled
Cflowd Export Mode   : Automatic
Active Timeout       : 30 minutes
Inactive Timeout     : 15 seconds
Template Retransmit  : 600 seconds
Cache Size           : 65536 entries
Overflow             : 1%
Sample Rate          : 1000
Aggregation Summary  : (Not Specified)
VRtr If Index Context: global
Active Flows         : 0
Dropped Flows        : 0
Total Pkts Rcvd      : 0
Total Pkts Dropped   : 0
Overflow Events      : 0
                                         Raw Flow Counts  Aggregate Flow Counts
Flows Created                                          0                      0
Flows Matched                                          0                      0
Flows Flushed                                          0                      0
===============================================================================
Version Info
===============================================================================
Version                      Status            Sent          Open        Errors
-------------------------------------------------------------------------------
     5                       Disabled             0             0             0
     8                       Disabled             0             0             0
     9                       Disabled             0             0             0
    10                       Disabled             0             0             0
===============================================================================

Table 11. Cflowd status field descriptions
Label	Description
Cflowd Admin Status	The configured administrative state for this cflowd remote collector host
Cflowd Oper Status	The current operational status of this cflowd remote collector host
Cflowd Export Mode	Controls how exports are handled by the cflowd process: Automatic or Manual
Active Timeout	The maximum amount of time, in minutes, before an active flow will be exported.
Inactive Timeout	The amount of time, that must elapse without a packet matching a flow in order for the flow to be considered inactive
Template Retransmit	The time in seconds before template definitions are sent
Cache Size	The maximum number of active flows to be maintained in the flow cache table
Overflow	The Percentage Of Flows To Be Flushed When The Flow Cache Size Has Been Exceeded
Sample Rate	The rate at which traffic is sampled and forwarded for cflowd Analysis
Aggregation Summary	Not currently supported on the 7705 SAR
VRtr If Index Context	Indicates the ifindexes used to populate the flow records: ‟global” means that the flow records will be populated using the global interface IDs; ‟vrtr” means that the interface IDs from the IF-MIB will be used
Active Flows	The current number of active flows being collected
Dropped Flows	The total number of flows dropped due to cache overflow events
Total Pkts Rcvd	The total number of packets sampled and forwarded for cflowd analysis
Total Pkts Dropped	The total number of cflowd sample reports dropped due to cache overflow or processor overload
Overflow Events	The number of times the active cache overflowed
Flows Created	The number of times a flow was created; aggregated flow statistics are not currently supported on the 7705 SAR
Flows Matched	The number of times a packet was matched to a flow; aggregated flow statistics are not currently supported on the 7705 SAR
Flows Flushed	The total number of flows that have been flushed from the system; aggregated flow statistics are not currently supported on the 7705 SAR
Version	The cflowd version
Status	The status of the collector: Enabled or Disabled
Sent	The number of packets with flow data sent to the associated collector
Open	The number of partially filled packets that have some flow data but are not yet filled or have been timed out (60 s maximum)
Errors	This counter increments when there was an error during exporting of the collector packet. The most common reason is a UDP unreachable destination for the configured collector.

Clear commands

cflowd

Syntax

cflowd

Context

clear

Description

This command clears the raw flow caches that are sending flow data to the configured collectors. This action triggers all the flows to be discarded. The cache restarts flow data collection from a fresh state. This command also clears global statistics and collector statistics that are displayed using cflowd show commands.

Default

n/a