Cflowd

Note:

Cflowd is supported only on the 7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone).

This chapter provides information to configure the cflowd tool.

Cflowd overview

Cflowd is a tool used to sample IPv4, IPv6, MPLS, and Ethernet traffic data flows through a router. Cflowd enables ISPs and traffic engineers to perform traffic sampling and analysis to support capacity planning, trends analysis, and characterization of workloads in a network service provider environment.

Cflowd is also useful for traffic engineering, network planning and analysis, network monitoring, developing user profiles, data warehousing and mining, and performing security-related investigations. Collected information can be interpreted in several ways such as in port, autonomous system (AS), or network matrices, and pure flow structures. The amount of data stored depends on the cflowd configurations.

Cflowd maintains a list of router data flows. A flow is a unidirectional traffic stream defined by several characteristics such as source and destination IP addresses, source and destination ports, inbound interface, IP protocol, and Type-of-Service (TOS) bits.

When a router receives a packet for which it currently does not have a flow entry, a flow structure is initialized to maintain state information about that flow, such as the number of bytes exchanged, IP addresses, port numbers, AS numbers, and so on. Each subsequent packet matching the same parameters of the flow contributes to the byte and packet count of the flow until the flow is terminated and exported to a collector for storage.

Operation

The following figure shows the basic operation of the cflowd feature. This sample flow only describes the basic cflowd operation overview and is not intended to specify implementation and support on the 7210 SAS.

Figure 1. Basic cflowd steps

The logical sequence of cflowd operation is as follows:

  1. The system decides whether to forward or drop packets as the packets ingress a port.

  2. The system decides whether to sample the packet for cflowd, then the packet is forwarded or dropped.

  3. If a new flow is found, the system adds a new entry to the cache. If the flow already exists in the cache, the system updates the flow statistics.

  4. If a new flow is detected and the maximum number of entries are already present in the flow cache, the system removes the entry with the earliest expiry time. The earliest expiry entry/flow is the next flow that will expire based on the active or inactive timer expiration.

  5. If a flow has been inactive for a period of time equal to or greater than the inactive timer (default 15 seconds), or has been active for a period of time equal to or greater than the active timer (default 30 minutes), the system removes the entry from the flow cache.

When a flow is exported from the cache, the collected data is sent to an external collector that maintains an accumulation of historical data flows, which network operators can use to analyze traffic patterns.

Data is exported in one of the following formats:

  • Version 5

    This format generates a fixed export record for each individual flow captured.

  • Version 8

    This format aggregates multiple individual flows into a fixed aggregate record.

  • Version 9

    This format generates a variable export record, depending on user configuration and sampled traffic type (IPv4, IPv6, or MPLS), for each individual flow captured.

  • Version 10 (IPFIX)

    This format generates a variable export record, depending on user configuration and sampled traffic type (IPv4, IPv6, or MPLS), for each individual flow captured.

The following figure shows Version 5, Version 8, Version 9, and Version 10 flow processing.

Figure 2. V5, V8, V9, V10, and flow processing

As flows expire and are removed from the active flow cache, the export format is determined (either Version 5, Version 8, Version 9, and Version 10 record format) and one of the following processes occurs:

  • If the export format is Version 5, Version 9, or Version 10, no further processing is performed and the flow data is accumulated to be sent to the external collector.

  • If the export format is Version 8, the flow entry is added to one or more of the configured aggregation matrices.

    As the entries within the aggregate matrices are aged out, they are accumulated to be sent to the external flow collector in Version 8 format.

The sample rate and cache size are configurable values. The cache size is set up with the default number of entries.

A flow terminates when one of the following conditions is met:

  • The inactive timeout period expires (default 15 seconds). A flow is considered terminated when no packets are seen for the flow for the configured number of seconds.

  • An active timeout expires (default 30 minutes). A flow terminates according to the time duration, regardless of whether packets are coming in for the flow.

  • The user executes a clear cflowd command.

  • Other conditions are met to aggressively age flows as the cache becomes too full, such as overflow percent.

Version 8

There are several aggregate flow types including:

  • AS matrix

  • destination prefix matrix

  • source prefix matrix

  • source-destination prefix matrix

  • protocol/port matrix

Version 8 is an aggregated export format. As individual flows are aged out of the raw flow cache, the data is added to the aggregate flow cache for each configured aggregate type. Each of these aggregate flows are also aged in a manner similar to the method the active flow cache entries are aged. When an aggregate flow is aged out, it is sent to the external collector in the Version 8 record format.

Version 9

The Version 9 format is a more flexible and allows for different templates or sets of cflowd data to be sent based on the sampled traffic type and the configured template set.

Version 9 is interoperable with RFC 3954, Cisco Systems NetFlow Services Export Version 9.

Version 10

Version 10 is a new format and protocol that interoperates with the IETF specifications described in the IP Flow Information Export (IPFIX) standard. Like Version 9, Version 10 uses templates to export different data elements for a flow and handle different types of data flows, such as IPv4, IPv6, and MPLS.

Version 10 is interoperable with RFC 5150 and RFC 5102.

Cflowd configuration process overview

The following figure shows the process to configure cflowd parameters.

Figure 3. Cflowd configuration and implementation flow

Cflowd can be enabled to sample traffic on a specific interface in the cflowd interface mode. In this mode, all traffic entering a specific port is subject to sampling as the configured sampling rate.

Configuration notes

The following cflowd components must be configured for cflowd to be operational:

  • Cflowd must be enabled globally.

  • At least one collector must be configured and enabled.

  • A cflowd option must be specified and enabled on a router interface.

  • Sampling must be enabled on the interface (ingress only).

  • On the 7210 SAS, when cflowd is enabled on an IP interface, the sampling rate is applied to a port and only the samples that match the IP interface for which cflowd is enabled are processed further to update or create flow records in the flow cache. Samples received that do not match the IP interface for which cflowd is enabled are not processed further, and flow records are not created for them.

  • On the 7210 SAS, when cflowd is enabled on a SAP in a Layer 2 service (for example, VPLS and Epipe), the sampling rate is applied to a port. Only samples that match the SAP tag for which cflowd is enabled are processed further to update or create flow records in the flow cache. Samples received that do not match the SAP for which cflowd is enabled are not processed further, and no flow records are created.

  • On the 7210 SAS, samples are collected only in the ingress direction. Sampling in the egress direction is not supported.

  • On the 7210 SAS-Mxp and 7210 SAS-R6, packets received on RSVP LSPs are eligible for cflowd processing.

  • Cflowd is not supported on SAPs in EVPN-VPWS services.

Configuring cflowd with CLI

This section provides information to configure cflowd using the command line interface.

Cflowd configuration overview

The cflowd implementation supports traffic flow analysis and the use of traffic and access list (ACL) filters to limit the type of traffic analyzed.

Traffic sampling

Traffic sampling does not examine all packets received by a router. The use can configure command parameters to modify the rate at which traffic is sampled and sent for flow analysis. The default sampling rate is one out of every 1000 packets.

Caution:

Excessive sampling, such as one out of every 100 packets, over an extended period of time can burden router processing resources.

The following data is maintained for each individual flow in the raw flow cache:

  • source IP address

  • destinations IP address

  • source port

  • destination port

  • forwarding status

  • input interface

  • output interface

  • IP protocol

  • TCP flags

  • first timestamp (of the first packet in the flow)

  • last timestamp (timestamp of last packet in the flow before expiry of the flow)

  • source AS number for peer and origin (taken from BGP)

  • destination AS number for peer and origin (taken from BGP)

  • IP next hop

  • BGP next hop

  • ICMP type and code

  • IP version

  • source prefix (from routing)

  • destination prefix (from routing)

  • MPLS label stack from label 1 to 6

Within the raw flow cache, the following characteristics are used to identify an individual flow:

  • ingress interface

  • source IP address

  • destination IP address

  • source transport port number

  • destination transport port number

  • IP protocol type

  • IP TOS byte

  • virtual router ID

  • ICMP type and code

  • direction

  • MPLS labels

The user enables cflowd at the interface level. By enabling cflowd at the interface level, all IP packets forwarded by the interface are subject to cflowd analysis.

Collectors

A collector defines how data flows are exported from the flow cache. The user can configure a maximum of five collectors. Each collector is identified by a unique IP address and UDP port value. Each collector can only export traffic in one version type: Version 5, Version 8, Version 9, or Version 10.

The user can modify the parameters of a collector configuration or retain the defaults.

The autonomous-system-type command defines whether the autonomous system (AS) information is included in the flow data based on the originating AS or external peer AS of the flow.

Aggregation

Version 8 allows the aggregation of flow data into larger, less granular flows. Use aggregation commands to specify the type of data to collect. These aggregation types are only applicable to flows that are exported to a Version 8 collector.

The following aggregation schemes are supported:

  • AS matrix

    Flows are aggregated based on source and destination AS and ingress and egress interfaces.

  • protocol-port

    Flows are aggregated based on the IP protocol, source port number, and destination port number.

  • source prefix

    Flows are aggregated based on source prefix and mask, source AS, and ingress interface.

  • destination prefix

    Flows are aggregated based on destination prefix and mask, destination AS, and egress interface.

  • source-destination prefix

    Flows are aggregated based on source prefix and mask, destination prefix and mask, source and destination AS, ingress and egress interfaces.

  • raw

    Flows are not aggregated and are sent to the collector in a Version 5 record.

Basic cflowd configuration

This section provides information to configure cflowd and examples of common configuration tasks. To sample traffic, the user must configure the following minimal cflowd parameters:

  • Cflowd must be enabled.

  • At least one collector must be configured and enabled.

  • Sampling must be enabled on the interface (ingress only)

The following is a sample of cflowd configuration output.

A:Dut-D>config>cflowd$ info detail 
----------------------------------------------
        active-timeout 30
        cache-size 65536
        inactive-timeout 15
        export-mode automatic
        overflow 1
        rate 1000
        template-retransmit 600
        no use-vrtr-if-index
        collector 10.10.10.103:2055 version 9
            description "V9 collector"
            template-set basic
            no shutdown
        exit
        no shutdown 

Common configuration tasks

This section provides an overview of the cflowd configuration tasks and CLI commands. To begin traffic flow sampling, cflowd and the user must enable at least one collector.

Global cflowd components

The following common (global) attributes apply to all instances of cflowd:

  • active timeout

    This attribute controls the maximum time a flow record can be active before it is automatically exported to defined collectors.

  • inactive timeout

    This attribute controls the minimum time before a flow is declared inactive. If no traffic is sampled for an existing flow for the inactive timeout duration, the flow is declared inactive and marked to be exported to the defined collectors.

  • cache size

    This attribute defines the maximum size of the flow cache.

  • overflow

    This attribute defines the percentage of flow records that are exported to all collectors if the flow cache size is exceeded.

  • rate

    This attribute defines the system wide sampling rate for cflowd.

  • template retransmit

    This attribute defines the interval (in seconds) at which the Version 9 and Version 10 templates are retransmitted to all configured Version 9 or Version 10 collectors.

Configuring cflowd

Use the following CLI syntax to perform cflowd configuration tasks.

config>cflowd#
    active-timeout minutes
    cache-size num-entries
    inactive-timeout seconds
    template-retransmit seconds
    overflow percent
    rate sample-rate
    collector ip-address[:port] {version [5 | 8 | 9 |10]}
        aggregation
            as-matrix
            destination-prefix
            protocol-port
            raw
            source-destination-prefix
            source-prefix
        template-set {basic | mpls-ip} 
        autonomous-system-type [origin | peer]
        description description-string
        no shutdown
    no shutdown

Enabling cflowd

Cflowd is disabled by default. Executing the configure cflowd command enables Cflowd. By default, cflowd is not shut down but must be configured, including at least one collector, to be active.

Use the following CLI syntax to enable cflowd.

config# cflowd
    no shutdown

The following is a sample configuration output that shows the default values when cflowd is initially enabled. No collectors or collector options are configured.

A:ALA-1>config# info detail 
...
#------------------------------------------
echo "Cflowd Configuration"
#------------------------------------------
    cflowd
        active-timeout 30
        cache-size 65536
        inactive-timeout 15
        overflow 1
        rate 1000
        template-retransmit 600 
        no shutdown
    exit
#------------------------------------------
A:ALA-1>config#

Configuring global cflowd parameters

This section describes the cflowd parameters that apply to all instances where cflowd (traffic sampling) is enabled.

Use the following syntax to configure cflowd parameters.

config>cflowd#
    active-timeout minutes
    cache-size num-entries
    inactive-timeout seconds
    overflow percent
    rate sample-rate
    template-retransmit seconds
    no shutdown

The following is an example of a common cflowd component configuration.

A:ALA-1>config>cflowd# info 
#------------------------------------------
        active-timeout 20
        inactive-timeout 10
        overflow 10
        rate 100
#------------------------------------------
A:ALA-1>config>cflowd# 

Configuring cflowd collectors

Use the following syntax to configure cflowd collector parameters.

config>cflowd#
    collector ip-address[:port] [version version]
        aggregation
            as-matrix
            destination-prefix
            protocol-port
            raw
            source-destination-prefix
            source-prefix
        autonomous-system-type [origin | peer]
        description description-string
        no shutdown
        template-set {basic | mpls-ip}

The following is a sample configuration output.

A:ALA-1>config>cflowd# info
-----------------------------------------
active-timeout 20
        inactive-timeout 10
        overflow 10
        rate 100
        collector 10.10.10.1:2000 version 8
            aggregation
                as-matrix
                raw
            exit
            description "AS info collector"
        exit
        collector 10.10.10.2:5000 version 8
            aggregation
                protocol-port
                source-destination-prefix
            exit
            autonomous-system-type peer
            description "Neighbor collector"
        exit
-----------------------------------------
A:ALA-1>config>cflowd# 

The following is a sample configuration output for a Version 9 collector.

collector 10.10.10.9:2000 version 9
           description "v9collector"
           template-set mpls-ip
           no shutdown
exit

Version 9 and Version 10 templates

If the collector is configured to use either Version 9 or Version 10 (IPFIX) formats, the flow data is sent to the designated collector using one of the predefined templates. The template used is based on the type of flow for which the data was collected (IPv4, IPv6, MPLS, or Ethernet (Layer 2)), and the configuration of the template-set parameter. The following table lists traffic flow types and the corresponding template used to export the flow data.

Table 1. Template-set
Traffic type Basic MPLS-IP

IPv4

Basic IPv4

MPLS-IPv4

IPv6

Basic IPv6

MPLS-IPv6

MPLS

Basic MPLS

MPLS-IP

Ethernet

L2-IP

L2-IP

Each flow exported to a collector, configured for either Version 9 or Version 10 formats, is sent using one of the preceding flow template sets. The template is used based on the flow type and how the template-set parameter of the collector is configured.

The following tables list the fields present in each template set listed in the preceding table:

Table 2. Basic IPv4 template
Field name Field ID

IPv4 Src Addr

8

IPv4 Dest Addr

12

IPv4 Nexthop

15

BGP Nexthop

18

Ingress Interface

10

Egress Interface

14

Packet Count

2

Byte Count

1

Start Time

22

End Time

21

Flow Start Milliseconds 1

152

Flow End Milliseconds1

153

Src Port

7

Dest Port

11

Forwarding Status

89

TCP control Bits (Flags)

6

IPv4 Protocol

4

IPv4 TOS

5

IP version

60

ICMP Type & Code

32

Direction

61

BGP Source ASN

16

BGP Dest ASN

17

Source IPv4 Prefix Length

9

Dest IPv4 Prefix Length

13

1 Only sent to collectors configured for the Version 10 format
Table 3. MPLS-IPv4 template
Field name Field ID

IPv4 Src Addr

8

IPv4 Dest Addr

12

IPv4 Nexthop

15

BGP Nexthop

18

Ingress Interface

10

Egress Interface

14

Packet Count

2

Byte Count

1

Start Time

22

End Time

21

Flow Start Milliseconds

1

152

Flow End Milliseconds

153

Src Port

7

Dest Port

11

Forwarding Status

89

TCP control Bits (Flags)

6

IPv4 Protocol

4

IPv4 TOS

5

IP version

60

ICMP Type & Code

32

Direction

61

BGP Source ASN

16

BGP Dest ASN

17

Source IPv4 Prefix Length

9

Dest IPv4 Prefix Length

13

MPLS Top Label Type

46

MPLS Top Label IPv4 Addr

47

MPLS Label 1

70

MPLS Label 2

71

MPLS Label 3

72

MPLS Label 4

73

MPLS Label 5

74

MPLS Label 6

75

1 Only sent to collectors configured for the Version 10 format
Table 4. Basic IPv6 template
Field name Field ID

IPv6 Src Addr

27

IPv6 Dest Addr

28

IPv6 Nexthop

62

IPv6 BGP Nexthop

63

IPv4 Nexthop

15

IPv4 BGP Nexthop

18

Ingress Interface

10

Egress Interface

14

Packet Count

2

Byte Count

1

Start Time

22

End Time

21

Flow Start Milliseconds

1

152

Flow End Milliseconds1

153

Src Port

7

Dest Port

11

Forwarding Status

89

TCP control Bits (Flags)

6

Protocol

4

IPv6 Extension Hdr

64

IPv6 Next Header

193

IPv6 Flow Label

31

TOS

5

IP version

60

IPv6 ICMP Type & Code

139

Direction

61

BGP Source ASN

16

BGP Dest ASN

17

IPv6 Src Mask

29

IPv6 Dest Mask

30

1 Only sent to collectors configured for the Version 10 format
Table 5. MPLS-IPv6 template
Field name Field ID

IPv6 Src Addr

27

IPv6 Dest Addr

28

IPv6 Nexthop

62

IPv6 BGP Nexthop

63

IPv4 Nexthop

15

IPv4 BGP Nexthop

18

Ingress Interface

10

Egress Interface

14

Packet Count

2

Byte Count

1

Start Time

22

End Time

21

Flow Start Milliseconds

1

152

Flow End Milliseconds1

153

Src Port

7

Dest Port

11

Forwarding Status

89

TCP control Bits (Flags)

6

Protocol

4

IPv6 Extension Hdr

64

IPv6 Next Header

193

IPv6 Flow Label

31

TOS

5

IP version

60

IPv6 ICMP Type & Code

139

Direction

61

BGP Source ASN

16

BGP Dest ASN

17

IPv6 Src Mask

29

IPv6 Dest Mask

30

MPLS_TOP_LABEL_TYPE

46

MPLS_TOP_LABEL_ADDR

47

MPLS Top Label Type

46

MPLS Top Label IPv6 Addr

47

MPLS Label 1

70

MPLS Label 2

71

MPLS Label 3

72

MPLS Label 4

73

MPLS Label 5

74

MPLS Label 6

75

MPLS_TOP_LABEL_TYPE

46

MPLS_TOP_LABEL_ADDR

47

1 Only sent to collectors configured for the Version 10 format
Table 6. Basic MPLS template
Field name Field ID

Start Time

22

End Time

21

Flow Start Milliseconds1

152

Flow End Milliseconds1

153

Ingress Interface

10

Egress Interface

14

Packet Count

2

Byte Count

1

Direction

61

MPLS_TOP_LABEL_TYPE

46

MPLS_TOP_LABEL_ADDR

47

MPLS Label 1

70

MPLS Label 2

71

MPLS Label 3

72

MPLS Label 4

73

MPLS Label 5

74

MPLS Label 6

75

Table 7. MPLS-IP template
Field name Field ID

IPv4 Src Addr

8

IPv4 Dest Addr

12

IPv4 Nexthop

15

IPv6 Src Addr

27

IPv6 Dest Addr

28

Ingress Interface

10

Egress Interface

14

Packet Count

2

Byte Count

1

Start Time

22

End Time

21

Flow Start Milliseconds1

152

Flow End Milliseconds1

153

Src Port

7

Dest Port

11

TCP control Bits (Flags)

6

IPv4 Protocol

4

IPv4 TOS

5

IP version

60

ICMP Type & Code

32

Direction

61

MPLS_TOP_LABEL_TYPE

46

MPLS_TOP_LABEL_ADDR

47

MPLS Top Label Type

46

MPLS Top Label IPv4 Addr

47

MPLS Label 1

70

MPLS Label 2

71

MPLS Label 3

72

MPLS Label 4

73

MPLS Label 5

74

MPLS Label 6

75

Table 8. Ethernet (L2-IP) flow template
Field name5 Field ID

MAC Src Addr

56

MAC Dest Addr

80

Ingress Physical Interface

252

Egress Physical Interface

253

Dot1q VLAN ID

243

Dot1q Customer VLAN ID

245

Post Dot1q VLAN ID

254

Post Dot1q Customer VLAN Id

255

IPv4 Src Addr

8

IPv4 Dest Addr

12

IPv6 Src Addr

27

IPv6 Dest Addr

28

Packet Count

2

Byte Count

1

Flow Start Milliseconds

152

Flow End Milliseconds

153

Src Port

7

Dest Port

11

TCP control Bits (Flags)

6

Protocol

4

IPv6 Option Header

64

IPv6 Next Header

196

IPv6 Flow Label

31

TOS

5

IP Version

60

ICMP Type Code

32

1 The Ethernet (L2-IP) flow template is only supported and exported to IPFIX (version 10) collectors.

Specifying cflowd options on an IP interface

When cflowd is enabled on an interface, all packets forwarded by the interface are subject to analysis according to the global cflowd configuration and sorted according to the collector configurations.

See Cflowd configuration dependencies for configuration combinations.

When the cflowd interface option is configured in the config>router>interface context, the following requirements must be met to enable traffic sampling on the specific interface:

  • Cflowd must be enabled.

  • At least one cflowd collector must be configured and enabled.

  • The interface>cflowd interface option must be selected. For configuration information, see Filter policy configuration overview.

Interface configurations

Use the following CLI syntax to enable traffic sampling on an interface.

config>router>if>cflowd-paramters#
    sampling {unicast|multicast} type {interface} [direction {ingress-only}]
    no sampling {unicast|multicast}

When the interface option is configured, cflowd extracts traffic flow samples from an interface for analysis. All packets forwarded by the interface are analyzed in accordance with the cflowd configuration.

Configure the interface option to enable traffic sampling on an interface. If cflowd is not enabled (no cflowd), traffic sampling does not occur on the interface.

Service interfaces

Use the following CLI syntax to enable traffic sample on a service interface.

config>service>ies>if>cflowd-parameters# sampling {unicast|multicast} type {interface} [direction {ingress-only}]
    config>service>vprn>if>cflowd-parameters# sampling {unicast|multicast} type {interface} [direction {ingress-only}]
    no sampling {unicast|multicast}

When enabled on a service interface, cflowd collects routed traffic flow samples through a router for analysis. Cflowd is supported on IES and VPRN service interfaces only. Layer 2 traffic is excluded. All packets forwarded by the interface are analyzed according to the cflowd configuration. On the interface level, cflowd can be associated with an IP interface.

Dependencies

For cflowd to be operational, the following requirements must be met:

  • Cflowd must be enabled on a global level. If cflowd is disabled, any traffic sampling instances are also disabled.

  • At least one collector must be configured and enabled for traffic sampling to occur on an enabled entity.

  • If a specific collector UDP port is not identified, flows are sent to port 2055 by default.

The following table displays the expected results when specific features are enabled and disabled.

Table 9. Cflowd configuration dependencies
Interface setting router>interface cflowd [interface] setting Command ip-filter entry setting Expected results

Interface mode 1

Interface

none

All IP traffic ingressing the interface is subject to sampling

1 See Configuration notes for more information.

Cflowd configuration management tasks

This section describes cflowd configuration management tasks.

Modifying global cflowd components

Cflowd parameter modifications apply to all instances where cflowd or traffic sampling is enabled. Changes are applied immediately. Use the following syntax to modify global cflowd parameters.

config>cflowd#
    active-timeout minutes
    no active-timeout 
    cache-size num-entries
    no cache-size
    inactive-timeout seconds
    no inactive-timeout 
    overflow percent
    no overflow
    rate sample-rate
    no rate
    [no] shutdown
    template-retransmit seconds
    no template-retransmit

The following example shows the cflowd command usage to modify configuration parameters.

config>cflowd# active-timeout 60 config>cflowd# no inactive-timeout config>cflowd# overflow 2 config>cflowd# rate 10

The following is a sample cflowd component configuration output.

A:ALA-1>config>cflowd# info 
#------------------------------------------
        active-timeout 60
        overflow 2
        rate 10
#------------------------------------------
A:ALA-1>config>cflowd# 

Modifying cflowd collector parameters

Use the following syntax to modify cflowd collector and aggregation parameters.

config>cflowd#
    collector ip-address[:port] [version version]
    no collector ip-address[:port] 
        [no] aggregation
            [no] as-matrix
            [no] destination-prefix
            [no] protocol-port
            [no] raw
            [no] source-destination-prefix
            [no] source-prefix
        [no] autonomous-system-type [origin | peer]
        [no] description description-string
        [no] shutdown
        template-set {basic | mpls-ip}

If a specific collector UDP port is not identified, flows are sent to port 2055 by default.

The following sample output shows basic cflowd modifications.

A:ALA-1>config>cflowd# info
-----------------------------------------
     active-timeout 60
        overflow 2
        rate 10
        collector 10.10.10.1:2000 version 5
            description "AS info collector"
        exit
        collector 10.10.10.2:5000 version 8
            aggregation
                source-prefix
                raw
            exit
            description "Test collector"
        exit
-----------------------------------------
A:ALA-1>config>cflowd# 

Cflowd configuration command reference

Command hierarchies

Configuration commands

config
    - [no] cflowd
        - active-timeout minutes
        - no active-timeout
        - cache-size num-entries
        - no cache-size
        - collector ip-address[:port] [version version]
        - no collector ip-address[:port] 
            - [no] aggregation
                - [no] as-matrix
                - [no] destination-prefix
                - [no] protocol-port
                - [no] raw
                - [no] source-destination-prefix
                - [no] source-prefix
            - autonomous-system-type {origin | peer}
            - description description-string
            - no description
            - [no] shutdown
            - template-set   {basic | mpls-ip | l2-ip}
        - export-mode [automatic | manual]
        - inactive-timeout seconds
        - no inactive-timeout
        - overflow percent
        - no overflow
        - rate sample-rate
        - no rate
        - [no] shutdown
        - template-retransmit seconds
        - no template-retransmit
        - [no] use-vrtr-if-index

Tools commands

tools
    - dump
        - cflowd
            - cache aggregate {src-dst-proto | src-dst-proto-port} family {ipv4 | ipv6}
            - cache all family {ipv4 | ipv6}
            - packet-size protocol [clear]
            - top-flows protocols [clear]
            - top-protocols protocols [clear]

Clear commands

clear
    - cflowd

Command descriptions

Global commands

cflowd
Syntax

[no] cflowd

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

Commands in this context configure cflowd.

The no form of this command removes all configuration under cflowd, including all configured collectors. The no form can only be executed if cflowd is shut down.

Default

no cflowd

active-timeout
Syntax

active-timeout minutes

no active-timeout

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command configures the maximum amount of time before an active flow is aged out of the active cache. If a specific flow is active for the configured amount of time, the flow is aged out and a new flow is created on the next packet sampled for that flow.

If the minutes parameter is changed while cflowd is active, the existing flows do not inherit the new active timeout value. The active timeout value for a flow is set when the flow is first created in the active cache table; the value does not change dynamically.

The no form of this command resets the inactive timeout back to default value.

Default

active-timeout 30

Parameters
minutes

Specifies the value, expressed in minutes, before an active flow is exported.

Values

1 to 600

cache-size
Syntax

cache-size num-entries

no cache-size

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command specifies the maximum number of active entries maintained in the flow cache table.

The no form of this command reverts the number of active entries to the default value.

Default

cache-size 65536

Parameters
num-entries

Specifies the maximum number of entries maintained in the cflowd cache.

Values

1000 to 131072

collector
Syntax

collector ip-address[:port] [version version]

no collector ip-address[:port]

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command defines a flow data collector for cflowd data. The IP address of the flow collector must be specified.

If the optional UDP port number parameter is not configured, default port 2055 is used for all collector versions. To connect to an IPFIX (version 10) collector using the IPFIX default port, specify port 4739 when configuring the collector. The version must be specified. A maximum of five collectors can be configured.

The no form of this command removes the flow collector definition from the configuration and stops the export of data to the collector. The collector must be shut down before it can be deleted.

Parameters
ip-address

Specifies the address of a remote cflowd collector host that will receive the exported cflowd data.

Values

<ip-address[:port]>

ip-address - a.b.c.d[:port]

(IPv4)

x:x:x:x:x:x:x:x

(IPv6)

[x:x:x:x:x:x:x:x]:port

(IPv6)

x - [0..FFFF]H

port

Specifies the UDP port number on the remote cflowd collector host that will receive the exported cflowd data.

Values

1 to 65535

Default

2055

version

Specifies the version of the flow data collector.

Values

5, 8, 9, 10

Default

5

aggregation
Syntax

[no] aggregation

Context

config>cflowd>collector

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command enables data aggregation for the collector and commands in this context configure the aggregation types.

To configure aggregation, you must choose the aggregation scheme: autonomous system, destination prefix, protocol port, raw, source destination, or source prefix.

This command can only be configured if the collector version is configured as Version 8.

The no form of this command removes all aggregation types from the collector configuration.

Default

no aggregation

as-matrix
Syntax

[no] as-matrix

Context

config>cflowd>collector>aggregation

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command enables cflowd aggregation based on autonomous system (AS) information. An AS matrix contains packet and byte counters for traffic from either source-destination ASs or last-peer to next-peer ASs.

The no form of this command removes this type of aggregation from the collector configuration.

Default

no as-matrix

destination-prefix
Syntax

[no] destination-prefix

Context

config>cflowd>collector>aggregation

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command enables cflowd aggregation based on destination prefix information.

The no form removes this type of aggregation from the collector configuration.

Default

no destination-prefix

protocol-port
Syntax

[no] protocol-port

Context

config>cflowd>collector>aggregation

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command enables cflowd aggregation based on the IP protocol, source port number, and destination port number.

The no form of this command removes this type of aggregation from the collector configuration.

Default

no protocol-port

raw
Syntax

[no] raw

Context

config>cflowd>collector>aggregation

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command enables the sending of raw (unaggregated) flow data in Version 5.

The no form of this command removes this type of aggregation from the collector configuration.

Default

no raw

source-destination-prefix
Syntax

[no] source-destination-prefix

Context

config>cflowd>collector>aggregation

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command configures cflowd aggregation based on source and destination prefixes.

The no form of this command removes this type of aggregation from the collector configuration.

Default

no source-destination-prefix

source-prefix
Syntax

[no] source-prefix

Context

config>cflowd>collector>aggregation

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command configures cflowd aggregation based on source prefix information.

The no form of this command removes this type of aggregation from the collector configuration.

Default

no source-prefix

autonomous-system-type
Syntax

autonomous-system-type {origin | peer}

Context

config>cflowd>collector

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command configures whether the AS information included in the flow data is based on the originating AS or external peer AS of the routes.

This option is supported only if the collector is configured as Version 5 or Version 8.

Default

autonomous-system-type origin

Parameters
origin

Keyword to specify that the AS information included in the flow data is based on the originating AS.

peer

Keyword to specify that the AS information included in the flow data is based on the peer AS.

description
Syntax

description description-string

no description

Context

config>cflowd>collector

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command creates a text description stored in the configuration file for a configuration context.

The no form of this command removes the description string from the context.

Parameters
description-string

Specifies the description character string, up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

shutdown
Syntax

[no] shutdown

Context

config>cflowd

config>cflowd>collector

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled, as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, the shutdown and no shutdown states are always indicated in system-generated configuration files.

The no form of this command administratively enables an entity.

Default

no shutdown

template-set
Syntax

template-set {basic | mpls-ip | l2-ip}

Context

config>cflowd>collector

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command configures the set of templates sent to the collector when using cflowd Version 9 or Version 10.

Default

template-set basic

Parameters
basic

Keyword to send basic flow data.

mpls-ip

Keyword to send extended flow data that includes IP and MPLS flow information.

l2-ip

Keyword to send extended flow data that includes Layer 2 (Ethernet) and IP flow information.

export-mode
Syntax

export-mode [automatic | manual]

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command configures how exports are generated by the cflowd process.

The default behavior is for flow data to be exported automatically based on the active and inactive time-out values. In manual mode, flow data is exported only when the tools perform cflowd manual-export command is issued. The only exception is if the cflowd cache overflows, in which case the normal automatic export process is used.

Default

export-mode automatic

Parameters
automatic

Keyword to automatically generate cflowd flow data.

manual

Keyword to export cflowd flow data only when manually triggered.

inactive-timeout
Syntax

inactive-timeout seconds

no inactive-timeout

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command configures the amount of time, in seconds, that must elapse without a packet matching a flow before the flow is considered inactive.

If the seconds parameter is changed while cflowd is active, the existing flows do not inherit the new inactive timeout value. The inactive timeout value for a flow is set when the flow is first created in the active cache table; the value does not change dynamically.

The no form of this command reverts the inactive timeout to the default value.

Default

inactive-timeout 15

Parameters
seconds

Specifies the amount of time, in seconds, that must elapse without a packet matching before the flow is considered inactive

Values

10 to 600

overflow
Syntax

overflow percent

no overflow

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command specifies the percentage of the flow cache entries removed when the maximum number of entries is exceeded. Entries that have not been updated for the longest amount of time are removed.

The no form of this command reverts the number of entries cleared from the flow cache on overflow to the default value.

Default

overflow 1

Parameters
percent

Specifies the percentage of the flow cache entries removed when the maximum number of entries is exceeded.

Values

1 to 50

rate
Syntax

rate sample-rate

no rate

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command specifies the rate (N) at which traffic is sampled and sent for flow analysis. A packet is sampled every N packets. For example, if sample-rate is configured as 1, all packets are sent to the cache. If sample-rate is configured as 100, one out of every 100 packets is sent to the cache.

Note:

On the 7210 SAS, when cflowd is enabled on an IP interface, the sampling rate is applied to a port and only the samples that match the IP interface for which cflowd is enabled are processed further to update or create flow records in the flow cache. Samples received that do not match the IP interface for which cflowd is enabled are not processed further, and flow records are not created for them.

The no form of this command reverts the sample rate to the default value.

Default

rate 1000

Parameters
sample-rate

Specifies the rate at which traffic is sampled.

Values

1 to 10000

template-retransmit
Syntax

template-retransmit seconds

no template-retransmit

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command specifies the interval for sending template definitions.

Default

template-retransmit 600

Parameters
seconds

Specifies the interval, in seconds, between the sending of template definitions.

Values

10 to 600

use-vrtr-if-index
Syntax

[no] use-vrtr-if-index

Context

config>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command exports flow data using interface indexes (ifIndex values), which can be used directly as the index into the IF-MIB tables for retrieving interface statistics.

Specifically, if this command is enabled, the ingressInterface (ID=10) and egressInterface (ID= 14) fields in IP flow templates, which are used to export the flow data to cflowd Version 9 and Version 10 collectors, is populated with the IF-MIB ifIndex of that interface. In addition, for Version 10 templates, two fields are available in the IP flow templates to present the virtual router ID associated with the ingress and egress interfaces.

The no form of this command removes the command from the active configuration and causes cflowd to revert to the default behavior of populating the ingress and egress interface ID with the global IF index ID.

Default

no use-vrtr-if-index

Show commands

collector
Syntax

collector [ip-address[:port]] [detail]

Context

show>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command displays the administrative and operational status of the configured data collectors.

Parameters
ip-address

Displays information about the specified collector IP address.

Default

all collectors

Values

ip-address

a.b.c.d[:port]

(IPv4)

x:x:x:x:x:x:x:x

(IPv6)

[x:x:x:x:x:x:x:x] :port

(IPv6)

x - [0 to FFFF]H

:port

Displays information about the collector on the specified UDP port.

Default

all UDP ports

Values

1 to 65535

detail

Keyword to display informational details about either all collectors or the specified collector.

Output

The following outputs are examples of cflowd collector information, and the associated tables describe the output fields.

Sample output 1
A:R51-CfmA# show cflowd collector 

===============================================================================
Cflowd Collectors 
===============================================================================
Host Address    Port  Version   AS Type   Admin   Oper            Sent         
-------------------------------------------------------------------------------
138.120.135.103 2055  v5        peer      up      up              1380 records 
138.120.135.103 9555  v8        origin    up      up                90 records 
138.120.135.103 9996  v9          -       up      up                 0 packets 
138.120.214.224 2055  v5        origin    up      up              1380 records 
-------------------------------------------------------------------------------
Collectors : 4
===============================================================================

Table 10. Output fields: cflowd collector
Label Description

Host Address

Displays the IP address of a remote cflowd collector host to receive the exported cflowd data

Port

Displays the UDP port number on the remote cflowd collector host to receive the exported cflowd data

AS Type

Displays the style of AS reporting used in the exported flow data

origin — Reflects the endpoints of the AS path that the flow is following

peer — Reflects the AS of the previous and next hops for the flow

Version

Displays the configured version for the associated collector

Admin

Displays the desired administrative state for this cflowd remote collector host

Oper

Displays the current operational status of this cflowd remote collector host

Recs Sent

Displays the number of cflowd records that have been transmitted to this remote collector host

Collectors

Displays the total number of collectors using this IP address

Sample output 2

A:R51-CfmA# show cflowd collector detail 
===============================================================================
Cflowd Collectors  (detail)
===============================================================================
Address                      : 138.120.135.103
Port                         : 2055
Description                  : Test v5 Collector
Version                      : 5
AS Type                      : peer
Admin State                  : up
Oper State                   : up
Records Sent                 : 1260
Last Changed                 : 09/03/2009 17:24:04
Last Pkt Sent                : 09/03/2009 18:07:10
-------------------------------------------------------------------------------
                                               Sent          Open       Errors 
-------------------------------------------------------------------------------
                                                 42             0            0
===============================================================================
Address                      : 138.120.135.103
Port                         : 9555   
Description                  : Test v8 Collector
Version                      : 8
AS Type                      : origin
Admin State                  : up
Oper State                   : up
Records Sent                 : 82
Last Changed                 : 09/03/2009 17:24:04
Last Pkt Sent                : 09/03/2009 18:06:41
-------------------------------------------------------------------------------
Aggregation Type              Status           Sent          Open       Errors 
-------------------------------------------------------------------------------
as-matrix                    Disabled             0             0            0
protocol-port                Disabled             0             0            0
source-prefix                 Enabled            21             0            0
destination-prefix            Enabled            21             0            0
source-destination-prefix    Disabled             0             0            0
raw                          Disabled             0             0            0
===============================================================================
Address                      : 138.120.135.103
Port                         : 9996
Description                  : Test v9 Collector
Version                      : 9
Admin State                  : up
Oper State                   : up
Packets Sent                 : 51
Last Changed                 : 09/03/2009 17:24:04
Last Pkt Sent                : 09/03/2009 18:07:10
Template Set                 : Basic
-------------------------------------------------------------------------------
Traffic Type            Template Sent          Sent          Open       Errors 
-------------------------------------------------------------------------------
IPv4              09/03/2009 18:07:29            51             1            0
MPLS                 No template sent             0             0            0
IPv6                 No template sent             0             0            0
===============================================================================
A:R51-CfmA# 
Table 11. Output fields: cflowd collector detailed
Label Description

Address

Displays the IP address of a remote cflowd collector host to receive the exported cflowd data

Port

Displays the UDP port number on the remote cflowd collector host to receive the exported cflowd data

Description

Displays a user-provided descriptive string for this cflowd remote collector host

Version

Displays the version of the flow data sent to the collector

AS Type

Displays the style of AS reporting used in the exported flow data

origin — Reflects the endpoints of the AS path which the flow is following

peer — Reflects the AS of the previous and next hops for the flow

Admin State

Displays the desired administrative state for this cflowd remote collector host

Oper State

Displays the current operational status of this cflowd remote collector host

Records Sent

Displays the number of cflowd records that have been transmitted to this remote collector host

Last Changed

Displays the time when this row entry was last changed

Last Pkt Sent

Displays the time when the last cflowd packet was sent to this remote collector host

Aggregation Type

Displays the bit mask that specifies the aggregation schemes used to aggregate multiple individual flows into an aggregated flow for export to this remote host collector.

none — No data will be exported for this remote collector host

raw — Flow data is exported without aggregation in version 5 format

All other aggregation types use version 8 format to export the flow data to this remote host collector.

Collectors

Displays the total number of collectors using this IP address

Sent

Displays the number of packets with flow date sent to the associated collector

Open

Displays the number of partially filled packets that have some flow data but are not yet filled or have been timed out (60 seconds maximum)

Error

Increments when an error occurs during export of the collector packet. The most common reason is a UDP unreachable destination for the configured collector.

interface
Syntax

interface [ip-int-name]

Context

show>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command displays the administrative and operational status of the interfaces in which cflowd is enabled.

Parameters
ip-int-name

Displays only information for the specified IP interface name, up to 32 characters.

Default

all interfaces with cflowd enabled

Output

The following output is an example of cflowd interface information, and Output fields: cflowd interface describes the output fields.

Sample output
# show cflowd interface [ip-int-name] 
===============================================================================
Cflowd Interfaces
===============================================================================
Interface                         Router       IF Index Type/Dir Samp Admin  
  IPv4 Address                                                        Oper IPv4
  IPv6 Address                                                        Oper IPv6
-------------------------------------------------------------------------------
test                              Base         1         intf/ingr    Up
  1.1.1.1/24                                             uni          Down
  N/A                                                    uni          Down
-------------------------------------------------------------------------------
Interfaces : 1
Table 12. Output fields: cflowd interface
Label Description

Interface

Displays the physical port identifier

IPv4 Address

Displays the primary IPv4 address for the associated IP interface

IPv6 Address

Displays the primary IPv6 address for the associated IP interface

Router

Displays the virtual router index (Base = 0)

IF Index

Displays the global IP interface index

Type/Dir Samp

Displays the cflowd sampling type and direction

intf — Interface based sampling

acl — ACL based sampling

ingr — Ingress sampling

egr — Egress sampling

both — Both ingress and egress sampling

Admin

Displays the administrative state of the interface

Opr-IPv4

Displays the operational state for IPv4 sampling

Opr-IPv6

Displays the operational state for IPv6 sampling

status
Syntax

status

Context

show>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command displays administrative and operational status information for cflowd.

Output

The following output is an example of cflowd status information, and Output fields: cflowd status describes the output fields.

Sample output
sr1# show cflowd status
===============================================================================
Cflowd Status
===============================================================================
Cflowd Admin Status : Enabled
Cflowd Oper Status : Enabled
Active Timeout : 1 minutes
Inactive Timeout : 30 seconds
Template Retransmit : 60 seconds
Cache Size : 65536 entries
Overflow : 1%
Sample Rate : 1
Active Flows : 34000
Overflow events 10 
Dropped Flows: 0 
Pkts Rcvd : 801600
Total Pkts Dropped : 0
                           Raw          
Times flow created        160000           
Times flow matched        224428382        
Total flows flushed       150000           
===============================================================================
Version Info
===============================================================================
Version       Status        Sent   Open   Errors
-------------------------------------------------------------------------------
5             Enabled       92     0      0
8             Enabled       46     0      0
9             Enabled       56     1      0
10            Enabled       39     1      0
===============================================================================

===============================================================================
Cflowd Status
===============================================================================
Cflowd Admin Status  : Enabled
Cflowd Oper Status   : Enabled
Active Timeout       : 1 minutes
Inactive Timeout     : 30 seconds
Template Retransmit  : 60 seconds
Cache Size           : 65536 entries
Overflow             : 1%
Sample Rate          : 1
Active Flows         : 34
Total Pkts Rcvd      : 801600
Total Pkts Dropped   : 0

===============================================================================
Version Info
===============================================================================
Version                    Status     Sent          Open          Errors       
-------------------------------------------------------------------------------
     5                     Enabled    92            0             0            
     8                     Enabled    46            0             0            
     9                     Enabled    56            1             0            
    10                     Enabled    39            1             0            
=============================================================================== 
Table 13. Output fields: cflowd status
Label Description

Cflowd Admin Status

Displays the desired administrative state for this cflowd remote collector host

Cflowd Oper Status

Displays the current operational status of this cflowd remote collector host

Active Timeout

Displays the maximum amount of time, in minutes, before an active flow is exported. If an individual flow is active for this amount of time, the flow is exported and a new flow is created.

Inactive Timeout

Displays the inactive timeout in seconds

Template Retransmit

Displays the time, in seconds, before template definitions are sent

Cache Size

Displays the maximum number of active flows to be maintained in the flow cache table

Overflow

Displays the percentage number of flows to be flushed when the flow cache size has been exceeded

Sample Rate

Displays the rate at which traffic is sampled and forwarded for cflowd analysis

one (1) — All packets are analyzed

1000 (default) — One in every one thousand packet is analyzed

Active Flows

Displays the current number of active flows being collected

Total Pkts Rcvd

Displays the total number of packets sampled and forwarded for cflowd analysis

Total Pkts Dropped

Displays the total number of packets dropped

Aggregation Info:

Type

Displays the type of data to be aggregated and to the collector

Status

enabled — Specifies that the aggregation type is enabled

disabled — Specifies that the aggregation type is disabled

Sent

Displays the number of packets with flow date sent to the associated collector

Open

Displays the number of partially filled packets which have some flow data but are not yet filled or have been timed out (60 seconds maximum)

Error

Counter increments when an error occurs during export of the collector packet. The most common reason is a UDP unreachable destination for the configured collector.

Overflow events

Displays the number of times the active cache overflowed

Dropped Flows

Displays the total number of flows dropped due to cache overflow events

Tools commands

cache
Syntax

cache aggregate {src-dst-proto | src-dst-proto-port} family {ipv4 | ipv6}

cached all family {ipv4 | ipv6}

Context

tools>dump>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command displays the contents of the cflowd active cache. This information can be displayed either in raw form, where every flow entry is displayed, or in an aggregated form.

Parameters
all

Displays the raw active cache flow data with no aggregation.

aggregate

Displays the aggregated active cache flow data.

src-dst-proto — Aggregates the active flow cache based on the source and destination IP address and the IP protocol value.

src-dst-proto-port — Aggregates the active flow cache based on the source and destination IP address, IP protocol value, and the source and destination port numbers.

family

Specifies the IP address family flow for which data should be displayed.

ipv4 — Displays the IPv4 flow data.

ipv6 — Displays the IPv6 flow data.

Output

The following output is an example of cflowd cache information, Output fields: tools dump cflowd cache describes the output fields.

Sample output
INFO: |18:59:55 +00:00.153| tools dump cflowd cache all family ipv4 
Current time: 08/26/2021 13:29:55
--------------------------------------------------------------------------------
Intf/Ingr  SrcIP             Intf/Egr  DstIP             Prot ToS   Flgs    Pkts
vRtr-ID   S-Port Msk AS     D-Port Msk AS     NextHop          Pkt-Size  Active
--------------------------------------------------------------------------------
1          150.1.1.2         2         150.2.1.2         17   0x00  0x00      25
1         7      /24 200    7      /24 300    150.2.1.2        46             0
--------------------------------------------------------------------------------
Table 14. Output fields: tools dump cflowd cache
Label Description

Proto/Protocol

Displays the IPv4 or IPv6 protocol type

Source Address/Src-IP

Displays the source IP address of the flow (IPv4 or IPv6)

Destination Address/Dst-IP

Displays the destination IP address of the flow (IPv4 or IPv6)

Intf/Ingr

Displays the ingress interface associated with the sampled flow (only displayed with the raw (all) output)

Intf/Egr

Displays the egress interface associated with the sampled flow (only displayed with the raw (all) output)

S-Port

Displays the source protocol port number

D-Port

Displays the destination protocol port number

Pkt-Cnt

Displays the total number of packets sampled for the associated flow

Byte-Cnt

Displays the total number of bytes of traffic sampled for the associated flow

Start-Time

Displays the system time when the first packet was sampled for the associated flow

Flags

Displays the IP flag value from the sampled IP flow header (only displayed with the raw (all) output)

ToS

Displays the ToS byte values from the sampled IP flow header (only displayed with the raw (all) output)

(Src) Mask

Displays the IP route mask for the route to the flow source IP address associated with the flow (only displayed with the raw (all) output)

(Dst) Mask

Displays the IP route mask for the route to the flow destination IP address associated with the flow (only displayed with the raw (all) output)

(Src) AS

Displays the ASN associated with the route to the flow source IP address associated with the flow (only displayed with the raw (all) output)

(Dst) AS

Displays the ASN associated with the route to the flow destination IP address associated with the flow (only displayed with the raw (all) output)

vRtr-ID

Displays the virtual router ID associated with the reported IP flow (only displayed with the raw (all) output)

packet-size
Syntax

packet-size protocol [clear]

Context

tools>dump>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command displays packet size distribution for sampled IP traffic. Values are displayed in decimal format (1.0 = 100%, .500 = 50%). Separate statistics are maintained and displayed for IPv4 and IPv6 traffic.

Parameters
protocol

Displays packet size information for the specified protocol.

Values

ipv4, ipv6, mcast-ipv4, mcast-ipv6

clear

Keyword to clear statistics.

Output

The following output is an example of cflowd packet size information.

Sample output
A:Dut-A# 
INFO: |18:57:06 +00:00.100| tools dump cflowd packet-size ipv4 
IPv4 unicast packet size distribution (30 total packets):
     Current Time: 08/26/2021 13:27:05
Last Cleared Time: 08/26/2021 13:26:32
1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
.033 .067 .100 .033 .033 .033 .033 .033 .033 .033 .033 .033 .033 .033 .033 
 512  544  576 1024 1536 2048 2560 3072 3584 4096 4608 9000
.033 .033 .033 .033 .033 .033 .033 .033 .033 .033 .033 .033 
top-flows
Syntax

top-flows protocols [clear]

Context

tools>dump>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command displays the top 20 (highest traffic volume) flows for IPv4, IPv6, or MPLS traffic types collected since the cflowd top-flow table was last cleared or initialized.

Parameters
protocol

Displays top-flow information for the specified protocol.

Values

ipv4, ipv6, mpls, l2, mcast-ipv4, mcast-ipv6

clear

Keyword to clear statistics.

Output

The following output is an example of cflowd top-flow information, and Output fields: tools dump cflowd top-flows describes the output fields.

Sample output
INFO: |18:57:05 +00:00.086| tools dump cflowd top-flows ipv4 
The top 20 IPv4 unicast flows seen by cflowd are:
     Current Time: 08/26/2021 13:27:05
Last Cleared Time: 08/26/2021 13:26:32
   ifIndexContext: global
Intf/Ingr  SrcIP             Intf/Egr  DstIP             Pro  ToS   Flgs    Pkts
 vRtr-ID   S-Port Msk AS     D-Port Msk AS     NextHop          Pkt-Size    Time
--------------------------------------------------------------------------------
1          150.1.1.2         2         150.2.1.2         6    0x00  0x00      26
 1         10     /24 200    20     /24 300    150.2.1.2        1079          18
1          1.20.1.2          0         1.20.1.3          6    0xc0  0x18       1
 1         179    /0  0      51201  /0  0      0.0.0.0          71             0
1          150.1.1.2         2         150.2.1.2         2    0x00  0x00       1
 1         0      /24 200    0      /24 300    150.2.1.2        28             0
--------------------------------------------------------------------------------
Table 15. Output fields: tools dump cflowd top-flows
Label Description

Ingress

Displays the ingress interface ID

Src IP

Displays the source IP address of the flow (IPv4 or IPv6)

Egress

Displays the egress interface ID

Dest IP

Displays the destination IP address of the flow (IPv4 or IPv6)

Pr

Displays the protocol type for flow

TOS

Displays the Type of Service/DSCP bits filed markings

Flgs

Displays the protocol flag markings

Pkts

Displays the total number of packets sampled for this flow (since stats were last cleared)

vRtr-ID

Displays the vRouter context the flow was sampled in

S-Port

Displays the source protocol port number

Msk

Displays the route prefix length for route to source IP address

AS

Displays the AS number for the source route (the AS is either originating or peer, depending on the cflowd configuration)

DstIP

Displays the destination protocol port number

Msk

Displays the route prefix length for route to destination IP address (Forwarding route)

AS

Displays the AS number for the destination route (the AS is either originating or peer, depending on the cflowd configuration)

Nexthop

Displays the next-hop address used to forward traffic associated with the flow

Avg pkt size

Displays the average packet size of a sampled traffic associated with this flow (total number of packets sampled / total number of packets sampled)

Active

Displays the number of seconds the flow has been active

top-protocols
Syntax

top-protocols protocols [clear]

Context

tools>dump>cflowd

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command displays the summary information for the top 20 protocols traffic in the cflowd cache. All statistics are calculated based on data collected since the cflowd statistics were last cleared using the clear keyword.

If the clear optional keyword is configured, the top flows are displayed and then this cache is cleared.

Parameters
protocol

Displays top protocol information for the specified protocol.

Values

ipv4, ipv6, mcast-ipv4, mcast-ipv6

clear

Keyword to clear statistics.

Output

The following output is an example of cflowd top protocol traffic information, and Output fields: tools dump cflowd top-protocols describes the output fields.

Sample output
A:Dut-A# 
INFO: |18:57:05 +00:00.095| tools dump cflowd top-protocols ipv4 
The top 20 IPv4 unicast protocols seen by cflowd are:
     Current Time: 08/26/2021 13:27:05
Last Cleared Time: 08/26/2021 13:26:32
Protocol (ID)      Total     Flows     Pkts   Bytes     Pkts    Secs   % Total 
-------------      Flows      /Sec    /Flow    /Pkt     /Sec   /Flow   Bandwidth
--------------------------------------------------------------------------------
TCP                    2         0       13    1041        0       9         99%
IGMP                   1         0        1      28        0       0          0%
--------------------------------------------------------------------------------
TOTALS                 3         0        9    1005        0       6        100%
Table 16. Output fields: tools dump cflowd top-protocols
Label Description

Protocol ID

Displays the IPv4 or IPv6 protocol type

Prints either the well-known protocol name or the decimal protocol number

Total Flows

Displays the total number of flows recorded since the cflowd statistics were last cleared with this protocol type

Flows/Sec

Displays the average number of flows detected for the associated protocol type

(Total flows / number of seconds since last clear)

Packets/Flow

Displays the average number of packets per flow

(Total number of packets / total flows)

Bytes/Pkts

Displays the average number of bytes per packet for the associated protocol type

(Total number of bytes for the associated protocol / total number of packets seen for the associated protocol)

Packets/Sec

Displays the average number of packets seen for the associated protocol type

(Number of packets / time since last clear)

Duration/Flow

Displays the average lifetime of a flow for the associated protocol type

(Number of seconds since last clear / total flows)

Bandwidth Total (%)

Displays the percentage of bandwidth consumed by the associated protocol type

(Total protocol bytes / total bytes of all flows)

Clear commands

cflowd
Syntax

cflowd

Context

clear

Platforms

7210 SAS-Mxp, 7210 SAS-R6, and 7210 SAS-Sx/S 1/10GE (standalone)

Description

This command clears the raw and aggregation flow caches that are sending flow data to the configured collectors. This action triggers all flows to be discarded. The cache restarts flow data collection from a fresh state. This command also clears global statistics collector statistics listed in the cflowd show commands.