NetFlow

NetFlow 


NetFlow流量定义七要素： 
1.Source IP address 
2.Destination IP address 
3.Source port 
4.Destination port 
5.Layer 3 protocol type 
6.CoS or Tos byte 
7.Input logical interface 


1.创建一个NetFlow输出目的


flow exporter Netflow-Exporter 
 destination 202.100.1.241 
 transport udp 6666 
 export-protocol netflow-v9 
 
2.创建一个流量监控


flow monitor Monitor1 
 record netflow ipv4 original-input 
 exporter Netflow-Exporter 


3.创建一个自定义的流量记录
 
flow record Yeslab-Record 
 match ipv4 source address 
 match ipv4 destination address 
 collect counter bytes 


4.再创建一个流量监控


flow monitor Monitor2 
 record Yeslab-Record 
 export Netflow-Exporter 


5.在两个接口下分别调用已定义的监控


interface fastethernet 0/0 
 ip address 202.100.1.10 255.255.255.0 
 ip flow monitor Monitor1 input 


interface fastethernet 1/0 
 ip address 10.1.1.10 255.255.255.0 
 ip flow monitor Monitor2 input 


8.配置flow-top-talker 


ip flow-top-talkers 
 top 5 
 sort-by packets 
 match protocol 1 


9.配置采集MAP 
 
flow-sampler-map Yeslab 
 mode random one-out-of 10 


10.接口下调用采集MAP 


interface fastethernet 0/0 
 ip address 202.100.1.10 255.255.255.0 
 duplex half 
 flow-sampler Yeslab 


显示所有接口NetFlow输出统计


show flow exporter statistics 


查看Monitor1 and Monitor2收集的信息


show flow monitor name Monitor1 cache format table 
show flow monitor name Monitor2 cache format table 


show ip flow top-talkers