Cisco ASR 9000 series routers have solid support for Netflow and can generate Netflow for quite big amount of traffic without any issues. But considering amount of available port capacity on these routers, we suggest using sampling by default to avoid control plane CPU overload.
We can suggest following configuration from ASR 9000 series of Cisco routers:
flow exporter-map FASTNETMON-EXPORTER version v9 options interface-table timeout 60 options sampler-table timeout 60 template timeout 60 template data timeout 60 template options timeout 60 ! transport udp 2055 source Loopback0 destination 10.0.0.1 ! flow monitor-map SECOND-MAP record ipv4 exporter FASTNETMON-EXPORTER cache entries 200000 cache timeout active 30 cache timeout inactive 30 ! sampler-map FIRST-SAMPLER random 1 out-of 1024
If you prefer IPFIX you can replace “v9” by “ipfix” in this configuration. Also, please replace “10.0.0.1” in this configuration by address of machine where you have FastNetMon.
Also, please set this option for all interfaces:
flow ipv4 monitor exporter-map sampler FIRST-SAMPLER ingress
FastNetMon can detect sampling rate from routers automatically in almost all cases. You can check detected sampling rate per router this way:
sudo fcli show netflow_sampling_rates
It may detect sampling rate incorrectly when you have multiple samplers configured on routers. That’s technical restriction, please avoid this configuration. FastNetMon can detect sampling rate when your have only single sampler. As option, if you need multiple samplers, please set them to same sampling rate.
Also, you may check system counters to confirm that FastNetMon received and decoded sampling announcements from routers:
sudo fcli show system_counters |grep netflow9 |grep sampling netflow9_custom_sampling_rate_received 8688 netflow9_sampling_rate_changes 1
If you see zero values you may check that FastNetMon received options Netflow packets (they carry all meta information about Netflow exporters):
sudo fcli show system_counters |grep netflow9 |grep options netflow9_options_templates_number 844 netflow9_options_packet_number 1448
As fallback option you can configure sampling rate manually in FastNetMon this way:
sudo fcli set main netflow_sampling_ratio 1000
For specified active and inactive timeouts we can suggest using following average calculation time values:
sudo fcli set main average_calculation_time 60 sudo fcli set main average_calculation_time_for_subnets 60 sudo fcli commit
If you noticed incorrect bandwidth calculation, we can suggest using visual traffic for debugging purposes, please enable export of system counters to InfluxDB:
sudo fcli set main influxdb_export_system_counters enable sudo fcli commit
And after that, please check out dashboard “Netflow v9 metrics” from default dashboard list.
Few times on routers with significant amount of traffic we noticed that router exports only quite small amount of all flows and FastNetMon see very small traffic.
It may be caused by internal rate limit about number of flows exported per second.
You can increase it this way using undocumented engineering command:
cache timeout rate-limit 4096
Please be careful with this command and increase it in multiple stages. We tried values up to 32 000 and it works pretty well.
If you have any plans to use Netflow with ASN information, you will need to enable following option in BGP section: