Netflow (IOS-XR)

This requires real hardware, unfortunately.

Configure Netflow for IPv4 using the following guidelines:

• Match on the ipv4 fields and capture the originating ASN

• Sample 1 in 50 packets

• Export netflow data to a collector at 1.1.1.1 over IPFIX

• Send the template every 60 seconds

• Active flows should timeout after 600 seconds, and inactive flows should timeout after 20 seconds

• Apply this to traffic ingressing and egressing Gi0/0/0/20

Answer

flow exporter-map EXP1
 version ipfix
  template data timeout 60
 !
 source Loopback0
 destination 1.1.1.1
!
flow monitor-map MON1
 record ipv4
 exporter EXP1
 cache timeout active 600
 cache timeout inactive 20
!
sampler-map SAMPLE1
 random 1 out-of 50
!
interface GigabitEthernet0/0/0/0
 flow ipv4 monitor MON1 sampler SAMPLE1 ingress
 flow ipv4 monitor MON1 sampler SAMPLE1 egress

Explanation

Netflow on IOS-XR is quite similar to IOS-XE. The main difference is that you cannot configure a custom flow record. Instead you are limited to these options:

• record ipv4 [peer-as] [destination-tos]

• record ipv6 [peer-as]

• record mpls ipv4-fields|ipv6-fields|ipv4-ipv6-fields

By default, ipv4 and ipv6 collect the originating AS information. The peer-as keyword also captures the peer AS information in addition to the origination AS. For both of these to work, you must have bgp attribute-download configured. This does not work for VPNv4. VPNv4 must be in per-vrf mode, and even then you only can collect BGP attributes other than AS numbers.

The other big difference with IOS-XR is that you must specify a source interface for the exporter.

flow exporter-map EXP1
 source Loopback0