Submit a ticketCall us

WebinarVisual Monitoring Tactics: Getting More Log Search Value from SolarWinds Log & Event Manager with nDepth Webcast

Do things seem to make more sense when they are visualized? Are you an IT professional or security expert with a wish for more cybersecurity tools that provide an intuitive visual experience? Join Alexis Horn and Jamie Hynds from SolarWinds as they demonstrate how the nDepth feature in LEM can help make visualizing log search results a reality.

Register now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA - Knowledgebase Articles > Nexus 9k (Nexus 9000) Netflow support

Nexus 9k (Nexus 9000) Netflow support

Created by Brian O'Donovan, last modified by Eric Bryant on Jan 18, 2019

Views: 5,549 Votes: 2 Revisions: 19

Overview

This article provides information about Nexus 9k series support for NetFlow.

Environment

All versions of  NTA

Detail

  • sFlow configurations are recommended in fabric switching networks

Nexus 9K Series sFlow example configurations:

 

Enabling sFlow:
 

configure terminal
feature sflow
copy running-config startup-config

 

Configure our sampling rate:
 

sflow sampling-rate 50000  --*Sampling rate can be an integer between 4096 and 1000000000
copy running-config startup-config

 

Configure the maximum sampled size:
 

sflow max-sampled-size 200 --*Sampling range from 64 to 256 bytes
copy running-config startup-config

 

Configure the counter poll interval:
 

sflow counter-poll-interval 100 --*Poll interval range from 0 to 2147483647
copy running-config startup-config

 

Configure the maximum datagram size:
 

sflow max-datagram-size --*Datagram-size range from 200 to 9000 bytes
copy running-config startup-config

 

Configure sFlow collector Address:
 

sflow collector-ip x.x.x.x vrf management --*If the IP address is set to 0.0.0.0 all sampling is disabled

--*A user-defined VRF name – You can specify a maximum of 32 alphanumeric characters.
vrf management – You must use this option if the sFlow data collector is on the network connected to the management port.
vrf default – You must use this option if the sFlow data collector is on the network connected to the front-panel ports.

copy running-config startup-config

 

Configure sFlow collector port:
 

sflow collector-port 2055 --*The range for the collector port is from 0 to 65535
Common ports include 2055, 2056, 9995 and 9996

copy running-config startup-config

 

Configure sFlow agent address:
 

sflow agent-ip x.x.x.x --*The default IP address is 0.0.0.0 which means that all sampling is disabled on the switch.
You must specify a valid IP address to enable sFlow functionality
This IP address is not necessarily the source IP address for sending the sFlow datagram to the collector


copy running-config startup-config

 

Configure sFlow sampling data source:
 

sflow data-source interface ethernet 1/5-12 --*sFlow data-source interface [ethernet slot/port{-port}] | port-channel channel-number

--*For an Ethernet daa source, slot is the slot number and port can be either a single port number or a range of ports designated as port-port

copy running-config startup-config

 

Nexus 9300-EX, 9300-FX, Nexus 9500 with N9K-9700-EX line Card Platform Switches

  • The NX-OS Release 9.2 and above support flexible Netflow configurations in the above switch models for routing infrastructures

     

Flexible Netflow configuration example:


Create the Flow Record:
 

flow record ipv4
match ipv4 tos --*optional
match ipv protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes long --*optional
collect counter packets long --*optional

Create Flow Exporter:
 

flow exporter NetFlow-to-Orion
destination 10.10.10.10
source ethernet 2/1
transport udp 2055
version 9
template data timeout 60

 

Create Flow Monitor:
 

flow monitor NetFlow-Monitor
description Original Netflow captures
record ipv4
exporter NetFlow-to-Orion
cache timeout inact 10
cache timeout act 60

 

Apply Flow Monitor to Interface:
 

vlan configuration 700
ip flow monitor NetFlow-Monitor input


Set Flow Timeout:

 

flow timeout 60

 

Cisco Configuration Guide

 

 

 

 

Last modified

Tags

Classifications

Public