Getting Started with Configuring Cisco IOS

NetFlow and NetFlow Data Export

This module contains the minimum amount of information about and instructions necessary for configuring
NetFlow to capture and export network traffic data. This module is intended to help you get started using
NetFlow and NetFlow Data Export as quickly as possible. If you want more detailed information about this
feature and instructions for configuring NetFlow and NetFlow Data Export, please refer to Configuring
NetFlow and NetFlow Data Export.
NetFlow capture and export are performed independently on each internetworking device on which NetFlow
is enabled. NetFlow need not be operational on each router in the network.
NetFlow is a Cisco IOS application that provides statistics on packets flowing through the router. NetFlow
is emerging as a primary network accounting and security technology.

• Finding Feature Information, page 1

• Prerequisites for Configuring NetFlow and NetFlow Data Export, page 2
• Restrictions for Configuring NetFlow and NetFlow Data Export, page 2
• Information About Configuring NetFlow and NetFlow Data Export, page 3
• How to Configure NetFlow and NetFlow Data Export, page 4
• Configuration Examples for Configuring NetFlow and NetFlow Data Export, page 9
• Additional References, page 11
• Feature Information for Configuring NetFlow and NetFlow Data Export, page 13
• Glossary, page 15

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.

NetFlow Configuration Guide, Cisco IOS Release 15M&T

1
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Prerequisites for Configuring NetFlow and NetFlow Data Export

Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to [Link]/go/cfn. An account on [Link] is not required.

Prerequisites for Configuring NetFlow and NetFlow Data Export

Before you enable NetFlow:
• Configure the router for IP routing.
• Ensure that one of the following is enabled on your router, and on the interfaces that you want to configure
NetFlow on: Cisco Express Forwarding (CEF), distributed CEF, or fast switching.
• Understand the resources required on your router because NetFlow consumes additional memory and
CPU resources.

Restrictions for Configuring NetFlow and NetFlow Data Export

NetFlow Data Capture

NetFlow consumes additional memory. If you have memory constraints, you might want to preset the size of
the NetFlow cache so that it contains a smaller number of entries. The default cache size depends on the
platform. For example, the default cache size for the Cisco 7500 router is 65536 (64K) entries.

Memory Impact
During times of heavy traffic, the additional flows can fill up the global flow hash table. If you need to increase
the size of the global flow hash table, increase the memory of the router.

Cisco IOS Releases 12.2(14)S, 12.0(22)S, or 12.2(15)T

If your router is running a version of Cisco IOS prior to releases 12.2(14)S, 12.0(22)S, or 12.2(15)T, the ip
route-cache flow command is used to enable NetFlow on an interface.
If your router is running Cisco IOS release 12.2(14)S, 12.0(22)S, 12.2(15)T, or later, the ip flow ingress
command is used to enable NetFlow on an interface.

Egress NetFlow Accounting in Cisco IOS 12.3T Releases, 12.3(11)T, or Later

The Egress NetFlow Accounting feature captures NetFlow statistics for IP traffic only. MPLS statistics are
not captured. The MPLS Egress NetFlow Accounting feature can be used on a provider edge (PE) router to
capture IP traffic flow information for egress IP packets that arrived at the router as MPLS packets and
underwent label disposition.
Egress NetFlow accounting might adversely affect network performance because of the additional
accounting-related computation that occurs in the traffic-forwarding path of the router.
Locally generated traffic (traffic that is generated by the router on which the Egress NetFlow Accounting
feature is configured) is not counted as flow traffic for the Egress NetFlow Accounting feature.

NetFlow Configuration Guide, Cisco IOS Release 15M&T

2
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
NetFlow Data Export

Note In Cisco IOS 12.2S releases, egress NetFlow captures either IPv4 packets or MPLS packets as they leave
the router.

The Egress NetFlow Accounting feature counts CEF-switched packets only. Process-switched transit packets
are not counted.

NetFlow Data Export

Restrictions for NetFlow Version 9 Data Export
• Backward compatibility--Version 9 is not backward-compatible with Version 5 or Version 8. If you
need Version 5 or Version 8, you must configure it.
• Export bandwidth--Export bandwidth use increases for Version 9 (because of template flowsets) versus
Version 5. The increase in bandwidth usage versus Version 5 varies with the frequency with which
template flowsets are sent. The default is to resend templates every 20 packets, which has a bandwidth
cost of about 4 percent. If necessary, you can lower the resend rate with the ip flow-export template
refresh-rate packets command.
• Performance impact--Version 9 slightly decreases overall performance, because generating and
maintaining valid template flowsets require additional processing.

Information About Configuring NetFlow and NetFlow Data Export

NetFlow Data Capture

NetFlow captures data from ingress (incoming) and egress (outgoing) packets. NetFlow gathers statistics for
the following ingress IP packets:
• IP-to-IP packets
• IP-to-Multiprotocol Label Switching (MPLS) packets
• Frame Relay-terminated packets
• ATM-terminated packets

NetFlow captures data for all egress (outgoing) packets through the use of the following features:
• Egress NetFlow Accounting--NetFlow gathers statistics for all egress packets for IP traffic only.
• NetFlow MPLS Egress--NetFlow gathers statistics for all egress MPLS-to-IP packets.

NetFlow Configuration Guide, Cisco IOS Release 15M&T

3
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
NetFlow Flows Key Fields

NetFlow Flows Key Fields

A network flow is identified as a unidirectional stream of packets between a given source and destination--both
are defined by a network-layer IP address and by transport-layer source and destination port numbers.
Specifically, a flow is identified as the combination of the following key fields:
• Source IP address
• Destination IP address
• Source port number
• Destination port number
• Layer 3 protocol type
• Type of service (ToS)
• Input logical interface

These seven key fields define a unique flow. If a packet has one key field different from another packet, it is
considered to belong to another flow. A flow might contain other accounting fields (such as the AS number
in the NetFlow export Version 5 flow format) that depend on the export record version that you configure.
Flows are stored in the NetFlow cache.

NetFlow Data Export Using the Version 9 Export Format

NetFlow Data Export format Version 9 is a flexible and extensible format, which provides the versatility
needed for support of new fields and record types. This format accommodates new NetFlow-supported
technologies such as Multicast, Multiprotocol Label Switching (MPLS), and Border Gateway Protocol (BGP)
next hop. The Version 9 export format enables you to use the same version for main and aggregation caches,
and the format is extendable, so you can use the same export format with future features.

How to Configure NetFlow and NetFlow Data Export

Configuring NetFlow and NetFlow Data Export Using the Version 9 Export
Format
Perform this task to configure NetFlow and NetFlow Data Export using the Version 9 export format.

NetFlow Configuration Guide, Cisco IOS Release 15M&T

4
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Configuring NetFlow and NetFlow Data Export Using the Version 9 Export Format

SUMMARY STEPS

1. enable
2. configure terminal
3. ip flow-export destination {ip-address | hostname} udp-port
4. Repeat Step 3 once to configure a second NetFlow export destination.
5. ip flow-export version 9
6. interface interface-type interface-number
7. ip flow {ingress | egress}
8. exit
9. Repeat Steps 6 through 8 to enable NetFlow on other interfaces
10. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable (Required) Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Router> enable

Step 2 configure terminal (Required) Enters global configuration mode.

Example:
Router# configure terminal

Step 3 ip flow-export destination {ip-address | (Optional) IP address or hostname of the workstation to which you want
hostname} udp-port to send the NetFlow information and the number of the UDP port on
which the workstation is listening for this input.
Example: Note The workstation is running an application such as NetFlow
Router(config)# ip flow-export Collection Engine (NFC) that is used to analyze the exported
destination [Link] 99 data.

Step 4 Repeat Step 3 once to configure a second (Optional) You can configure a maximum of two export destinations
NetFlow export destination. for NetFlow.

Step 5 ip flow-export version 9 (Optional) Enables the export of information in NetFlow cache entries.
• The version 9keyword specifies that the export packet uses the
Example: Version 9 format.
Router(config)# ip flow-export version
9 Caution Entering this command on a Cisco 12000 Series Internet
Router causes packet forwarding to stop for a few seconds
while NetFlow reloads the route processor and line card CEF
tables. To avoid interruption of service to a live network,
apply this command during a change window, or include it
in the startup-config file to be executed during a router reboot.

NetFlow Configuration Guide, Cisco IOS Release 15M&T

5
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Verifying That NetFlow Is Operational and View NetFlow Statistics

Command or Action Purpose

Step 6 interface interface-type interface-number (Required) Specifies the interface that you want to enable NetFlow on
and enters interface configuration mode.
Example:
Router(config)# interface ethernet 0/0

Step 7 ip flow {ingress | egress} (Required) Enables NetFlow on the interface.

• ingress --Captures traffic that is being received by the interface.
Example:
• egress --Captures traffic that is being transmitted by the interface.
Router(config-if)# ip flow ingress

Step 8 exit (Optional) Exits interface configuration mode and returns to global
configuration mode.
Example: Note You only need to use this command if you want to enable
Router(config-if)# exit NetFlow on another interface.

Step 9 Repeat Steps 6 through 8 to enable NetFlow (Optional) --

on other interfaces
Step 10 end (Required) Exits the current configuration mode and returns to privileged
EXEC mode.
Example:
Router(config-if)# end

Verifying That NetFlow Is Operational and View NetFlow Statistics

To verify that NetFlow is working properly, perform this optional task.

SUMMARY STEPS

1. show ip flow interface

2. show ip cache flow
3. show ip cache verbose flow

DETAILED STEPS

Step 1 show ip flow interface

Use this command to display the NetFlow configuration for an interface. The following is sample output from this
command:

NetFlow Configuration Guide, Cisco IOS Release 15M&T

6
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Verifying That NetFlow Is Operational and View NetFlow Statistics

Example:
Router# show ip flow interface
Ethernet0/0
ip flow ingress

Step 2 show ip cache flow

Use this command to verify that NetFlow is operational and to display a summary of the NetFlow statistics. The following
is sample output from this command:

Example:
Router# show ip cache flow
IP packet size distribution (1103746 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
35 active, 4061 inactive, 980 added
2921778 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-FTP 108 0.0 1133 40 2.4 1799.6 0.9
TCP-FTPD 108 0.0 1133 40 2.4 1799.6 0.9
TCP-WWW 54 0.0 1133 40 1.2 1799.6 0.8
TCP-SMTP 54 0.0 1133 40 1.2 1799.6 0.8
TCP-BGP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-NNTP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-other 297 0.0 1133 40 6.8 1799.7 0.8
UDP-TFTP 27 0.0 1133 28 0.6 1799.6 1.0
UDP-other 108 0.0 1417 28 3.1 1799.6 0.9
ICMP 135 0.0 1133 427 3.1 1799.6 0.8
Total: 945 0.0 1166 91 22.4 1799.6 0.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 [Link] Et1/0.1 [Link] 01 0000 0C01 51
Et0/0 [Link] Null [Link] 11 0043 0043 51
Et0/0 [Link] Null [Link] 11 0045 0045 51
Et0/0 [Link] Et1/0.1 [Link] 01 0000 0800 51
Et0/0 [Link] Null [Link] 11 0044 0044 51
Et0/0 [Link] Null [Link] 11 00A2 00A2 51
Et0/0 [Link] Et1/0.1 [Link] 06 0014 0014 50
Et0/0 [Link] Et1/0.1 [Link] 06 0015 0015 52
.
.
.
Et0/0 [Link] Et1/0.1 [Link] 06 0087 0087 50
Et0/0 [Link] Et1/0.1 [Link] 06 0050 0050 51
Et0/0 [Link] Et1/0.1 [Link] 06 0089 0089 49
Et0/0 [Link] Et1/0.1 [Link] 06 0050 0050 50
Et0/0 [Link] Et1/0.1 [Link] 01 0000 0800 51
Et0/0 [Link] Null [Link] 06 027C 027C 49

Step 3 show ip cache verbose flow

Use this command to verify that NetFlow is operational and to display a detailed summary of the NetFlow statistics. The
following is sample output from this command:

NetFlow Configuration Guide, Cisco IOS Release 15M&T

7
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Verifying That NetFlow Is Operational and View NetFlow Statistics

Example:
Router# show ip cache verbose flow
IP packet size distribution (1130681 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
35 active, 4061 inactive, 980 added
2992518 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-FTP 108 0.0 1133 40 2.4 1799.6 0.9
TCP-FTPD 108 0.0 1133 40 2.4 1799.6 0.9
TCP-WWW 54 0.0 1133 40 1.2 1799.6 0.8
TCP-SMTP 54 0.0 1133 40 1.2 1799.6 0.8
TCP-BGP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-NNTP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-other 297 0.0 1133 40 6.6 1799.7 0.8
UDP-TFTP 27 0.0 1133 28 0.6 1799.6 1.0
UDP-other 108 0.0 1417 28 3.0 1799.6 0.9
ICMP 135 0.0 1133 427 3.0 1799.6 0.8
Total: 945 0.0 1166 91 21.9 1799.6 0.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Et0/0 [Link] Et1/0.1 [Link] 01 00 10 799
0000 /0 0 0C01 /0 0 [Link] 28 1258.1
Et0/0 [Link] Null [Link] 11 00 10 799
0043 /0 0 0043 /0 0 [Link] 28 1258.0
Et0/0 [Link] Null [Link] 11 00 10 799
0045 /0 0 0045 /0 0 [Link] 28 1258.0
Et0/0 [Link] Et1/0.1 [Link] 01 00 10 799
0000 /0 0 0800 /0 0 [Link] 28 1258.1
Et0/0 [Link] Null [Link] 11 00 10 799
0044 /0 0 0044 /0 0 [Link] 28 1258.1
.
.
.
Et0/0 [Link] Et1/0.1 [Link] 06 00 00 799
0087 /0 0 0087 /0 0 [Link] 40 1258.1
Et0/0 [Link] Et1/0.1 [Link] 06 00 00 799
0050 /0 0 0050 /0 0 [Link] 40 1258.0
Et0/0 [Link] Et1/0.1 [Link] 06 00 00 798
0089 /0 0 0089 /0 0 [Link] 40 1256.5
Et0/0 [Link] Et1/0.1 [Link] 06 00 00 799
0050 /0 0 0050 /0 0 [Link] 40 1258.0
Et0/0 [Link] Et1/0.1 [Link] 01 00 10 799
0000 /0 0 0800 /0 0 [Link] 1500 1258.1
Et0/0 [Link] Null [Link] 06 00 00 798
027C /0 0 027C /0 0 [Link] 40 1256.4

NetFlow Configuration Guide, Cisco IOS Release 15M&T

8
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Verifying That NetFlow Data Export Is Operational

Verifying That NetFlow Data Export Is Operational

To verify that NetFlow data export is operational and to view the statistics for NetFlow data export perform
the step in this optional task.

SUMMARY STEPS

1. show ip flow export

DETAILED STEPS

show ip flow export

Use this command to display the statistics for the NetFlow data export, including statistics for the main cache and for
all other enabled caches. The following is sample output from this command:

Example:
Router# show ip flow export
Flow export v9 is enabled for main cache
Exporting flows to [Link] (99)
Exporting using source interface Ethernet0/0
Version 9 flow records
0 flows exported in 0 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures

Configuration Examples for Configuring NetFlow and NetFlow

Data Export

Example Configuring Egress NetFlow Accounting

The following example shows how to configure Egress NetFlow Accounting:

configure terminal
!
interface ethernet 0/0
ip flow egress
!

NetFlow Configuration Guide, Cisco IOS Release 15M&T

9
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Example Configuring NetFlow Subinterface Support

Example Configuring NetFlow Subinterface Support

NetFlow Subinterface Support For Ingress (Received) Traffic On a Subinterface

configure terminal
!
interface ethernet 0/0.1
ip flow ingress
!

NetFlow SubInterface Support For Egress (Transmitted) Traffic On a Subinterface

configure terminal
!
interface ethernet 1/0.1
ip flow egress
!

Note NetFlow performs additional checks for the status of each subinterface that requires more CPU processing
time and bandwidth. If you have several subinterfaces configured and you want to configure NetFlow
data capture on all of them, we recommend that you configure NetFlow on the main interface instead of
on the individual subinterfaces.

Example Configuring NetFlow Multiple Export Destinations

The following example shows how to configure NetFlow multiple export destinations:

configure terminal
!
ip flow-export destination [Link] 9991
ip flow-export destination [Link] 9991
!

Note You can configure a maximum of two export destinations for the main cache and for each aggregation
cache.

Example Configuring NetFlow and NetFlow Data Export Using the Version 9
Export Format
The following example shows how to configure NetFlow and NetFlow data export using the Version 9 export
format:

configure terminal
!
ip flow-export destination [Link] 9991
ip flow-export version 9
!

NetFlow Configuration Guide, Cisco IOS Release 15M&T

10
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Example Configuring NetFlow for Analyzing PPPoE Session Traffic

Example Configuring NetFlow for Analyzing PPPoE Session Traffic

If you want to obtain accurate NetFlow traffic statistics for PPPoE sessions, you must configure NetFlow on
the virtual-template interface, not on the physical interface that is configured with VLAN encapsulation. For
example, if you configure NetFlow on the physical interface that is configured for VLAN encapsulation as
shown in the following configuration, the NetFlow traffic statistics will not be an accurate representation of
the traffic on the PPPoE sessions.

!
interface GigabitEthernet2/0/0.10
encapsulation dot1Q 10
ip flow egress
pppoe enable
The following example shows how to configure egress NetFlow on a virtual template interface so that you
can accurately analyze the packet size distribution statistics of the traffic that the router is sending to the end
user over the PPoE session:

interface Virtual-Template 1
ip unnumbered ethernet 0
encapsulation ppp
ip flow egress
The following display output from the show ip cache flow command shows that this PPPoE session traffic
is comprised primarily of 1536-byte packets.

Router# show ip cache flow

IP packet size distribution (11014160 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .999 .000 .000 .000 .000 .000 .000

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Commands List, All Releases

Overview of Cisco IOS NetFlow Cisco IOS NetFlow Overview

Tasks for configuring NetFlow to capture and export Configuring NetFlow and NetFlow Data Export
network traffic data

Tasks for configuring Configuring MPLS Aware Configuring MPLS Aware NetFlow
NetFlow

Tasks for configuring MPLS egress NetFlow Configuring MPLS Egress NetFlow Accounting and
accounting Analysis

Tasks for configuring NetFlow input filters Using NetFlow Filtering or Sampling to Select the
Network Traffic to Track

NetFlow Configuration Guide, Cisco IOS Release 15M&T

11
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Additional References

Related Topic Document Title

Tasks for configuring random sampled NetFlow Using NetFlow Filtering or Sampling to Select the
Network Traffic to Track

Tasks for configuring NetFlow aggregation caches Configuring NetFlow Aggregation Caches

Tasks for configuring NetFlow BGP next hop support Configuring NetFlow BGP Next Hop Support for
Accounting and Analysis

Tasks for configuring NetFlow multicast support Configuring NetFlow Multicast Accounting

Tasks for detecting and analyzing network threats Detecting and Analyzing Network Threats With
with NetFlow NetFlow

Tasks for configuring NetFlow Reliable Export With NetFlow Reliable Export With SCTP
SCTP

Tasks for configuring NetFlow Layer 2 and Security NetFlow Layer 2 and Security Monitoring Exports
Monitoring Exports

Tasks for configuring the SNMP NetFlow MIB Configuring SNMP and using the NetFlow MIB to
Monitor NetFlow Data

Tasks for configuring the NetFlow MIB and Top Configuring NetFlow Top Talkers using Cisco IOS
Talkers feature CLI Commands or SNMP Commands

Information for installing, starting, and configuring Cisco CNS NetFlow Collection Engine
the CNS NetFlow Collection Engine Documentation

Configuration commands for NetFlow Cisco IOS NetFlow Command Reference

Standards

Standards Title
No new or modified standards are supported , and --
support for existing standards has not been modified.

MIBs

MIBs MIBs Link

No new or modified MIBs are supported, and support To locate and download MIBs for selected platforms,
for existing MIBs has not been modified. Cisco software releases, and feature sets, use Cisco
MIB Locator found at the following URL:
[Link]

NetFlow Configuration Guide, Cisco IOS Release 15M&T

12
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Feature Information for Configuring NetFlow and NetFlow Data Export

RFCs

RFCs Title
No new or modified RFCs are supported, and support --
for existing RFCs has not been modified .

Technical Assistance

Description Link
The Cisco Support and Documentation website [Link]
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a [Link] user ID
and password.

Feature Information for Configuring NetFlow and NetFlow Data

Export
The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to . An account on [Link] is not required.

NetFlow Configuration Guide, Cisco IOS Release 15M&T

13
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Feature Information for Configuring NetFlow and NetFlow Data Export

Table 1: Feature Information for Configuring NetFlow and NetFlow Data Export

Feature Name Releases Feature Configuration Information

Egress NetFlow Accounting 12.3(11)T 15.0(1)S The Egress NetFlow Accounting
feature allows NetFlow statistics
to be gathered on egress traffic that
is exiting the router. Previous
versions of NetFlow allow statistics
to be gathered only on ingress
traffic that is entering the router.
The following commands were
introduced by this feature: ip flow
egress and ip flow-egress
input-interface.
The following commands were
modified by this feature:
flow-sampler, match, show ip
cache flow, show ip cache
verbose flow, and show ip flow
interface.

NetFlow Multiple Export 12.0(19)S 12.2(2)T 12.2(14)S The NetFlow Multiple Export
Destinations 15.0(1)S Destinations feature enables
configuration of multiple
destinations of the NetFlow data.
The following commands were
modified by this feature: ip
flow-aggregation cache, ip
flow-export destination, and show
ip flow export.

NetFlow Subinterface Support 12.0(22)S 12.2(14)S 12.2(15)T The NetFlow Subinterface Support
feature provides the ability to
enable NetFlow on a
per-subinterface basis.
The following command was
introduced by this feature: ip flow
ingress.
The following command was
modified by this feature: show ip
interface.

NetFlow Configuration Guide, Cisco IOS Release 15M&T

14
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Glossary

Feature Name Releases Feature Configuration Information

NetFlow v9 Export Format 12.0(24)S 12.2(18)S 12.2(27)SBC The NetFlow v9 Export Format is
12.2(18)SXF 12.3(1) 15.0(1)S flexible and extensible, which
provides the versatility needed to
support new fields and record
types. This format accommodates
new NetFlow-supported
technologies such as Multicast,
MPLS, NAT, and BGP next hop.
The following commands were
modified by this feature: debug ip
flow export, export, ip
flow-export, and show ip flow
export.

Glossary
AS --autonomous system. A collection of networks under a common administration sharing a common routing
strategy. Autonomous systems are subdivided by areas. An autonomous system must be assigned a unique
16-bit number by the Internet Assigned Numbers Authority (IANA).
CEF --Cisco Express Forwarding. Layer 3 IP switching technology that optimizes network performance and
scalability for networks with large and dynamic traffic patterns.
BGP --Border Gateway Protocol. An interdomain routing protocol that replaces Exterior Gateway Protocol
(EGP). A BGP system exchanges reachability information with other BGP systems. BGP is defined by RFC
1163.
BGP next hop --IP address of the next hop to be used by a router to reach a certain destination.
dCEF --distributed Cisco Express Forwarding. A type of CEF switching in which line cards (such as Versatile
Interface Processor (VIP) line cards) maintain identical copies of the forwarding information base (FIB) and
adjacency tables. The line cards perform the express forwarding between port adapters; this relieves the Route
Switch Processor of involvement in the switching operation.
export packet --Type of packet built by a device (for example, a router) with NetFlow services enabled that
is addressed to another device (for example, the NetFlow Collection Engine). The packet contains NetFlow
statistics. The other device processes the packet (parses, aggregates, and stores information on IP flows).
fast switching --Cisco feature in which a route cache is used to expedite packet switching through a router.
flow --A set of packets with the same source IP address, destination IP address, protocol, source/destination
ports, and type-of-service, and the same interface on which the flow is monitored. Ingress flows are associated
with the input interface, and egress flows are associated with the output interface.
MPLS --Multiprotocol Label Switching. An emerging industry standard for the forwarding of packets along
a normally routed path (sometimes called MPLS hop-by-hop forwarding).
NetFlow --A Cisco IOS application that provides statistics on packets flowing through the router. It is emerging
as a primary network accounting and security technology.
NetFlow Aggregation --A NetFlow feature that lets you summarize NetFlow export data on an IOS router
before the data is exported to a NetFlow data collection system such as the NetFlow Collection Engine. This

NetFlow Configuration Guide, Cisco IOS Release 15M&T

15
 Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export
Glossary

feature lowers bandwidth requirements for NetFlow export data and reduces platform requirements for NetFlow
data collection devices.
NetFlow Collection Engine (formerly NetFlow FlowCollector)--Cisco application that is used with NetFlow
on Cisco routers and Catalyst series switches. The NetFlow Collection Engine collects packets from the router
that is running NetFlow and decodes, aggregates, and stores them. You can generate reports on various
aggregations that can be set up on the NetFlow Collection Engine.
NetFlow v9 --NetFlow export format Version 9. A flexible and extensible means for carrying NetFlow records
from a network node to a collector. NetFlow Version 9 has definable record types and is self-describing for
easier NetFlow Collection Engine configuration.
RP --Route Processor. A processor module in the Cisco 7000 series routers that contains the CPU, system
software, and most of the memory components that are used in the router. Sometimes called a Supervisory
Processor.

NetFlow Configuration Guide, Cisco IOS Release 15M&T

16