Chapter 51
Configuring NDE
Exporting NetFlow Data
NetFlow maintains traffic statistics for each active flow in the NetFlow table and increments the statistics
when packets within each flow are switched.
Periodically, NDE exports summarized traffic statistics for all expired flows, which the external data
collector receives and processes.
Exported NetFlow data contains statistics for the flow entries in the NetFlow table that have expired
since the last export. Flow entries in the NetFlow table expire and are flushed from the NetFlow table
when one of the following conditions occurs:
•
•
•
•
To ensure periodic reporting of continuously active flows, entries for continuously active flows expire
at the end of the interval configured with the mls aging long command (default 32 minutes).
NDE packets go to the external data collector either when the number of recently expired flows reaches
a predetermined maximum or after:
•
•
By default, all expired flows are exported unless they are filtered. If you configure a filter, NDE only
exports expired and purged flows that match the filter criteria. NDE flow filters are stored in NVRAM
and are not cleared when NDE is disabled. See the
page 51-16
NetFlow Sampling
NetFlow sampling is used when you want to report statistics for a subset of the traffic flowing through
your network. The Netflow statistics can be exported to an external collector for further analysis.
There are two types of NetFlow sampling; NetFlow traffic sampling and NetFlow flow sampling. The
configuration steps for configuring MSFC-based NetFlow traffic sampling for traffic switched in the
software path and PFC/DFC-based NetFlow flow sampling for traffic switched in the hardware path on
a Cisco 6500 series switch use different commands because they are mutually independent features.
The following sections provide additional information on the two types of NetFlow sampling supported
by Cisco 6500 series switches:
•
•
NetFlow Traffic Sampling
NetFlow traffic sampling provides NetFlow data for a subset of traffic forwarded by a Cisco router or
switch by analyzing only one randomly selected packet out of n sequential packets (n is a
user-configurable parameter) from the traffic that is processed by the router or switch. NetFlow traffic
sampling is used on platforms that perform software-based NetFlow accounting, such as Cisco 7200
series routers and Cisco 6500 series MSFCs, to reduce the CPU overhead of running NetFlow by
reducing the number of packets that are analyzed (sampled) by NetFlow. The reduction in the number of
packets sampled by NetFlow on platforms that perform software based NetFlow accounting also reduces
OL-4266-08
The entry ages out.
The entry is cleared by the user.
An interface goes down.
Route flaps occur.
30 seconds for version 5 export.
10 seconds for version 9 export.
for NDE filter configuration procedures.
NetFlow Traffic Sampling, page 51-7
NetFlow Flow Sampling, page 51-8
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
"Configuring NDE Flow Filters" section on
Understanding NDE
51-7