Configuring Flow-Based Statistics Collection
To configure J-Flow on a virtual router:
- Enable J-Flow statistics.
- Enable J-Flow statistics on the desired interfaces.
- (Optional) Define the sampling interval at which you want to collect statistics.
- (Optional) Customize the size of the main flow cache.
- (Optional) Define flow cache aging timers.
- (Optional) Specify to where you want to export J-Flow statistics.
Enabling Flow-Based Statistics
Use the ip flow statistics command to explicitly enable J-Flow.
 |
NOTE: Issuing any configuration-level commands implicitly enables J-Flow. |
ip flow statistics
host1(config)#ip flow statistics
Enabling Flow-Based Statistics on an Interface
Use the ip route-cache flow sampled command to enable J-Flow statistics on an interface. You can also use this command to configure an IP profile that is applied to dynamically created IP interfaces. This feature provides J-flow capability on all dynamically created IP interfaces, including those used for MPLS-to-IP forwarding scenarios.
|
NOTE: Issuing an interface-level flow command does not enable J-Flow on the virtual router. To enable J-Flow, issue the ip flow statistics command. |
ip route-cache flow sampled
- Use to enable J-Flow on an interface. or in an IP profile for dynamically created IP interfaces.
- Examples
host1(config-if)#ip route-cache flow sampled
host1(config-profile)#ip route-cache flow sampled
Defining a Sampling Interval
Use the ip flow-sampling-mode packet-interval command to define the packet-sampling interval for the virtual router. The sampling interval specifies the rate at which the virtual router samples J-Flow information. This rate is used for all interfaces that have J-Flow enabled. After you enable J-Flow on an interface, the virtual router samples one packet at the specified packet interval. You can specify an interval in the range 1–4,000,000,000 packets.
When you use the ip flow-sampling-mode packet-interval command to define the packet-sampling interval for Gigabit Ethernet interfaces configured on the ES2 10G LM (line module) with either the ES2-S1 GE-8 IOA or the ES2-S2 10GE PR IOA on E120 routers and E320 routers, the J-Flow application makes the following internal adjustments to achieve better performance on the ES2 10G LM, regardless of the packet-sampling interval that you configure:
- J-Flow adjusts the maximum sampling interval to 8,388,608, which is the decimal equivalent of 0x800000.
- J-Flow changes the packet-sampling value to the closest integer that is a power of two and that is less than or equal to the configured value.
For performance reasons, J-Flow applies these adjustments to the sampling interval only for the interfaces configured on the ES2 10G LM on the virtual router. The configured sampling interval does not change for interfaces not configured on the ES2 10G LM on the virtual router.
When the data rate increases on a given interface, J-Flow packet sampling might not be able to maintain the configured sampling rate and might drop the intended sampled packets. If this occurs, you can address the issue by reducing the sampling rate.
ip flow-sampling-mode packet-interval
- Use to define the J-Flow packet-sampling interval.
- Specify a packet-sampling interval in the range 1–4000000000 packets; the default value is 4000000000.
- Specifying an interval less than 10 sets a very high sampling rate that can severely degrade performance. The lower the packet-sampling interval you configure, the faster the sampling rate.
- For information about the effects of using the ip flow-sampling-mode packet-interval command for the ES2 10G LM with either the ES2-S1 GE-8 IOA or the ES2-S2 10GE PR IOA on E120 routers and E320 routers, see Defining a Sampling Interval.
- Example—Samples 1 out of 50 packets from the line module on which the interface resides
host1(config)#ip flow-sampling-mode packet-interval 50
Setting Cache Size
Use the ip flow-cache entries command to limit the number of main flow cache entries for the virtual router (as collected across all line modules that are running J-Flow). After the cache size exceeds the flow-cache entry limit, the least recently used flow is removed.
The possible flow-cache range is 1,024 – 524,288 entries. The default value is 65,536 entries.
ip flow-cache entries
host1(config)#ip flow-cache entries 80000
Defining Aging Timers
After the virtual router creates a flow in the cache, the virtual router can remove the flow at the expiration of either the active or the inactive timer.
Specifying the Activity Timer
Use the ip flow-cache timeout active command to specify a value for the activity timer. The activity timer measures the amount of time that the virtual router has been recording a datagram for a given flow. When this timer expires, the virtual router exports the flow cache entry from the cache and removes the entry. This process prevents active flows from remaining in the flow cache, and allows collected data to appear in a timely manner. The possible range for the activity timer value is 1 – 60 minutes. The default value is 30 minutes.
ip flow-cache timeout active
host1(config)#ip flow-cache timeout active 50
Specifying the Inactivity Timer
Use the ip flow-cache timeout inactive command to specify a value for the inactivity timer. The inactivity timer measures the length of time expired since the virtual router recorded the last datagram for a given flow. When this timer expires, the virtual router exports the flow cache entry from the cache and removes it. When, at a later time, another datagram begins that uses the same flow characteristics, the virtual router allocates a new flow cache entry, and the inactivity timer begins again. The possible range for the inactivity timer value is 10 – 600 seconds. The default value is 15 seconds.
ip flow-cache timeout inactive
host1(config)#ip flow-cache timeout inactive 90
Specifying Flow Export
Use the ip flow-export command to specify the location to which you want to export the J-Flow datagrams.
ip flow-export
- Use to specify the location to which you want to export J-Flow datagrams or specify an alternate source address for outbound export J-Flow datagrams.
- Example 1—Specifies the destination address for J-Flow datagrams
host1(config)#ip flow-export 192.168.2.73 2055 version 5 peer-as
host1(config)#ip flow-export source fastEthernet 5/0
Configuring Aggregation Flow Caches
Aggregation caches are disabled by default. Exporting flow records from the router does not occur while it is in the disabled state. When the configuration for an aggregation cache is changed from enabled to disabled state, all flow records from that cache are removed and flow collection stops.
For Prefix, Destination Prefix, and Source Prefix aggregation caches, you can specify a minimum source and destination mask size to affect the granularity of the IP address space captured in the aggregation cache. The commands to configure the minimum mask size for the source and destination address are issued in Flow Cache Configuration mode and are specific to each aggregation cache:
host1(config-flow-cache)#mask source minimum value
host1(config-flow-cache)#mask destination minimum value
The value (a number in the range 1–32) specifies the size of the minimum mask. The no version restores the default minimum mask size, which is 0. A mask of size N has the N most significant bits set in the corresponding bit mask.
You cannot configure a minimum mask size for aggregation caches that do not retain an IP address in their aggregation scheme (like the AS aggregation cache). You can configure the Prefix aggregation cache for both source and destination minimum mask size. You can configure only the source minimum mask size for the Source Prefix aggregation cache. You can configure only the destination minimum mask size for the Destination Prefix aggregation cache.
The peer/origin information configured with the export command for the man V5 cache is used to display the AS number of the AS aggregation cache for both the source and destination AS. If no (default) configuration is present, zero appears in the AS numbers for both V5 export and V8 export and in the show commands for the V8 AS aggregation cache.
Establish an aggregation cache:
- Enter Flow Cache Configuration mode for the AS aggregation cache.
- Configure the number of entries (1024—524288) in the aggregation cache; the no version sets the number of entries back to its default value of 4096 (flow-data may be lost if the previous setting is larger than the default).
- Set the active (1—60) and inactive (10—600) aging timers.
- Configure an export destination for the aggregation cache; the no version removes the destination.
- Set the source IP address for datagrams containing information from this cache: the no version removes the explicit setting of the source address.
- Enable the aggregation cache.
host1(config)#ip flow-aggregation cache as
host1(config-flow-cache)#cache entries entryNumber
host1(config-flow-cache)#cache timeout active active-tmo
host1(config-flow-cache)#cache timeout inactive inactive-tmo
host1(config-flow-cache)#export destination {hostname | ip address}
udp-port-number
host1(config-flow-cache)#export source interfacetype interface
host1(config-flow-cache)#enabled
The aggregation cache starts accumulating information from the flow cache; the no version stops the accumulation of information from the flow cache, but does not suspend the operation of the flow cache.
cache entries
host1(config-flow-cache)#cache entries 524288
cache timeout
host1(config-flow-cache)#cache timeout active 50
enabled
host1(config-flow-cache)#enabled
export destination
host1(config-flow-cache)#export destination myhost udp-port
export source
host1(config-flow-cache)#export source interface inf1
ip flow-aggregation cache
host1(config)#ip flow-aggregation cache
mask destination
- Use to set the minimum mask size for the destination address for the prefix and destination prefix aggregation caches.
- Example
host1(config-flow-cache)#mask destination 128
mask source
- Use to set the minimum mask size for the source address for the prefix and source prefix aggregation caches.
- Example
host1(config-flow-cache)#mask source 60