Configuring Flow-Based Statistics Collection

To configure J-Flow on a virtual router:

1. Enable J-Flow statistics.
2. Enable J-Flow statistics on the desired interfaces.
3. (Optional) Define the sampling interval at which you want to collect statistics.
4. (Optional) Customize the size of the main flow cache.
5. (Optional) Define flow cache aging timers.
6. (Optional) Specify to where you want to export J-Flow statistics.

Enabling Flow-Based Statistics

Use the ip flow statistics command to explicitly enable J-Flow.

Note: Issuing any configuration-level commands implicitly enables J-Flow.

Enabling Flow-Based Statistics on an Interface

Use the ip route-cache flow sampled command to enable J-Flow statistics on an interface. You can also use this command to configure an IP profile that is applied to dynamically created IP interfaces. This feature provides J-flow capability on all dynamically created IP interfaces, including those used for MPLS-to-IP forwarding scenarios.

Note: Issuing an interface-level flow command does not enable J-Flow on the virtual router. To enable J-Flow, issue the ip flow statistics command.

Defining a Sampling Interval

Use the ip flow-sampling-mode packet-interval command to define the packet-sampling interval for the virtual router. The sampling interval specifies the rate at which the virtual router samples J-Flow information. This rate is used for all interfaces that have J-Flow enabled. After you enable J-Flow on an interface, the virtual router samples one packet at the specified packet interval. You can specify an interval in the range 1–4,000,000,000 packets.

When you use the ip flow-sampling-mode packet-interval command to define the packet-sampling interval for Gigabit Ethernet interfaces configured on the ES2 10G LM (line module) with either the ES2-S1 GE-8 IOA or the ES2-S2 10GE PR IOA on E120 routers and E320 routers, the J-Flow application makes the following internal adjustments to achieve better performance on the ES2 10G LM, regardless of the packet-sampling interval that you configure:

• J-Flow adjusts the maximum sampling interval to 8,388,608, which is the decimal equivalent of 0x800000.
• J-Flow changes the packet-sampling value to the closest integer that is a power of two and that is less than or equal to the configured value.

For performance reasons, J-Flow applies these adjustments to the sampling interval only for the interfaces configured on the ES2 10G LM on the virtual router. The configured sampling interval does not change for interfaces not configured on the ES2 10G LM on the virtual router.

When the data rate increases on a given interface, J-Flow packet sampling might not be able to maintain the configured sampling rate and might drop the intended sampled packets. If this occurs, you can address the issue by reducing the sampling rate.

Note: For all modules except the ES2 10G LM on the E120 router and the E320 router, packet sampling occurs individually for each processor. Because the router distributes packets over multiple processors, sampling occurs when each processor reaches the specified packet interval. Even though each flow is sampled, the flow sample is not necessarily cached because of system constraints.

Setting Cache Size

Use the ip flow-cache entries command to limit the number of main flow cache entries for the virtual router (as collected across all line modules that are running J-Flow). After the cache size exceeds the flow-cache entry limit, the least recently used flow is removed.

The possible flow-cache range is 1,024 – 524,288 entries. The default value is 65,536 entries.

Defining Aging Timers

After the virtual router creates a flow in the cache, the virtual router can remove the flow at the expiration of either the active or the inactive timer.

Specifying the Activity Timer

Use the ip flow-cache timeout active command to specify a value for the activity timer. The activity timer measures the amount of time that the virtual router has been recording a datagram for a given flow. When this timer expires, the virtual router exports the flow cache entry from the cache and removes the entry. This process prevents active flows from remaining in the flow cache, and allows collected data to appear in a timely manner. The possible range for the activity timer value is 1 – 60 minutes. The default value is 30 minutes.

Specifying the Inactivity Timer

Use the ip flow-cache timeout inactive command to specify a value for the inactivity timer. The inactivity timer measures the length of time expired since the virtual router recorded the last datagram for a given flow. When this timer expires, the virtual router exports the flow cache entry from the cache and removes it. When, at a later time, another datagram begins that uses the same flow characteristics, the virtual router allocates a new flow cache entry, and the inactivity timer begins again. The possible range for the inactivity timer value is 10 – 600 seconds. The default value is 15 seconds.

Specifying Flow Export

Use the ip flow-export command to specify the location to which you want to export the J-Flow datagrams.

Configuring Aggregation Flow Caches

Aggregation caches are disabled by default. Exporting flow records from the router does not occur while it is in the disabled state. When the configuration for an aggregation cache is changed from enabled to disabled state, all flow records from that cache are removed and flow collection stops.

For Prefix, Destination Prefix, and Source Prefix aggregation caches, you can specify a minimum source and destination mask size to affect the granularity of the IP address space captured in the aggregation cache. The commands to configure the minimum mask size for the source and destination address are issued in Flow Cache Configuration mode and are specific to each aggregation cache:

The value (a number in the range 1–32) specifies the size of the minimum mask. The no version restores the default minimum mask size, which is 0. A mask of size N has the N most significant bits set in the corresponding bit mask.

You cannot configure a minimum mask size for aggregation caches that do not retain an IP address in their aggregation scheme (like the AS aggregation cache). You can configure the Prefix aggregation cache for both source and destination minimum mask size. You can configure only the source minimum mask size for the Source Prefix aggregation cache. You can configure only the destination minimum mask size for the Destination Prefix aggregation cache.

The peer/origin information configured with the export command for the man V5 cache is used to display the AS number of the AS aggregation cache for both the source and destination AS. If no (default) configuration is present, zero appears in the AS numbers for both V5 export and V8 export and in the show commands for the V8 AS aggregation cache.

Establish an aggregation cache:

1. Enter Flow Cache Configuration mode for the AS aggregation cache.
   host1(config)#ip flow-aggregation cache as
2. Configure the number of entries (1024—524288) in the aggregation cache; the no version sets the number of entries back to its default value of 4096 (flow-data may be lost if the previous setting is larger than the default).
   host1(config-flow-cache)#cache entries entryNumber
3. Set the active (1-60) and inactive (10-600) aging timers.
   host1(config-flow-cache)#cache timeout active active-tmo host1(config-flow-cache)#cache timeout inactive inactive-tmo
4. Configure an export destination for the aggregation cache; the no version removes the destination.
   host1(config-flow-cache)#export destination { hostname | ip address } udp-port-number
5. Set the source IP address for datagrams containing information from this cache: the no version removes the explicit setting of the source address.
   host1(config-flow-cache)#export source interfacetype interface
6. Enable the aggregation cache.
   host1(config-flow-cache)#enabled

   The aggregation cache starts accumulating information from the flow cache; the no version stops the accumulation of information from the flow cache, but does not suspend the operation of the flow cache.