Filter
Top Products
38-4
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter38 Configuring NetFlow
Overview of NetFlow Statistics Collection
• source and destination IP addresses
• IP protocol
• source and destination port numbers
Information Derived from Software
Information available in a typical NetFlow record from software includes the following:
• Input and output identifiers
• Routing information, including next-hop address, origin and peer AS, source and destination prefix
mask
Assigning the Input and Output Interface and AS Numbers
The following topics are discussed:
• Assigning the Inferred Fields, page 38-4
• Assigning the Output Interface and Output Related Inferred Fields, page 38-4
• Assigning the Input Interface and Input Related Inferred Fields, page 38-5
Assigning the Inferred Fields
The Catalyst 4500 series switch collects netflow flows in hardware. The hardware collects a sub-set of
all the netflow flow fields. The rest of the fields are then filled in by the software when the software
examines the routing state.
The Netflow Services Card does not provide enough information to accurately and consistently
determine the input interface, output interface and other routing information associated with NetFlow
Flows. The Catalyst 4500 series switch has a software mechanism to compensate for this. The
mechanism is described in the next paragraph.
Assigning the Output Interface and Output Related Inferred Fields
Software determines the output interface information by looking up the Forwarding Information Base
(FIB) entry in the default FIB table (based on the destination IP address). From this FIB entry, the
software gains access to the destination AS number for this destination IP address, as well as the
appropriate adjacency that stores the interface information. Therefore, the output interface is based
solely on the destination IP address. If load balancing is enabled on the switch, the load balancing hash,
instead of looking at the adjacency in the FIB entry, will be applied to access the appropriate FIB path
and access the appropriate adjacency. Although this process will typically yield correct results, an
inaccuracy can occur when using a PBR that shares IP addresses with the default FIB table. Under these
circumstances, there would then be multiple FIB table entries and associated adjacencies for the same
destination IP address.