在上一篇文章中,我们研究了Netflow Top-Talkers功能,这可能是获取有关实时路由器上发生的事情的流量级详细信息的最快方式。人们希望了解有关NetFlow版本的更多信息以及其他NetFlow命令。我想在没有购买额外工具的情况下,普通中级工程师可以进行专注于普通的中级工程师,因此关闭我们的Netflow系列帖子,我们将看看一些与Netflow版本相关的CLI功能9.as'LL从我的介绍性Netflow Post中召回,版本9(AKA Flexible NetFlow)引入了流量收集和导出的可扩展框架。NetFlow V9的三个主要配置组件是流量记录,流出驱出商和流量监视器。流程记录定义路由器将跟踪的流的属性。Flow Exporter定义了与将流统计信息导出到外部收集器相关的属性,例如收集器的IP地址,用于导出的源接口等。流量监视器是连接到接口的IOS配置对象,哪个连接在一起流量记录和流量出口商。这三个独立配置对象允许您为各种目的定义不同的集合和导出参数:例如,面向安全的NetFlow收集器可能需要有关TCP标志,DSCP和TTL的信息,而导向的NetFlow收集器可能只需要源地址,目的地地址和数据包大小。是如何将类似于NetFlow V9配置的顶级讲话者样CLI接口的示例,该v9包含比标准版本5命令集更多的信息。请注意,这是从运行12.4(22)T5的路由器; command syntax may differ slightly depending on your IOS version.First, we define a flow record, telling the router what information to collect and which key fields to match. "Key fields" are the characteristics that the router uses to distinguish unique flows; different situations (such as flow collection for security versus billing) might require that flows be distinguished differently.test#sh run | section flow recordNext, we tie the flow record to a flow monitor. Since I'm confining the discussion to CLI tools, we're not going to create a flow exporter.test#sh run | s flow monitortest#sh run int f0/1 | i interface|flowAt this point, the router will begin to collect flows based on the packet characteristics defined in the flow record. We can use the impressively versatile "show ip flow monitor" command to interrogate the NetFlow cache from the CLI:test#sh flow monitor NF9_MONITOR cache sort highest counter bytes top 5 format tableIPV4 SRC ADDR IPV4 DST ADDR TRNS SRC PORT TRNS DST PORT IP PROT tcp flags bytes pkts ip dscp ip ttlUnfortunately the column width restrictions in the Network World blogging software make this hard to read, but I trust you can figure it out. Basically, we have all the same information we had before with "show ip flow top-talkers", but we now have the DSCP, TTL, and TCP flags as well. Also note that the transport layer port numbers are shown in base 10, which is nice. By building your own flow records, you can collect information on any part of the layer 3 or layer 4 header and format or sort them in a variety of ways. In addition to the table format, there's a CSV format option. You could use this to build your own scripts that fetch customized NetFlow information from a router on demand.I encourage to explore these features on your own with the help of the ? and the IOS Flexible NetFlow configuration guide:http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/12_4t/fnf_12_4t_book.html
流记录NF9_RECORD
匹配IPv4协议
匹配ipv4源地址
匹配IPv4目标地址
匹配传输源端口
匹配传输目的地端口
收集IPv4 DSCP.
收集IPv4 TTL.
收集运输TCP标志
收集计数器字节
收集计数器包
流量监视器NF9_Monitor.
记录NF9_RECORD
统计数据包协议
统计数据包大小
最后,我们将流量监视器应用于界面:
接口FastEthernet0/1
IP流监控NF9_Monitor输入
58处理流
汇总到58流动
显示前5个流
=============== =============== ============= ============= ======= ========= ========== ========== ======= ======
10.234.4.9 10.213.10.146 554 4805 6 0x18 3484434 2910 0x00 111
10.23.105.160 10.213.10.146 2189 1121 6 0x18 430880 824 0x00 112
10.93.106.16 10.213.10.146 1007 1188 6 0x18 337005 778 0x00 110
10.15.7.112 10.213.10.146 443 3208 6 0x1B 207337 190 0x00 45
10.2.108.55 10.213.10.146 443 3262 6 0x1a 106330 116 0x00 44