Cisco Performance Monitor

ReneMolenaar · November 1, 2018, 10:50am

This topic is to discuss the following lesson:

f.mbomda · December 10, 2018, 10:30am

Hi Rene
I am try to see the difference between Performance monitor and netflow
and what is the best solution

lagapidis · December 17, 2018, 4:19pm

Hello Fabrice

Cisco Performance Monitor is not a replacement or an alternative to Netflow. CPM is an extension to Flexible Netflow, which itself is an extension to Netflow v9. Which you will choose depends on what level of monitoring you desire.

CPM is ideal for monitoring metrics for real-time applications. Metrics such as Jitter, packet loss and round trip time are all vital for such applications. CPM would be very beneficial if you have such applications, however, if you don’t, Netflow may be sufficient for your needs. You will have to evaluate this based upon your requirements.

I hope this has been helpful!

Laz

faithfps · January 5, 2019, 1:53pm

Hi Everyone,

I have just tried this lesson but don’t appear to have the full command set although my research suggests all commands should be available for these ios vers. Currently I have the following:

7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.2(4)S3,

C2600-IPBASEK9-M), Version 12.4(18)

In addition to the above I have tried multiple ADVENTERPRISE images from 3000 to 7000 series in GNS3 but dont appear to have any access to the command set for these labs… can anyone advise?

Many Thanks
Frank

lagapidis · January 9, 2019, 3:09pm

Hello Frank

Take a look at the following link. It contains the various Cisco Performance Monitor commands and the IOS versions that support them for the various platforms including the 2600 and the 7200.

Hopefully this will give you a better idea of what’s available on your IOS versions.

I hope this has been helpful!

Laz

temitope.ogunwola · April 14, 2020, 1:15am

Hello,

In Reference to this lesson: https://networklessons.com/cisco/ccie-routing-switching-written/cisco-performance-monitor.

some of the commands do not work in my cisco 9200 series, i try using also Easy Performance Monitor (ezPM) also for the cisco 9200.not working.

Kindly assist with configuration set for netflow for 9200 switches.I am tasked to send a the netflow to a PRTG monitor.

lagapidis · April 14, 2020, 1:55pm

Hello Temitope

According to the following release notes for the 9200 switches, Cisco Performance Monitoring (PerfMon) is not supported.

However, it does support NBAR which can also be used for this. More information about this can be found here:

For information about how you can use netwflow take a look at the following lesson:

I hope this has been helpful!

Laz

raghu_kummar · February 3, 2022, 7:54am

Hi community!
I have installed graylog-server ( IP :192.168.122.129) on Ubuntu 18.0.4 server in gns3 appliance and tried collecting netflow v9 traffic configured from router R1 (IP :192.168.122.10) as demonstrated in the video. NETFLOW messages in the graylog-server.

mirko.brodersen · December 17, 2023, 12:48pm

Question about flow record, match and collect:

Hello guys, I want to know if Im correct here or if i have to think differently about that:

The match statement says of how we group a packets together as a flow, meaning that if i would only match on the destination address field that is a group of packets, regardless of the protocol we are using, eg. TCP, UDP, ICMP, etc. So in this case, regardless of the traffic, it would all be collected as a single flow, because we match only on the destination address.

For the collect statement: The collect statement says, what information we want to collect about these packets. Is that correct? Or is it, that the collect statement tells, how many flows we will have?

Errata: I think it should be determined trough the collect statements, in terms of “this traffic belongs to this flow, and this other traffic is a different flow”.

Thanks in advance!

Kind regards,
Mirko

lagapidis · December 20, 2023, 6:22am

Hello Mirko

The difference between the match and collect keywords in the context of CPM is a little bit nuanced and needs further explanation.

The match keyword is used to define criteria for classifying network traffic. When configuring a class map, the match statements specify the conditions that packets must meet to be considered part of the class. In the context of CPM, they define the flow, as you suggest in your post.

The collect keyword, on the other hand, is used for gathering statistics or metrics about the traffic that has been matched and classified into this flow. When you use the collect command, it enables the monitoring and recording of specific information about the traffic that has been matched using the match keyword.

There is another distinction between match and collect that is especially useful: Match criteria are considered key fields while collect parameters are considered nonkey fields.

A key field is a parameter or attribute used to categorize or classify network traffic. Examples of key fields include source and destination IP addresses, port numbers, protocol types, and more. These fields are used in match statements in class maps to define the criteria for traffic classification.

Nonkey fields, on the other hand, are additional data points that provide further information about the traffic but are not used for classifying the traffic into different classes. When you use the collect command, you can specify which nonkey fields to gather data on. These might include things like:

Packet lengths
Time stamps (to calculate flow duration)
TCP flags
Packet counts
Byte counts
Other flow-specific details that are not used for classification but are useful for monitoring and analysis purposes

So flows are defined using the match statement, and the information that is monitored about that flow is specified using the collect statement.

I hope this has been helpful!

Laz

davidilles · February 3, 2024, 1:27pm

Hello, everyone.

What exactly does the collect ipv4 destination prefix option do? I know that if we were to specify “address”, we’d be collecting the destination IP address but what exactly does the prefix option collect?

Thank you!

David

lagapidis · February 8, 2024, 1:09pm

Hello David

Let’s take a step back and see what all the commands that start with collect actually do. The collect command is used to specify additional fields to be recorded for each network traffic flow. These fields are called nonkey fields.

Key fields are used to define and identify a unique flow (like source/destination IP addresses, ports, protocol types). Nonkey fields provide supplementary information about each flow. They enrich the flow record but do not define the flow itself. So additional information about the specific flow is collected, but only as nonkey fields.

For example, the collect ipv4 destination prefix command you mentioned is used to gather statistics about destination IP address prefixes in the packets being monitored, as nonkey fields. The complete command syntax is:

collect ipv4 destination {address | {mask | prefix} [minimum-mask mask]}

Take a look at this Cisco command line reference documentation for more information on the specific command. The same document includes all of the collect commands as well.

I hope this has been helpful!

Laz