Flow samplers are created as separate components in a router’s configuration. Flow samplers are used to reduce the load on the device that is running Flexible NetFlow by limiting the number of packets that are selected for analysis.
Samplers use random sampling techniques (modes); that is, a randomly selected sampling position is used each time a sample is taken.
Flow sampling exchanges monitoring accuracy for router performance. When you apply a sampler to a flow monitor, the overhead load on the router of running the flow monitor is reduced because the number of packets that the flow monitor must analyze is reduced. The reduction in the number of packets that are analyzed by the flow monitor causes a corresponding reduction in the accuracy of the information stored in the flow monitor’s cache.
Samplers are combined with flow monitors when they are applied to an interface with the ip flow monitor command.
Flow sampling can be configured to sample packets in a flow based on the configured mode. Specifically, under the sampler configuration, the command is:
mode {deterministic | random} 1 out-ofwindow-size
You choose one packet out of how many packets (which is essentially the window size) are sampled. You can also choose deterministic or random for the way that packet is chosen within the window.
So, if you choose deterministic and 1 packet out of every 10, then strictly, every tenth packet will be sampled.
If you choose random and 1 packet out of every 20, then for every 20 packets that arrive, one of those packets will be chosen randomly.
More information about the configuration and the behavior of a sampler can be found in the link I shared above.
Hi, I was trying to lab this up in CML but the configuration has changed.
To create a netflow exporter you must first do flow exporter[name]
Then you have to specify a destination server with destination [ip]
To specify a source you use the command below in exporter config mode. source [interface]
Then to specify the version you must do: export-protocol netflow-v9
all within flow exporter configuration mode
IOS-XE is the os
What you are describing is the methodology of configuration for Flexible NetFlow. In the lesson, the configuration shown is that of the more traditional NetFlow.
I went into CML and found that both methods are available. I am using the following version:
I am slightly confused about all the different NetFlow versions, how exactly are they different?
Also, I’ve often seen v9 being referred to as Flexible NetFlow? So once we configure FNF (Flex.NetFlow), we’re running v9 while normal NF is v5? So how does this work with the version that we can specify when exporting data? What if we run normal NF but specify the version as 9?
Indeed, the terminology is sometimes used in a way that can be confusing. Let me try to clarify.
NetFlow v5 was released way back in 1998 and became the most widely used, well supported, and mature version of NetFlow for a long time. v5 supports IPv4, TCP/UDP flows, BGP next hop and AS numbers among a wide range of other protocols and features. It does not however support IPv6, MPLS, VLAN tagging and others.
That’s where v9 came in, in 2004 to add support for these protocols and more. It also introduced a “template based” configuration approach making it much more flexible.
Now Flexible NetFlow or FNF, is an extension of v9 which allows custom flow definitions and filtering. v9 and FNF are not the same thing. FNF is a subset of v9, or an enhancement of v9 that delivers these additional capabilities. Although v9 and FNF are sometimes used interchangeably, it is incorrect to do so.
Now when you export data, you can specify the version of NetFlow you would like to export to. This affects the format of the exported data. For more information about that, take a look at the export version command as it appears in the following Cisco command line reference document:
