6.6. Cflowd Configuration Command Reference

This command creates the context to configure cflowd.

The no form of this command removes all configuration under cflowd including the deletion of all configured collectors. This can only be executed if cflowd is in a shutdown state.

This command configures the maximum amount of time before an active flow is aged out of the active cache. If an individual flow is active for this amount of time, the flow is aged out and a new flow will be created on the next packet sampled for that flow.

Existing flows do not inherit the new active-timeout value if this parameter is changed while cflowd is active. The active-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.

The no form of this command resets the inactive timeout back to the default value.

This command enables cflowd analysis of the inner IP packet in a sampled GRE packet that is transiting the local router.

If the GRE packet terminates on the local node, the inner IP payload is analyzed and reported using existing IPv4 or IPv6 flow templates. This behavior is not affected by this command.

If this parameter is enabled and a GRE packet is transiting the local node, the inner payload is reported using the GRE Flow Template. (Template ID 308 or 309)

This behavior is only supported with V10 (IPFIX) collectors.

The no form of this command disables cflowd analysis of the inner IP packet in a sampled GRE packet.

This command specifies the maximum number of active flows to maintain in the flow cache table.

The no form of this command resets the number of active entries back to the default value.

This command defines a flow data collector for cflowd data. The IP address and version of the flow collector must be specified. The UDP port number is an optional parameter. If it is not set, the default of 2055 is used for all collector versions. To connect to an IPFIX (version 10) collector using the IPFIX default port, specify port 4739 when defining the collector. A maximum of 8 collectors can be configured.

The no form of this command removes the flow collector definition from the config and stops the export of data to the collector. The collector needs to be shut down to be deleted.

This command configures the type of aggregation scheme to be exported.

Specifies the type of data to be aggregated and to the collector.

To configure aggregation, you must decide which type of aggregation scheme to configure: autonomous system, destination prefix, protocol port, raw, source destination, or source prefix.

This can only be configured if the collector version is configured as V8.

The no form of this command removes all aggregation types from the collector configuration.

This command specifies that the aggregation data should be based on autonomous system (AS) information. An AS matrix contains packet and byte counters for traffic from either source-destination autonomous systems or last-peer to next-peer autonomous systems.

The no form of this command removes this type of aggregation from the collector configuration.

This command specifies that the aggregation data is based on destination prefix information.

The no form removes this type of aggregation from the collector configuration.

This command specifies that flows be aggregated based on the IP protocol, source port number, and destination port number.

The no form of this command removes this type of aggregation from the collector configuration.

This command configures raw (unaggregated) flow data to be sent in Version 5.

The no form of this command removes this type of aggregation from the collector configuration.

This command configures cflowd aggregation based on source and destination prefixes.

The no form of this command removes this type of aggregation from the collector configuration.

This command configures cflowd aggregation based on source prefix information.

The no form of this command removes this type of aggregation from the collector configuration.

This command defines whether the autonomous system (AS) information included in the flow data is based on the originating AS or external peer AS of the routes.

This option is only allowed if the collector is configured as Version 5 or Version 8.

The no form of this command resets the AS type to the default value.

This command creates a text description stored in the configuration file for a configuration context.

The no form of this command removes the description string from the context.

This command creates the CLI context to specify cflowd data filters. These filters allow the administrator to control which flows are sent or are not sent to an associated cflowd collector.

This command defines the address family for the flow types that should not be sent to the associated cflowd collector.

Multiple family types can be defined in this context to filter out multiple address families to a given collector.

The no form of this command removes the address family definition, allowing all address family types to be exported to the associated collector.

This command filters IPv4 flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing IPv4 flow data to be sent to the associated collector.

This command filters IPv6 flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing IPv6 flow data to be sent to the associated collector.

This command filters Layer 2 IP flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing Layer 2 IP flow data to be sent to the associated collector.

This command filters multicast IPv4 flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing multicast IPv4 flow data to be sent to the associated collector.

This command filters multicast IPv6 flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing multicast IPv6 flow data to be sent to the associated collector.

This command filters MPLS flow data from being sent to the associated collector.

The no form of this command removes the filter, allowing MPLS flow data to be sent to the associated collector.

This command allows the flow data from only specific router instances to be sent to the associated collector.

Multiple router instances can be configured by issuing the command multiple times with the different router-instances.

The no form of this command removes the specified router-instance restriction, which means flows from that router-instance will no longer be exported. If all router-instances are removed, then flows from all router instances are sent to the associated collector.

This command configures the flow data sent to the associated collector to be sent within the specified router context. If this parameter is not specified, flow data is exported using the management routing context.

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Unlike other commands and parameters where the default state is not indicated in the configuration file. The shutdown and no shutdown states are always indicated in system generated configuration files.

This command specifies the set of templates sent to the collector when using cflowd Version 9 or Version 10.

This command enables the inclusion of the ingress port ID into the hash algorithm used to distribute cflowd sample traffic to cflowd processes running on the 7950 XRS CPM. By including this new attribute, cflowd may see better distribution of flows across processing tasks if there is a limited number of IP interfaces on which sampling is performed, but those interfaces use LAGs with a large number of port members.

By enabling this option, the same flow may be captured multiple times if packets are received on multiple ingress ports.

This command is only applicable to cflowd running on a 7950 XRS platform.

The no form of this command removes the command from the configuration and disables the inclusion of the ingress port ID in the cflowd hash algorithm.

This command can be used to control how exports are generated by the cflowd process. The default behavior is for flow data to be exported automatically based on the active and inactive time-out values. The alternative mode is manual in which case flow data is only exported when the command “tools perform cflowd manual-export” is issued. The only exception is if the cflowd cache overflows, in which case the normal automatic export process is used.

This command specifies the amount of time, in seconds, that must elapse without a packet matching a flow in order for the flow to be considered inactive.

The no form of this command resets the inactive timeout back to the default of 15 seconds.

Existing flows will not inherit the new inactive-timeout value if this parameter is changed while cflowd is active. The inactive-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.

This command specifies the percentage of the flow cache entries removed when the maximum number of entries is exceeded. The entries removed are the entries that have not been updated for the longest amount of time.

The no form of this command resets the number of entries cleared from the flow cache on overflow to the default value.

This command specifies the rate (N) at which traffic is sampled and sent for flow analysis. A packet is sampled every N packets; for example, when sample-rate is configured as 1, then all packets are sent to the cache. When sample-rate is configured as 100, then every 100th packet is sent to the cache.

The no form of this command resets the sample rate to the default value.

This command specifies the interval for sending template definitions.

This command is used to export flow data using interface indexes (ifIndex values), which can be used directly as the index into the IF-MIB tables for retrieving interface statistics. Specifically, if this command is enabled, the ingressInterface (ID=10) and egressInterface (ID= 14) fields in IP flow templates used to export the flow data to cflowd version 9 and version 10 collectors will be populated with the IF-MIB ifIndex of that interface. In addition, for version 10 templates, two fields are available in the IP flow templates to specify the virtual router ID associated with the ingress and egress interfaces.

The no form of this command removes the command from the active configuration and causes cflowd to return to the default behavior of populating the ingress and egress interface ID with the global IF index IDs.