show app cflowd flows
show app cflowd flows—Display cflowd flow information (on vEdge routers only).
Command Syntax
show app cflowd flows [vpn vpn-id]
show app cflowd flows [vpn vpn-id] [flow-parameter]
show app cflowd flows vpn vpn-id src-ip ip-address dest-ip ip-address src-port port-number dest-port port-number dscp value ip-proto protocol-number
vManage Equivalent
For vEdge routers only:
Monitor ► Network ► Real Time ► App Log Flows
Options
- None
- Display cflowd flow information for all flows.
- Flow Key Elements
- vpn vpn-id src-ip ip-address dest-ip ip-address src-port port-number dest-port port-number dscp value ip-proto protocol-number
Display cflowd flow information for a specific flow key element. You must specify all the key elements as shown in the syntax and in the order shown in the syntax. You can also just specify all the key elements until the last one that you are interested in, and again you must specify them in the order shown. For example, if you are interested only in filtering on the source and destination ports, you include only the VPN, source and destination addresses, and source and destination ports in the command; you can omit the last two key elements (DSCP and IP protocol). To select all values for a key elements, specify an asterisk (*) as a wildcard in place of the variable; for example, src-ip *. - Flow Parameter
- flow-parameter
Display the flow that matches the specified flow parameter. These parameters correspond to a number of the column headers in the output of the plain show app cflowd flows command. flow-parameter can be one of the following:
• egress-intf-name interface-name—Flow's outgoing interface.
• icmp-opcode value—Flow's ICMP operational code.
• ingress-intf-name interface-name—Flow's incoming interface.
• max-length bytes—Maximum IP packet length in the flow.
• min-length bytes—Minimum IP packet length in the flow.
• nhop-ip ip-address—IP address of the flow's next hop.
• start-time time—Flow's start time.
• tcp-cntrl-bits bit—Flow's TCP control bit value.
• time-to-expire seconds—Time until the flow expires.
• total-bytes number—Total number of bytes in the flow.
• total-packets number—Total number of packets in the flow. - VPN
- vpn vpn-id
Display cflowd information for flows in a specific VPN.
Output Fields
The time to expire is shown in seconds.
To display a list of the applications that correspond to the number in the APP ID field, issue the show app dpi supported-applications | tab command.
The other output fields are self-explanatory.
Example Output
vEdge# show app cflowd flows
TCP TIME
SRC DEST IP CNTRL ICMP TOTAL TOTAL MIN MAX TO EGRESS INGRESS APP
VPN SRC IP DEST IP PORT PORT DSCP PROTO BITS OPCODE NHOP IP PKTS BYTES LEN LEN START TIME EXPIRE INTF NAME INTF NAME ID
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
100 10.1.111.2 18.100.44.4 12345 6789 0 6 24 0 192.168.10.9 23 1902 70 155 Fri Sep 28 17:44:36 2018 45 ipsec1 ge0/3 1118
100 18.100.44.4 10.1.111.2 6789 12345 0 6 16 0 10.1.111.2 41 5914 40 1340 Fri Sep 28 17:39:56 2018 43 ge0/3 ipsec1 1118
vEdge# show app dpi supported-applications | tab | include 1118
apns application_service Apple Push Notification Service Application Service 1118
Release Information
Command introduced in Viptela Software Release 14.3.
Options for flow parameters and IP address, ports, DSCP, and protocol added in Release 15.4.