Cflowd Traffic Flow Monitoring Configuration Example

Last updated
Save as PDF

This article shows a straightforward example of configuring traffic flow monitoring.

Configuration Steps

You enable cflowd traffic monitoring with a centralized data policy, so all configuration is done on a vSmart controller. The following example procedure monitors all TCP traffic, sending it to a single collector:

Create a cflowd template to define the location of the collector and to modify cflowd timers:
vSmart(config)# policy cflowd-template test-cflowd-template
vSmart(config-cflowd-template-test-cflowd-template)# collector vpn 1 address 172.16.155.15 port 13322 transport transport_udp
vSmart(config-cflowd-template-test-cflowd-template)# flow-inactive-timeout 60
vSmart(config-cflowd-template-test-cflowd-template)# template-refresh 90
Create a list of VPNs whose traffic you want to monitor:
vSmart(config)# policy lists vpn-list vpn_1 vpn 1
Create a list of sites to apply the data policy to:
vSmart(config)# policy lists site-list cflowd-sites site-id 400,500,600
Configure the data policy itself:
vSmart(config)# policy data-policy test-cflowd-policy
vSmart(config-data-policy-test-cflowd-policy)# vpn-list vpn_1
vSmart(config-vpn-list-vpn_1)# sequence 1
vSmart(config-sequence-1)# match protocol 6
vSmart(config-match)# exit
vSmart(config-sequence-1)# action accept cflowd
vSmart(config-action)# exit
vSmart(config-sequence-1)# exit
vSmart(config-vpn-list-vpn_1)# default-action accept
Apply the policy and the cflowd template to sites in the overlay network:
vSmart(config)# apply-policy site-list cflowd-sites data-policy test-cflowd-policy
vSmart(config-site-list-cflowd-sites)# cflowd-template test-cflowd-template
Activate the data policy:
vSmart(config-site-list-cflowd-sites)# validate
Validation complete
vSmart(config-site-list-cflowd-sites)# commit
Commit complete.
vSmart(config-site-list-cflowd-sites)# exit configuration-mode
vSmart#

Full Example Configuration

Here is what the full example cflowd configuration looks like:

vSmart(config)# show configuration
apply-policy
 site-list cflowd-sites
  data-policy     test-cflowd-policy
  cflowd-template test-cflowd-template
 !
!
policy
 data-policy test-cflowd-policy
  vpn-list vpn_1
   sequence 1
    match
     protocol 6
    !
    action accept
     cflowd
    !
   !
   default-action accept
  !
 !
 cflowd-template test-cflowd-template
  flow-inactive-timeout 60
  template-refresh      90
  collector vpn 1 address 172.16.155.15 port 13322 transport transport_udp
 !
 lists
  vpn-list vpn_1
   vpn 1
  !
  site-list cflowd-sites
   site-id 400,500,600
  !
 !
!

Check the Cflowd Configuration

After you activate the cflowd configuration on the vSmart controller, you can check it with the show running-config policy and show running-config apply-policy commands on the vSmart controller. In addition, the configuration is immediately pushed down to the vEdge routers at the affected sites. You can view the pushed cflowd template with the show policy from-vsmart cflowd command. Here is the output from a router at site 500:

vEdge# show policy from-vsmart cflowd-template 
from-vsmart cflowd-template test-cflowd-template
 flow-active-timeout   30
 flow-inactive-timeout 60
 template-refresh      90
 collector vpn 1 address 172.16.155.15 port 13322 transport transport_udp

You can view all the pushed policy components with the show policy from-vsmart command:

vEdge# show policy from-vsmart 
from-vsmart data-policy test-cflowd-policy
 vpn-list vpn_1
  sequence 1
   match
    protocol 6
   action accept
    cflowd
  default-action accept
from-vsmart cflowd-template test-cflowd-template
 flow-active-timeout   30
 flow-inactive-timeout 60
 template-refresh      90
 collector vpn 1 address 172.16.155.15 port 13322 transport transport_udp
from-vsmart lists vpn-list vpn_1
 vpn 1

Check the Flows

On the vEdge routers affected by the cflowd data policy, various commands let you check the status of the cflowd flows.

To display information about the flows themselves:

vEdge# show app cflowd flows      
                                                            TCP                                                                                        TIME    
                                 SRC    DEST         IP     CNTRL  ICMP             EGRESS  INGRESS  TOTAL  TOTAL  MIN  MAX                            TO      
VPN  SRC IP       DEST IP        PORT   PORT   DSCP  PROTO  BITS   OPCODE  NHOP IP  INTF    INTF     PKTS   BYTES  LEN  LEN  START TIME                EXPIRE  
---------------------------------------------------------------------------------------------------------------------------------------------------------------
1    10.20.24.15  172.16.155.15  46772  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:31:45 2014  3       
1    10.20.24.15  172.16.155.15  46773  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:31:50 2014  8       
1    10.20.24.15  172.16.155.15  46774  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:31:55 2014  13      
1    10.20.24.15  172.16.155.15  46775  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:00 2014  18      
1    10.20.24.15  172.16.155.15  46776  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:05 2014  23      
1    10.20.24.15  172.16.155.15  46777  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:10 2014  28      
1    10.20.24.15  172.16.155.15  46778  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:15 2014  33      
1    10.20.24.15  172.16.155.15  46779  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:19 2014  38      
1    10.20.24.15  172.16.155.15  46780  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:25 2014  43      
1    10.20.24.15  172.16.155.15  46781  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:30 2014  48      
1    10.20.24.15  172.16.155.15  46782  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:35 2014  53      
1    10.20.24.15  172.16.155.15  46783  13322  0     6      2      0       0.0.0.0  0       0        1      78     78   78   Wed Nov 19 12:32:40 2014  58

To quickly get a count of the number of flows:

vEdge# show app cflowd flow-count 

VPN  count  
------------
1    12

To display flow statistics:

vEdge# show app cflowd statistics 

      data_packets             :      0 
      template_packets         :      0 
      total-packets            :      0 
      flow-refresh             :      123 
      flow-ageout              :      117 
      flow-end-detected        :      0 
      flow-end-forced          :      0

The following commands show information about the cflowd collectors and the cflowd template information that is sent to the collector:

vEdge# show app cflowd collector 

VPN  COLLECTOR IP   COLLECTOR  CONNECTION            IPFIX    CONNECTION  TEMPLATE  DATA     
ID   ADDRESS        PORT       STATE       PROTOCOL  VERSION  RETRY       PACKETS   PACKETS  
---------------------------------------------------------------------------------------------
1    172.16.155.15  13322      false       TCP       10       133         0         0        

vEdge# show app cflowd template 
app cflowd template name test-cflowd-template
app cflowd template flow-active-timeout 30
app cflowd template flow-inactive-timeout 60
app cflowd template template-refresh 90

Additional Information

Configuring Cflowd Traffic Flow Monitoring
Traffic Monitoring with Cflowd