Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » NetFlow » Do you really need Flexible NetFlow
Trace: Do you really need Flexible NetFlow
netflow:whyfnf

Do you really need Flexible NetFlow

Flexible NetFlow® (FNF) is a feature available in Cisco routers and switches. If you are running IOS 15 or later you should have it.

We see a lot of customers struggle to configure FNF correctly because it is a much more involved process. Common mistakes

  • Forgetting to match the input interface
  • Forgetting to match the output interface
  • Forget to add the counters needed
  • Error with matching the monitor to the exporter

What we found was most of these customers really did not need Flexible NetFlow at all. They just wanted a standard NetFlow telemetry. Instead they over complicated things with FNF. This article is for those customers who dont need the extra customization of FNF.

Go back to standard NetFlow

Here are instructions to revert the FNF and configure a standard NetfFlow v9 on all interfaces.

FNF has three objects

  1. Flow Records - defines the fields
  2. Flow Exporters - defines the collectors (ie software like Trisul NetFlow)
  3. Flow Monitors - combines and record+exporter and links to an interface

Use the following commands to list the above 

show flow monitor
show flow record
show flow exporter

Remove all these 

configure terminal
no flow monitor myFlowMonitor
no flow record myFlowRecord
no flow exporter myFlowExporter
exit

Then install the standard NetFlow v9 on all interfaces

The standard in NetFlow is to enable NetFlow on ingress on all interfaces. Use the range command as shown below 
configure terminal
interface range GigabitEthernet0/1 - 24
ip flow ingress
exit
ip flow-export version 9
ip flow-export destination 192.0.2.1 2055
exit

Now you should have the NetFlow v9 configured.

It collects these fields which should be sufficient for most customers

When you enable traditional NetFlow v9 on a Cisco ASR router, the template fields typically include a variety of key and non-key fields. Here are some common fields that you might see in a NetFlow v9 template:

Key Fields

  • Source IP address
  • Destination IP address
  • Source port
  • Destination port
  • Protocol
  • Input interface
  • Output interface

Non-Key Fields

  • Packet count
  • Byte count
  • Flow start timestamp
  • Flow end timestamp
  • Source AS (Autonomous System)
  • Destination AS
  • Source mask
  • Destination mask
  • TCP flags
  • Next hop IP address

That should do it for most folks. Use FNF only if required !!

netflow/whyfnf.txt · Last modified: 2025/02/28 15:49 by veera