Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » NetFlow » Do you really need Flexible NetFlow
Trace: Do you really need Flexible NetFlow
netflow:whyfnf

This is an old revision of the document!

Do you really need Flexible NetFlow

Flexible NetFlow® (FNF) is a feature available in Cisco routers and switches. If you are running IOS 15 or later you should have it.

We see a lot of customers struggle to configure FNF correctly because it is a much more involved process. Common mistakes

  • Forgetting to match the input interface
  • Forgetting to match the output interface
  • Forget to add the counters needed
  • Error with matching the monitor to the exporter

What we found was most of these customers really did not need Flexible NetFlow at all. They just wanted a standard NetFlow telemetry. Instead they over complicated things with FNF. This article is for those customers who dont need the extra customization of FNF.

Go back to standard NetFlow

Here are instructions to revert the FNF and configure a standard NetfFlow v9 on all interfaces.

FNF has three objects

  1. Flow Records - defines the fields
  2. Flow Exporters - defines the collectors (ie software like Trisul NetFlow)
  3. Flow Monitors - combines and record+exporter and links to an interface

Use the following commands to list the above 

show flow monitor
show flow record
show flow exporter

Remove all these 

configure terminal
no flow monitor myFlowMonitor
no flow record myFlowRecord
no flow exporter myFlowExporter
exit

Then install the standard NetFlow v9 on all interfaces

The standard in NetFlow is to enable NetFlow on ingress on all interfaces. Use the range command as shown below

configure terminal interface range GigabitEthernet0/1 - 24 ip flow ingress exit ip flow-export version 9 ip flow-export destination 192.0.2.1 2055 exit

Now you should have the NetFlow v9 configured.

It collects these fields which should be sufficient for most customers

When you enable traditional NetFlow v9 on a Cisco ASR router, the template fields typically include a variety of key and non-key fields. Here are some common fields that you might see in a NetFlow v9 template:

Key Fields: Source IP address

Destination IP address

Source port

Destination port

Protocol

Input interface

Output interface

Non-Key Fields: Packet count

Byte count

Flow start timestamp

Flow end timestamp

Source AS (Autonomous System)

Destination AS

Source mask

Destination mask

TCP flags

Next hop IP address

netflow/whyfnf.1740737846.txt.gz · Last modified: 2025/02/28 15:47 by veera