No flow from Cisco Nexus 7000 switch (netflow v9) gets through to Console OR "How to enable NetFlow on Cisco Nexus 7000 series NX-OS Switch"

Document ID : KB000020940
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

No flow from Cisco Nexus 7000 switch (netflow v9) gets through to Console.

Indicators:

  1. Last received flow timestamp for interfaces in console never gets updated.
  2. Error in NFAparserv10: Unknown V9 Flow Set IDs detected - couldn't read 1248 flows (100.0 percent) due to missing netflow template(s).

Solution:

How to enable NetFlow on Cisco Nexus 7000 series NX-OS Switch

Hardware Required: Nexus 7000 family
NX-OS Version: 4.0(2) or greater

Cisco's NX-OS NetFlow Configuration

Cisco's new NX-OS contains a completely different set of CLI commands versus the widely known IOS platform. With NX-OS, Netflow configuration is created by multiple mappings and record formats. These mappings and records are split into various types listed below. When moving from one section to the other, you should make sure you exit back to configuration mode form the sub-mode you are in.

IMPORTANT: VLAN interfaces that have DHCP relay enabled cannot supply inbound (ingress) NetFlow on Nexus 7000 switches. Cisco Bug ID: CSCtf36357.

Commands:

In global configuration:
feature netflow
flow timeout active 60
flow timeout inactive 59
flow timeout fast 64 threshold 30

Create Flow Record (only if not using the default flow record type):
flow record [nameOfFlowRecord]
match ip protocol
match ip tos
match transport source-port
match transport destination-port
match ipv4 source address
match ipv4 destination address
match input interface
match output interface
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last

Create Flow Exporter:
flow exporter [nameOfExporter]
destination [IPofHarvester]
source [interfaceName]
transport udp 9995
version 9
option exporter-stats timeout 60

NOTE: If using version 9 netflow, include the following command:
template data timeout 300

Create Flow Monitor (references Flow Exporter):
flow monitor [nameOfMonitor]
exporter [nameOfExporter]
record netflow-original

For each Interface:
ip flow monitor [nameOfMonitor] input OR 1 output

To enable Bridged Netflow on a VLAN(s):
ip flow monitor [nameOfMonitor] input OR 1 output

NOTE: You can enter a VLAN range prior to entering the command above (i.e. vlan 1 - 3967 instead of each vlan separately)

NOTE: NetFlow is not necessary to be configured on loopback interfaces as no routed traffic should be passing on that interface type.

NetFlow Debug Commands:

show flow [exporter | interface | monitor | record | timeout] - Displays general netflow statistics for the selected option
show hardware flow utilization module [module] - Displays information about Netflow utilization in hardware
show hardware flow ip - Displays the flow records currently in memory (cache).

Online Information: Official Cisco Nexus 7000 Series NX-OS NetFlow Configuration Guide

  1. If you are using ReporterAnalyzer 8.3 or greater, we recommend enabling both ip flow egress AND ip flow ingress on each interface and sub-interface.