But things move on and now we have the beginnings of something useful directly from the switches...and it looks pretty similar to our config templates!
So let's have a look at what code version we need on our switches...
On one of my access switches I've got IOS-XE 17.2.1 running...this seems to be a pretty good version of code for getting netflow data out of the switches (with a few caveats)
Next question is always...what version of code are you running on your netflow collector? Well we've see what can be done on LiveNX and on Cisco DNAC...
At the moment I'm running an early copy of the June release of DNAC...
Within our Provision->Inventory screen we now have integrated the Telemetry actions into the dropdowns...allowing us to set up Network Telemetry (ie AVC/FNF) on the switch without some clunky side options! Enable Application Telemetry will push the configs for FNF to the switch...
Here's the caveats :)
The FNF flow monitor will only be applied to switch port interfaces with 'lan' in the description (not a big fan but wth!)
And of course this only really applies to access switches - remember FNF within IOS-XE on switches can't be enabled on VLAN interfaces - only on switch ports!
Once this is done, and we push our Application Telemetry to the switches, we see the following config templates applied to all relevant interfaces...
flow record dnacrecord
match ipv4 version
match ipv4 protocol
match application name
match connection client ipv4 address
match connection server ipv4 address
match connection server transport port
match flow observation point
collect timestamp absolute first
collect timestamp absolute last
collect flow direction
collect connection initiator
collect connection client counter packets long
collect connection client counter bytes network long
collect connection server counter packets long
collect connection server counter bytes network long
collect connection new-connections
!
!
flow exporter 172.31.51.228
destination 172.31.51.228
transport udp 6007
!
!
flow exporter dnacexporter
destination 172.31.51.228
source Loopback0
transport udp 6007
export-protocol ipfix
option interface-table timeout 10
option vrf-table timeout 10
option sampler-table
option application-table timeout 10
option application-attributes timeout 10
!
!
flow monitor dnacmonitor
exporter dnacexporter
cache timeout inactive 10
cache timeout active 60
record dnacrecord
!
Note the app-table, int-table and vrf-table being sent every 10 minutes.
Also note (and this is a grumble) we don't see the DSCP values for the flows (within the flow record) - for me this is an important field as it gives us a great confirmation that the traffic is being marked correctly in and out of the network (imagine your voice traffic is only marked as EF in one direction but then not marked correctly as it is passed back into the network from the WAN...this can drastically affect the quality of the voice calls going through the network!). Hence seeing DSCP is highly desirable!
Also note the loopback is being used to send the netflow traffic back to DNAC (my assumption here is that having the netflow source tie up with DNAC's management interface IP address for the device is probably a good thing to tie the netflow data within Assurance to the device)
See the funky old non FNF flow exporter entry? Hopefully it's not being used! Not sure why it's getting put on the switch TBH!
So we can see the stats in DNAC Assurance and also look at the netflow cache data on the switch from the CLI using the normal 'show' commands...'show ip nbar protocol-discovery' and 'show flow mon dnacmonitor cache format csv'
Enjoy and stay safe out there!
Beards out! ? ; {}
