Flow

Flow monitoring is a network visibility technology that captures, analyzes, and exports detailed information about network traffic patterns using protocols such as NetFlow v5, NetFlow v9, and IPFIX (IP Flow Information Export). It provides comprehensive traffic analytics by collecting metadata about network conversations including source/destination addresses, ports, protocols, packet counts, byte counts, and timing information without examining actual packet payloads. Flow monitoring enables network administrators to perform capacity planning, security analysis, application performance monitoring, and billing by providing granular insights into network utilization patterns and application behavior.

Diagram

Classes

configuration (iosxe.devices)

Name	Type	Constraint	Mandatory	Default Value
flow	Class	`[flow]`	No

flow (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory
exporters	List	`[exporters]`	No
monitors	List	`[monitors]`	No
records	List	`[records]`	No

exporters (iosxe.devices.configuration.flow)

Name	Type	Constraint	Mandatory
name	String		Yes
description	String		No
destination_ip	IP		No
export_protocol	Choice	`netflow-v9`, `netflow-v5`, `ipfix`	No
option_application_attributes_timeout	Integer	min: `1`, max: `86400`	No
option_application_table_timeout	Integer	min: `1`, max: `86400`	No
option_interface_table_timeout	Integer	min: `1`, max: `86400`	No
option_sampler_table	Boolean	`true`, `false`	No
option_vrf_table_timeout	Integer	min: `1`, max: `86400`	No
source_loopback	Integer	min: `0`, max: `2147483647`	No
transport_udp	Integer	min: `0`, max: `65535`	No
template_data_timeout	Integer	min: `1`, max: `86400`	No

monitors (iosxe.devices.configuration.flow)

Name	Type	Constraint	Mandatory
name	String		Yes
description	String		No
exporters	List	String	No
cache_timeout_active	Integer	min: `1`, max: `604800`	No
cache_timeout_inactive	Integer	min: `1`, max: `604800`	No
record	String		No

records (iosxe.devices.configuration.flow)

Name	Type	Constraint	Mandatory
name	String		Yes
description	String		No
match	Class	`[match]`	No
collect	Class	`[collect]`	No

match (iosxe.devices.configuration.flow.records)

Name	Type	Constraint	Mandatory
application_name	Boolean	`true`, `false`	No
connection_client_ipv4_address	Boolean	`true`, `false`	No
connection_client_ipv6_address	Boolean	`true`, `false`	No
connection_server_ipv4_address	Boolean	`true`, `false`	No
connection_server_ipv6_address	Boolean	`true`, `false`	No
connection_server_transport_port	Boolean	`true`, `false`	No
flow_direction	Boolean	`true`, `false`	No
flow_observation_point	Boolean	`true`, `false`	No
interface_input	Boolean	`true`, `false`	No
ipv4_destination_address	Boolean	`true`, `false`	No
ipv4_protocol	Boolean	`true`, `false`	No
ipv4_source_address	Boolean	`true`, `false`	No
ipv4_tos	Boolean	`true`, `false`	No
ipv4_version	Boolean	`true`, `false`	No
ipv6_destination_address	Boolean	`true`, `false`	No
ipv6_protocol	Boolean	`true`, `false`	No
ipv6_source_address	Boolean	`true`, `false`	No
ipv6_version	Boolean	`true`, `false`	No
transport_destination_port	Boolean	`true`, `false`	No
transport_source_port	Boolean	`true`, `false`	No

collect (iosxe.devices.configuration.flow.records)

Name	Type	Constraint	Mandatory
connection_initiator	Boolean	`true`, `false`	No
connection_new_connections	Boolean	`true`, `false`	No
connection_server_counter_bytes_network_long	Boolean	`true`, `false`	No
connection_server_counter_packets_long	Boolean	`true`, `false`	No
counter_bytes_long	Boolean	`true`, `false`	No
counter_packets_long	Boolean	`true`, `false`	No
datalink_mac_source_address_input	Boolean	`true`, `false`	No
flow_direction	Boolean	`true`, `false`	No
interface_output	Boolean	`true`, `false`	No
timestamp_absolute_first	Boolean	`true`, `false`	No
timestamp_absolute_last	Boolean	`true`, `false`	No
transport_tcp_flags	Boolean	`true`, `false`	No

Examples

Example 1: The example below shows configuration to monitor IPv4 traffic flows based on specified match criteria and send it to a remote collector. It configures 1 monitor which associates a flow record and a flow exporter, and manage flow cache. Flow exporter contains information to send data to the remote collector with attirbutes like destination IP, source loopback, protocol, port, etc. The flow record defines the specifics fields to match and collect from network traffic flows.

iosxe:
  devices:
    - name: Device1
      configuration:
        flow:
          exporters:
            - name: exporter1
              description: My exporter
              destination_ip: 1.1.1.1
              export_protocol: ipfix
              option_application_attributes_timeout: 30
              option_application_table_timeout: 40
              option_interface_table_timeout: 50
              option_sampler_table: true
              option_vrf_table_timeout: 60
              source_loopback: 123
              transport_udp: 655
              template_data_timeout: 60
          monitors:
            - name: MON1
              description: My monitor
              exporters:
                - exporter1
              cache_timeout_active: 60
              record: FNF1
          records:
            - name: FNF1
              description: My flow record
              match:
                ipv4_source_address: true
                ipv4_destination_address: true
                ipv4_protocol: true
                ipv4_tos: true
                transport_source_port: true
                transport_destination_port: true
                interface_input: true
                flow_direction: true
              collect:
                interface_output: true
                counter_bytes_long: true
                counter_packets_long: true
                transport_tcp_flags: true
                timestamp_absolute_first: true
                timestamp_absolute_last: true