6500 and 7600 series devices are designed and utilised to handle a large amount of packet data. Netflow sampling on a busy core or edge router in any setup can place a huge unwanted load on supervisor CPU’s. The below netflow configuration allows the ability to create an accurate measurement based on a single packet from a flow. So, from 1 single packet the remainder of a flow can be analysed and recorded.

Firstly enable netflow export as you would normally:

core2(config)#ip flow-export source (Source Interface)
core2(config)#ip flow-export version 5

Flush netflow sampling data to the exported destination every 1 minutes

core2(config)#ip flow-cache timeout active 1 

Next you should then enable flows and mls netflow sampling on all interfaces you wish to record data from

core2(config)#interface fa0/1
core2(config-if)#ip flow ingress
core2(config-if)#mls netflow sampling 

Finally, you should enable ‘mls’ as the above configuration is for the MSFC only:

core2(config)#mls netflow 

This enables the sending of mls netflow data
core2(config)#mls nde sender version 5

This will ensure more accurate statistics by setting a longer age time before a flow is ended
core2(config)#mls aging long 64
core2(config)#mls aging normal 32

The below will ensure that all necessary data regarding a flow is exported, i.e. source, destination, vlan etc. This will also configure sampling as previously mentioned in this article reducing CPU utilisation on your edge and core devices.

core2(config)#mls flow ip interface-full
core2(config)#mls nde interface
core2(config)#mls sampling packet-based 1024

Jay greig