We shared some guides about the NetFlow-lite/NFLite before, such as the Cisco Catalyst 4948E NetFlow-lite/NFLite in Detail (first introduced with Catalyst 4948E), How to Use nProbe as NetFlow-Lite Aggregator/Collector?
NetFlow-lite bridges the gap by providing a lightweight solution that allows capturing of important flow information through packet sampling mechanisms combined with the extensibility of NetFlow version 9 and IPFIX.
CiscoNetFlow technology is one of the most scalable ways to provide this information throughout your network infrastructure.
NetFlow-Lite introduces traffic visibility on the Cisco Catalyst 2960-X, 2960-XR, 2960-CX, and 3560-CX Series Switches for the first time.
NetFlow-Lite collects packets randomly, classifies them into flows, and measures flow statistics as they pass through the switch. It is a true flow-based traffic-monitoring mechanism that conserves valuable forwarding bandwidth when exporting flow-based data for analysis and reporting. This export data provides visibility into traffic that is switched through the Cisco Catalyst 2960-X, 2960-XR, 2960-CX, and 3560-CX Series Switches.
What Is NetFlow-Lite Used for?
NetFlow-Lite offers network administrators and engineers the following capabilities:
- Unprecedented visibility: NetFlow-Lite provides real-time information about traffic flows from endpoints such as PCs, phones, IP cameras, etc. You can use this information for traffic monitoring of Layer 2 and Layer 3 traffic as well as capacity planning.
- Network planning: You can use NetFlow-Lite to capture data over a long period of time so that customers can understand traffic patterns, top talkers, top applications, etc. This feature provides accurate data to track and anticipate network growth and plan upgrades.
- Simplified troubleshooting: You can use NetFlow-Lite flow-based analysis techniques to understand traffic patterns, which can help in proactively detecting problems, troubleshooting efficiently, and resolving problems quickly.
NetFlow-Lite Capabilities
NetFlow-Lite provides a granular packet-sampling mechanism that is adjustable up to 1:32 and available for all interfaces. The implication is that a subset of all packets passing through the switch is selected for reporting. Figure 2 shows some of the data gathered by Cisco NetFlow-Lite.
Output from Cisco NetFlow-Lite
NetFlow-Lite on the Cisco Catalyst 2960-X, 2960-XR, 2960-CX, and 3560-CX Series Switches have the following capabilities:
- NetFlow-Lite is supported on all downlink and uplink ports.
- NetFlow-Lite is natively available with no additional hardware required.
- The sampling range is from 1:32 to 1:1022.
- The application measures 16,000 flows per switch.
- Physical ports and VLAN Interfaces (switched virtual interfaces [SVI]) are supported.
- NetFlow-Lite supports ingress flows only.
- Export using standards-based IP Information export (IPFIX) or Version 9 record format.
NetFlow-Lite Sampling Techniques
The sampling method of the traffic can be random or deterministic. Random sampling chooses one packet randomly out of a configured sample size, whereas deterministic sampling chooses the first packet out of a configured sample size. For example, for 1:32 sampling, deterministic mode would choose the 1st, 33rd, 65th, 97th, and so on packet coming into an interface, and random mode can choose the 5th, 39th, 72nd, 103rd, and so on packet coming into an interface. Random packet sampling is statistically more accurate than deterministic packet sampling.
Differences between Flexible NetFlow-Lite, Flexible NetFlow, and sFlow
Table1 below illustrates the differences between NetFlow-Lite, Flexible NetFlow, and sFlow.
Table1: Differences between NetFlow-Lite, Flexible NetFlow, and sFlow
| NetFlow-lite | Flexible NetFlow | sFlow | |
| Technology | Flow-based | Flow-based | Packet-based |
| Sampling | Sampling (1 in 32, configurable) | Every packet accounted for | Sampling (1 in hundreds to thousands*) |
| Export format | V9 and IPFIX | V5, V9 and IPFIX | sFlow v5 |
| Ecosystem | NetFlow Collector | NetFlow Collector | sFlow Collector |
| Availability | Cisco Catalyst 2960-X, 2960-XR, 2960-CX, and 3560-CX Series Switches, and Catalyst 4948E Ethernet Switch | Cisco Catalyst 3K, 4K, 6KCisco Nexus routers 7K, 2K, 1KV | Cisco Nexus 3K |
* Product support of sFlow may vary.
NetFlow-Lite Solution
The following steps illustrate NetFlow-Lite configuration on the Cisco Catalyst 2960-X, 2960-XR, 2960-CX, and 3560-CX Series Switches:
Step1. Configure a Flow Record, which defines the data collection. You can customize it for specific requirements. You can use the following example with most NetFlow collectors:
flow record v4
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect interface input
collect flow sampler
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
Step2. Configure a Flow Exporter, which defines where the collected data needs to be sent. Please refer to the NetFlow collector application user guides and manual for specific details such as port number, differentiated services code point (DSCP), and other options. The configuration follows:
flow exporter Replicator
description Exporter to Cisco Prime 2.0
destination 10.2.44.12
source GigabitEthernet1/0/1
dscp 16
template data timeout 60
option interface-table
Step3. Configure a Flow Monitor, which binds the flow record and exporter along with options to configure the flow cache:
flow monitor v4
record v4
exporter Replicator
cache timeout active 30
Step4. Configure a Flow Sampler. Define the sampling technique and sample size. The configuration follows:
sampler v4
mode random 1 out-of 32
Step5. Attach the Flow Monitor and Sampler to the interface:
interface GigabitEthernet1/0/1
ip flow monitor v4 sampler v4 input
Cisco Prime and Partner NetFlow Collector Applications
Cisco Prime Infrastructure can collect flow data from all Cisco devices including NetFlow-Lite data from Cisco Catalyst 2960-X, 2960-XR, 2960-CX, and 3560-CX Series Switches. It also uses an application visibility engine to determine well-known applications based on NetFlow collection (Figure 2).
NetFlow Capture on Cisco Prime Infrastructure
Partner collector applications such as ActionPacked LiveAction, Plixer Scrutinizer, and others have been tested with NetFlow-Lite, as illustrated in Figure3.
NetFLow Capture with Partner Applications
NetFlow-Lite Partner Program
The Cisco Catalyst 2960-X, 2960-XR, 2960-CX, and 3560-CX Series Switches have been tested with the leading NetFlow collector applications such as Cisco Prime, ActionPacked LiveAction, Plixer Scrutinizer, and many more solutions. Customers can now order these applications with the $0 FnF SKUs on the Cisco Catalyst 2960-X, 2960-XR, 2960-CX, and 3560-CX Series Switches price list.
Feature Support Information
Table1 illustrates the differences between NetFlow-Lite, Flexible NetFlow, and sFlow.
Table2. Lists the License and Software Requirements for Cisco Netflow-Lite
| Minimum License Required | Minimum Software Required | |
| Cisco Catalyst 2960-X | LAN Base | 15.0(2)EX |
| Cisco Catalyst 2960-XR | IP Lite | 15.0(2)EX1 |
| Cisco Catalyst 3560-CX | IP Base | 15.2(3)E |
| Cisco Catalyst 2960-CX | LAN Base | 15.2(3)E |
The info from https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/solution_overview_c22-728776.html
More Related…
