Version 4.1 - 6.3 Netflow Part 1
I would say that you may probably get about two or three Netflow questions. The problem with this section of the blueprint is - will they be on Netflow version 5, version 9 or Flexible Netflow? The only way to prepare for this is to know all of that.
Here's a good place to start: NetFlow Configuration Guide
Version 9 is not backward-compatible with Version 5
Key fields that define a flow:
Source IP address
Destination IP address
Source port number
Destination port number
Layer 3 protocol type
Type of service (ToS)
Input logical interface
The key components of NetFlow are the NetFlow cache or data source that stores IP flow information and the NetFlow export or transport mechanism that sends NetFlow data to a network management collector such as the NetFlow Collection Engine.
Version 9--A flexible and extensible format, which provides the versatility needed for support of new fields and record types. This format accommodates new NetFlow-supported technologies such as Multicast, MPLS, and Border Gateway Protocol (BGP) next hop. The Version 9 export format enables you to use the same version for main and aggregation caches, and the format is extensible, so you can use the same export format with future features.
Version 5--A later enhanced version that adds BGP-AS information and flow sequence numbers. (Versions 2 through 4 were not released.) This is the most commonly used format.
The use of templates with the NetFlow Version 9 export format provides several other key benefits:
+ You can export almost any information from a router or switch, including Layer 2 through 7 information, routing information, and IP Version 6 (IPv6), IP Version 4 (IPv4), Multicast, and MPLS information.
+ Third-party business partners who produce applications that provide collector or display services for NetFlow are not required to recompile their applications each time a new NetFlow export field is added.
+ New features can be added to NetFlow more quickly, without breaking current implementations.
+ Netflow is "future proofed" because the Version 9 export format can be adapted to provide support for new and developing protocols and other non-NetFlow-based approaches to data collection.
Perform the following task to enable NetFlow on an interface.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip flow {ingress | egress}
5. exit
Configuration for Version 9:
SUMMARY STEPS
1. enable
2. configure terminal
3. ip flow-export destination {ip-address | hostname} udp-port
4. Repeat Step 3 once to configure an additional NetFlow export destination.
5. ip flow-export source interface-type interface-number
6. ip flow-export version 9 [origin-as | peer-as] [bgp-nexthop]
7. ip flow-export interface-names
8. ip flow-export template refresh-rate packets
9. ip flow-export template timeout-rate minutes
10. i p flow-export template options export-stats
11. ip flow-export template options refresh-rate packets
12. ip flow-export template options timeout-rate minutes
13. end
Example NetFlow version 5 configuration:
ip flow-export version 5 peer-as
ip flow-export destination 172.16.10.2 99
exit