Displays the status of random sampled NetFlow including mode, packet interval, and number of packets matched for each flow sampler. See the ip flow egress command for more information. This command was replaced by the ip flow egress command. To enable NetFlow accounting with input filter sampling, use the netflow-sampler command in QoS policy-map class configuration mode. To disable NetFlow accounting with input filter sampling, use the no form of this command.
NetFlow accounting with input filter sampling cannot be run concurrently with ingress NetFlow accounting, egress NetFlow accounting, or random sampled NetFlow on the same interface, or subinterface. In order to run NetFlow accounting with input filter sampling, you must first disable ingress NetFlow accounting, egress NetFlow accounting, or random sampled NetFlow. You can assign only one NetFlow input filter sampler to a class. Assigning another NetFlow input filter sampler to a class overwrites the previous one.
Samplers, also known as filters, are based on classes, but they are enabled on interfaces. You assign a NetFlow input filters sampler to a class by using the netflow-sampler command in QoS policy-map class configuration.
You the use the service-policy command to attach the policy map you defined to one or more interfaces. The following example shows how to enable NetFlow accounting with input filter sampling for one class of traffic traffic with 10 as the first octet of the IP source address :.
The following output from the show flow-sampler command verifies that the NetFlow accounting with input filter sampling is active:. The following output from the show ip cache verbose flow command shows that combination of the access-list permit ip Specifies a packet interval for NetFlow accounting random sampling mode and enables the flow sampler map.
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. To enable applying of sampling scale equivalent to the configured platform sampling ratio on the software-switched flows exported by the NetFlow software, use the platform netflow rp sampling scale command in global configuration mode. To disable sampling of software-switched flows by the NetFlow software, use the no form of this command.
Use this command to scale the exported information for flows handled by the Route Processor RP equivalent to the platform sampling ratio. Without this command, a NetFlow collector assumes all flows exported by a router are uniformly sampled and multiplies the nonsampled RP flows by the sampling factor, and therefore overestimates the traffic handled by the RP. The applicable sampling scale is obtained from the Cisco specific router platform mls sampling command.
The platform configuration is accomplished using the mls netflow sampling command. Note If the division result is zero, the value 1 is substituted. The following example shows how to enable sampling for flows switched in the RP software:. To specify the level of reliability for the reliable export of NetFlow accounting information in NetFlow cache entries, use the reliability command in NetFlow ip flow export stream control transmission protocol SCTP configuration mode.
To return to the default behavior, use the no form of this command. IP address or hostname of the workstation to which you want to send the NetFlow information.
Configures guaranteed reliable, ordered delivery of messages to a export destination. This is the default behavior.
Specifies that each message is sent once. The message is not stored in a buffer and cannot be retransmitted if it is not received by the export destination.
Specifies the limit on the amount of memory the router will use to buffer messages while waiting for them to be acknowledged by the export destination.
Specifies the amount of memory that is available for the buffering of messages that have not been acknowledged by the export destination. Range: 1 to packets. If a stream is specified as unreliable, the packet is simply sent once and not buffered on the exporter at all. If the packet is lost en route to the receiver, the exporter is not notified and cannot re-transmit it.
When a stream is specified as partially reliable, a limit can be placed on how much memory should be dedicated to storing un-acknowledged packets. The limit is configurable. If the limit is exceeded and the router attempts to buffer another packet, the oldest un-acknowledged packet is discarded.
When SCTP discards the oldest unacknowledged packet a message called a forward-tsn transmit sequence number is sent to the export destination to indicate that this packet will not be received.
This prevents NetFlow from consuming all the free memory on a router when a situation has arisen which requires a large number of packets to be buffered, for example when you are experiencing long response times from an SCTP peer connection. When SCTP is operating in partially-reliable mode, the limit on how much memory should be dedicated to storing un-acknowledged packets should initially be set as high as possible.
The limit on how much memory should be dedicated to storing unacknowledged packets can be reduced if other processes on the router begin to run out of memory. Deciding on the best value for the limit on how much memory should be dedicated to storing un-acknowledged packets involves a trade off between avoiding starving other processes of the memory that they require to operate, and dropping SCTP messages that have not been acknowledged by the export destination.
When an SCTP connection is specified as unreliable, exported messages are sent once only and are not buffered. If the message is lost en route to the export destination, it cannot be retransmitted. Unreliable SCTP can be used when the export destination that you are using doesn't support UDP as a transport protocol for receiving NetFlow export datagrams, and you do not want to allocate the resources on your router required to provide reliable, or partially reliable, SCTP connections.
The following example shows how to configure the networking device to use full SCTP reliability:. The following example shows how to configure the networking device to use partial SCTP reliability, with a maximum value for the buffer limit of export packets:. The following example shows how to configure the networking device to use SCTP with no reliability:.
Configures a backup destination for the reliable export of NetFlow accounting information in NetFlow cache entries. Enables the reliable export of NetFlow accounting information in NetFlow cache entries. To display the status and statistics for random sampled NetFlow including mode, packet interval, and number of packets matched for each flow sampler , use the show flow-sampler command in user EXEC or privileged EXEC mode.
The following is sample output from the show flow-sampler command for all flow samplers:. The following is sample output from the show flow-sampler command for a flow sampler named mysampler Table 6 describes the fields shown in the displays. Support for this command on the Supervisor Engine 2 was extended to Release The output was changed to display the information about the NetFlow lookup mode state for fragments.
The output was changed to include the chassis number for virtual switch systems VSS only. This example shows how to display the information about the feature manager Netflow counters:. This example shows how to display the information about the feature manager Netflow patterns:. This example shows how to display the slot information about the feature manager Netflow:. This example shows how to display the information about the feature manager Netflow counters on a VSS:. This example shows how to display the slot information about the feature manager Netflow on a VSS:.
Optional Displays only the entries in the cache that match the prefix and mask combination. Optional Displays only the entries in the cache that match the interface type and number combination. The execute-on command was implemented on the Cisco platforms to include the remote execution of the show ip cache flow command.
Support for egress flow accounting was added, and the [ prefix mask ] and [ type number ] arguments were removed. Some of the content in the display of the show ip cache flow command uses multiline headings and multiline data fields. Figure 1 uses an example of the output from the show ip cache verbose flow to show how to associate the headings with the correct data fields when there are two or more lines of headings and two or more lines of data fields.
The first line of the headings is associated with the first line of data fields. The second line of the headings is associated with the second line of data fields, and so on.
When other features such as IP Multicast are configured, the number of lines in the headings and data fields increases. The method for associating the headings with the correct data fields remains the same.
To display this information on a distributed platform by use of the show ip cache flow command, you must enter the command at a line card prompt. The module num keyword and argument are supported on DFC-equipped modules only. To display NetFlow cache information using the show ip cache flow command on a Cisco series router that is running dCEF, enter the following sequence of commands:.
To display NetFlow cache information using the show ip cache flow command on a Cisco Series Internet Router, enter the following sequence of commands:. The following is a sample display of a main cache using the show ip cache flow command:. Table 7 describes the significant fields shown in the flow switching cache lines of the display.
Number of active flows in the NetFlow cache at the time this command was entered. Number of flow buffers that are allocated in the NetFlow cache, but were not currently assigned to a specific flow at the time this command was entered. Number of times the NetFlow code looked at the cache to cause entries to expire used by Cisco for diagnostics only. Standard time output hh:mm:ss since the clear ip flow stats privileged EXEC command was executed.
This time output changes to hours and days after the time exceeds 24 hours. Table 8 describes the significant fields shown in the activity by protocol lines of the display. IP protocol and the well-known port number. Note Only a small subset of all protocols is displayed. Number of flows in the cache for this protocol since the last time the statistics were cleared.
Average number of flows for this protocol per second; equal to the total flows divided by the number of seconds for this summary period. Average number of packets for the flows for this protocol; equal to the total packets for this protocol divided by the number of flows for this protocol for this summary period.
Average number of bytes for the packets for this protocol; equal to the total bytes for this protocol divided by the total number of packets for this protocol for this summary period. Average number of packets for this protocol per second; equal to the total packets for this protocol divided by the total number of seconds for this summary period.
Number of seconds from the first packet to the last packet of an expired flow divided by the number of total flows for this protocol for this summary period.
Number of seconds observed from the last packet in each nonexpired flow for this protocol until the time at which the show ip cache verbose flow command was entered divided by the total number of flows for this protocol for this summary period.
Table 9 describes the significant fields in the NetFlow record lines of the display. IP protocol "well-known" port number, displayed in hexadecimal format. Optional Displays only the entries in the cache that match the interface type and interface number combination. Displays the configuration of the autonomous system type of service ToS aggregation cache scheme.
Displays the configuration of the destination prefix aggregation cache scheme. Displays the configuration of the destination prefix ToS aggregation cache scheme. This command was modified to include new show output for ToS aggregation schemes. Some of the content in the display of the show ip cache flow aggregation command uses multiline headings and multiline data fields. Figure 2 uses an example of the output from the show ip cache verbose flow to show how to associate the headings with the correct data fields when there are two or more lines of headings and two or more lines of data fields.
If you enter the show ip cache flow aggregation command without the module num , the software-switched aggregation cache on the RP is displayed.
The following is a sample display of an autonomous system aggregation cache with the show ip cache flow aggregation as command:. The following is a sample display of an autonomous system aggregation cache for the prefix mask The following is a sample display of an destination prefix TOS cache with the show ip cache flow aggregation destination-prefix-tos command:.
The following is a sample display of an prefix port aggregation cache with the show ip cache flow aggregation prefix-port command:. The following is a sample display of an prefix port aggregation cache for the prefix mask The following is a sample display of an protocol port aggregation cache with the show ip cache flow aggregation protocol-port command:. Table 10 describes the significant fields shown in the output of the show ip cache flow aggregation command.
Table 10 Field Descriptions for the show ip cache flow aggregation command. Number of flow buffers that are allocated in the NetFlow cache, but are not currently assigned to a specific flow at the time this command is entered. Number of times the NetFlow code looked at the cache to cause entries to expire. Used by Cisco for diagnostics only. Autonomous system.
This is the source or destination AS number as appropriate for the keyword used. For example, if you enter the show ip cache flow aggregation destination-prefix-tos command, this is the destination AS number. Average number of bytes observed for the packets seen for this protocol total bytes for this protocol or the total number of flows for this protocol for this summary period.
The time in seconds that this flow has been active at the time this command was entered. Specifies the source or destination prefix mask for a NetFlow accounting prefix aggregation cache. The execute-on command was implemented on the Cisco platforms to include the remote execution of the show ip cache verbose flow command. The output was changed to add fragment offset FO information on the Supervisor Engine only. Use the show ip cache verbose flow command to display flow record fields in the NetFlow cache in addition to the fields that are displayed with the show ip cache flow command.
The values in the additional fields that are shown depend on the NetFlow features that are enabled and the flags that are set in the flow. Note The flags, and therefore the fields, might vary from flow to flow. Some of the content in the display of the show ip cache verbose flow command uses multiline headings and multiline data fields. Figure 3 uses an example of the output from the show ip cache verbose flow to show how to associate the headings with the correct data fields when there are two or more lines of headings and two or more lines of data fields.
When the NetFlow Multicast Support feature is enabled, the show ip cache verbose flow command displays the number of replicated packets and the packet byte count for NetFlow multicast accounting. The NetFlow bgp-nexthop command can be configured when either the Version 5 export format or the Version 9 export format is configured.
The following caveats apply to the bgp-nexthop command:. If you want to use the show ip cache verbose flow command to display this information on a distributed platform, you must enter the command at a line card prompt. To display detailed NetFlow cache information on a Cisco series router that is running distributed Cisco Express Forwarding, enter the following sequence of commands:. To display detailed NetFlow cache information on a Gigabit Switch Router, enter the following sequence of commands:.
The following is sample output from the show ip cache verbose flow command:. The preceding output shows the percentage distribution of packets by size. In this display, The next section of the output can be divided into three sections. The section and the table corresponding to each are as follows:. Table 11 describes the significant fields shown in the NetFlow cache section of the output.
Number of flow buffers that are allocated in the NetFlow cache but that were not assigned to a specific flow at the time this command was entered. Number of times the NetFlow code caused entries to expire used by Cisco for diagnostics only. The period of time that has passed since the clear ip flow stats privileged EXEC command was last executed.
The standard time output format of hours, minutes, and seconds hh:mm:ss is used for a period of time less than 24 hours. Table 12 describes the significant fields shown in the activity by protocol section of the output. Table 13 describes the significant fields in the NetFlow record section of the output. Source port number displayed in hexadecimal format , IP address mask, and autonomous system number.
The value of this field is always set to 0 in MPLS flows. Destination port number displayed in hexadecimal format , IP address mask, and autonomous system.
This is always set to 0 in MPLS flows. Note This value is updated when a datagram with a lower value is received. Note This value is updated when a datagram with a higher value is received. Value of the fragment offset field from the first fragmented datagram in the second flow. The following example shows the NetFlow output from the show ip cache verbose flow command in which the sampler, class ID, and general flags are set. What is displayed for a flow depends on what flags are set in the flow.
If the flow was captured by a sampler, the output shows the sampler ID. If any general flags are set, the output includes the flags. Table 14 describes the significant fields shown in the NetFlow output for a sampler, for an MQC policy class, and for general flags.
ID of the sampler that captured the flow. The sampler ID in this example is 1. The class ID in this example is 1.
General flow flag shown in hexadecimal format , which is either the bitwise or one or more of the following:. If this bit is not set, the flow is an input [or ingress] flow.
The following example shows the NetFlow output from the show ip cache verbose flow command when NetFlow BGP next-hop accounting is enabled:. Table 15 describes the significant fields shown in the NetFlow BGP next-hop accounting lines of the output. The following example shows the NetFlow output from the show ip cache verbose flow command when NetFlow multicast accounting is configured:. Table 16 describes the significant fields shown in the NetFlow multicast accounting lines of the output.
Position of the MPLS label in the label stack, starting with 1 as the top label. Value of the end-of-stack bit. Set to 1 for the oldest entry in the stack and to 0 for all other entries.
Connects to a specific line card for the purpose of executing monitoring and maintenance commands on that line card only. The exp-bgp-prefix aggregation cache was added. Use the show ip cache verbose flow aggregation command to display flow record fields in the NetFlow aggregation cache in addition to the fields that are displayed with the show ip cache flow aggregation command. Some of the content in the display of the show ip cache verbose flow aggregation command uses multiline headings and multiline data fields.
Figure 4 uses an example of the output from the show ip cache verbose flow to show how to associate the headings with the correct data fields when there are two or more lines of headings and two or more lines of data fields. To display detailed NetFlow cache information on a Cisco Series Internet Router, enter the following sequence of commands:.
The following is a sample display of an prefix port aggregation cache with the show ip cache verbose flow aggregation prefix-port command:. Table 18 describes the significant fields shown in the output of the show ip cache verbose flow aggregation prefix-port command. Table 18 show ip cache verbose flow aggregation Field Descriptions.
The following is a sample display of an exp-bgp-prefix aggregation cache with the show ip cache verbose flow aggregation exp-bgp-prefix command:.
Table 19 describes the significant fields shown in the output of the show ip cache verbose flow aggregation exp-bgp-prefix command. Table 19 show ip cache verbose flow aggregation Field Descriptions. Note This value is set to zero on the Cisco To display the status and the statistics for NetFlow accounting data export, including the main cache and all other enabled caches, use the show ip flow export command in user EXEC or privileged EXEC mode.
Optional Displays the current values for the SCTP fail-over and restore-time timers in addition to the status and statistics that are displayed by the show ip flow export sctp command.
Optional Displays the data export statistics such as template timeout and refresh rate for the template-specific configurations. The output was changed to include information about NDE for hardware-switched flows. The sctp and verbose keywords were added. The output was modified to display the data export version and aggregation cache scheme.
The nbar keyword was added. The following is sample output from the show ip flow export command with NetFlow export over User Datagram Protocol UDP the default NetFlow export transport protocol configured on the networking device:.
Table 20 describes the significant fields shown in the display of the show ip flow export command. Exporting using source IP address or Exporting using source interface. Note The source interface is used when you have configured the ip flow-export source interface-type interface-number command.
Note The indented lines below the name of the NetFlow aggregation cache indicate the export parameters that are configured for this cache. Indicates the total number of export packets datagrams sent over UDP, and the total number of flows contained within them. Displays the total number of export packets messages sent over SCTP, and the total number of flows contained within them.
Note SCTP is a message-oriented transport protocol. Therefore, SCTP traffic is referred to as messages instead of datagrams. Indicates the number of flows that failed because no memory was available to create an export packet. The packet could not be processed by Cisco Express Forwarding or by fast switching. Indicates the number of packets that Cisco Express Forwarding was unable to switch, or forward to the process level.
Indicates the number of packets that were dropped because of problems constructing the IP packet. Indicates the number of times that there was a problem transferring the export packet between the RP and the line card. Indicates the number of times the packets were dropped when the send queue was full. The primary SCTP export destinations are active:. Table 21 describes the significant fields shown in the display of the show ip flow export sctp and the show ip flow export sctp verbose commands.
Indicates the type of cache, the IP address and port number used to reach the destination, and the level of reliability for the association:. Note The reliability options are full and none. Note If this is a backup SCTP export destination configured for fail-over mode, you see an additional message indicating how long the association has been active.
For example, active for The backup SCTP export destination is being used. Note The fact that the association is established does not mean that it is being used to export NetFlow data. Indicates the total number of export packets messages sent over SCTP, and the total number of flows contained within them. The period of time that the networking device waits after losing connectivity to the primary SCTP export destination before attempting to use a backup SCTP export destination.
Note This field is displayed when you use the verbose keyword after the show ip flow export sctp command. The period of time that the networking device waits before reverting to the primary SCTP export destination after connectivity to it has been restored. Indicates the type of cache configures, the destination address and port number for the SCTP export, and the level of reliability for the association:.
The following is sample output from the show ip flow export template command:. Table 22 describes the significant fields shown in the display of the show ip flow export template command. Indicates the number of Flow Templates and Option Templates that have been added since Version 9 export was first configured.
The value in this field is the sum of the "Flow Templates added" and the "Option Templates added" fields. The value is incremented when a new template is created, because each template requires a unique ID. Sum of the values in the "Flow Templates active" and "Option Templates" active fields. The value in this field is incremented when a new data template or option template is created.
When a new data template is created, this count, the "Total active Templates," the "Flow Templates added,"and the "Total number of Templates added" counts are all incremented. Note When a data template is removed, only the "Flow Templates active" count and the "Total active Templates" count are decremented. The value is incremented when a new flow template is created, because each template requires a unique ID. Indicates the number of option templates which are currently in use for Version 9 options export.
Configuring a new option increments this count and also the "Total active Templates," the "Option Templates added," and the "Total number of Templates added" counts. Removing unconfiguring an option decrements only the "Option Templates active" count and the "Total active Templates" count. Indicates the number of Option Templates that have been added since Version 9 export was first configured. The count is incremented when a new option template is created, because each template requires a unique ID.
The number of times, since Version 9 export was configured, that the data template ager has run. The template ager checks up to 20 templates per invocation, resending any that need refreshed.
The number of times, since Version 9 export was configured, that the option template ager has run. Template timeout—The interval in minutes that the router waits after sending the templates flow and options before they are sent again. You can specify from 1 to minutes. The default is 30 minutes. You can specify from 1 to packets. The default is 20 packets. NetFlow export Version 9 is enabled for the NetFlow destination-prefix aggregation cache.
The following example displays the additional line in the show ip flow export command output when the verbose keyword is specified and MPLS PAL records are being exported to a NetFlow collector:.
In this example, the additional line of output precedes " flows exported in UDP datagrams. The following example shows the sample output of the show ip flow export nbar command:. The documentation for the show ip flow top command was merged with the show ip flow top-talkers command in Cisco IOS Release Optional Specifies the number of top talkers to show in the display. The range is 1 to Optional The combination of the aggregate and the aggregate-field keywords and arguments specifies which field to aggregate for the display output.
See Table Optional Specifies which field to sort by. If this keyword is specified, you must select one of the following keywords:. Optional The combination of the match , match-field , and match-value keywords and arguments specifies the field from the flows - and the value in the field - to match. The show ip flow top-talkers number command string displays output in descending order based on the value in the sorted-by field.
The show ip flow top-talkers number command string displays data from the main NetFlow cache. The show ip flow top command was merged into the show ip flow top-talkers command. You must have NetFlow configured before you can use the show ip flow top-talkers command. The show ip flow top-talkers command can be used to display statistics for unaggregated top flows or aggregated top talkers.
Prior to Cisco IOS release In Cisco IOS release Refer to the following sections for more information on using either of these methods:. When you use the show ip flow top-talkers command in releases prior to Cisco IOS release Note The sort-by and top commands must be configured before you enter the show ip flow top-talkers [ verbose ] command. Optionally, the match command can be configured to specify additional matching criteria.
Refer to the configuration documentation for the " NetFlow MIB and Top Talkers " feature for more information on using the top , sort-by , and match commands. This method of viewing flow statistics is useful for identifying the unique flows that are responsible for the highest traffic utilization in your network. For example, if you have a centralized WEB server farm and you want to see statistics for the top 50 flows between your servers and your users regardless of the network protocol or application in use, you can configure top 50 and use the show ip flow top-talkers verbose command to view the statistics from the 50 top flows.
Tip If you want to limit the flows that are displayed to specific protocols or IP addresses, you can configure match criteria with the match command. Displaying information on individual top flows will not provide you with a true map of your network utilization when the highest volume application or protocol traffic on your network is being generated by a large number of users who are sending small amounts of traffic.
For example, if you configure top 10 and there are ten or more users generating more FTP traffic than any other type of traffic in your network, you will see the FTP traffic as the top flows even though there might be 10, users using HTTP to access web sites at much lower individual levels of network utilization that account for a much larger aggregated traffic volume. In this situation you need to aggregate the traffic patterns across flows using the show ip flow top-talkers [ number ] command string as explained in the "Aggregated Top Talkers—Cisco IOS Releases The timeout period as specified by the cache-timeout command does not start until the show ip flow top-talkers command is entered.
From that time, the same top talkers are displayed until the timeout period expires. To recalculate a new list of top talkers before the timeout period expires, you can change the parameters of the cache-timeout , top , or sort-by command prior to entering the show ip flow top-talkers command.
A long timeout period for the cache-timeout command limits the system resources that are used by the NetFlow MIB and Top Talkers feature. However, the list of top talkers is calculated only once during the timeout period.
If a request to display the top talkers is made more than once during the timeout period, the same results are displayed for each request, and the list of top talkers is not recalculated until the timeout period expires. A short timeout period ensures that the latest list of top talkers is retrieved; however too short a period can have undesired effects:.
You should configure a timeout period for at least as long as it takes the network management system NMS to retrieve all the required NetFlow top talkers. A good method to ensure that the latest information is displayed, while also conserving system resources, is to configure a large value for the timeout period, but cause the list of top talkers to be recalculated by changing the parameters of the cache-timeout , top , or sort-by command prior to entering the show ip flow top-talkers command to display the top talkers.
Changing the parameters of the cache-timeout , top , or sort-by command causes the list of top talkers to be recalculated upon receipt of the next command line interface CLI or MIB request.
The show ip flow top command was merged with the show ip flow top-talkers command in Cisco IOS release The two commands were merged to make it easier for you to display cache information on either unaggregated top flows, or aggregated top talkers, using the same root command. The CLI help for the show ip flow top-talkers command was modified to help you differentiate between the two command formats. When you use the show ip flow top-talkers [ number ] command the display output will consist of aggregated statistics from the flows aggregated top talkers for the number of top talkers that you specified with the number argument.
Unlike the show ip flow top-talkers [ verbose ] command, the show ip flow top-talkers [ number ] command string does not require:. You can use the show ip flow top-talkers [ number ] command string immediately after enabling NetFlow on at least one interface in the router.
The information in the display output of the show ip flow top-talkers [ number ] command string always contains the latest, most up-to-date information because it is not cached. The arguments that are available with the show ip flow top-talkers [ number ] command enable you to quickly modify the criteria to be used for generating the display output.
For additional usage guidelines on displaying statistics for aggregated top talkers using the show ip flow top-talkers [ number ] command string, see the following sections:.
Using the show ip flow top-talkers command to display the aggregated statistics from the flows on a router for the highest volume applications and protocols in your network helps you identify, and classify, security problems such as a denial of service DoS attacks because DoS attack traffic almost always show up as one of the highest volume protocols in your network when a DoS attack is in progress.
Displaying the aggregated statistics from the flows on a router is also useful for traffic engineering, diagnostics and troubleshooting. The data in the display output from the show ip flow top-talkers command is not flow centric. You cannot identify individual flows with the show ip flow top-talkers command.
For example, when you use the show ip flow top-talkers 5 aggregate destination-address command:. If you do not use any of the optional parameters the show ip flow top-talkers command displays the aggregated statistics from the flows on the router for the aggregation field that you enter.
For example, to aggregate the flows based on the destination IP addresses, and display the top five destination IP addresses, you use the show ip flow top-talkers 5 aggregate destination-address command. You can limit the display output by adding an optional match criterion. For example, to aggregate the statistics from the flows based on the destination IP addresses, and display the top five destination IP addresses that contain TCP traffic, you use the show ip flow top-talkers 5 aggregate destination-address match protocol tcp command.
You can change the default sort order of the display output by using the sorted-by keyword. For example, to aggregate the statistics from the flows based on the destination IP addresses, and display the top five destination IP addresses that contain TCP traffic sorted on the aggregated field in ascending order, you use the show ip flow top-talkers 5 aggregate destination-address sorted-by aggregate ascending match protocol tcp command.
Tip This usage of the show ip flow top-talkers 5 aggregate destination-address sorted-by aggregate ascending match protocol tcp command string is useful for capacity planning because it shows the smallest flows first. The smallest flows indicate the minimum amount of capacity that you need to provide. Table 23 shows the keywords and descriptions for the aggregate-field argument of the show ip flow top-talkers number aggregate aggregate-field command.
You must enter one of the keywords from this table. Flows that have the same value in the destination-address field are aggregated. Flows that have the same value in the destination-interface field are aggregated.
Flows that have the same value in the icmp-type and icmp code fields are aggregated. Flows that have the same value in the incoming-mac address field are aggregated. Flows that have the same value in the ip-nexthop-address field are aggregated. Flows that have the same value in the outgoing-mac address field are aggregated. Table 24 shows the keywords, arguments, and descriptions for the match-field match-value arguments for the show ip flow top-talkers number aggregate aggregate-field match match-field match-value command.
These keywords are all optional. I realize I issued "no ip route-cache". That disables both cef and fast switching. It seems, if cef is enabled, then fast-switching has to be enabled too.
We can either turn cef, or turn off both cef and fast switching. I guess if we turn off both cef and fast switching, then only process switching is enabled.
In other words, process switching is always enabled. R6 config-if no ip route-cache? R6 config-if no ip route-cache. Issue the no ip route-cache command on the outbound interface to disable fast switching. Packets on the matching inbound interface are process switched. If you encounter a technical issue on the site, please open a support case.
Communities: Chinese Japanese Korean. All Rights Reserved. The Cisco Learning Network. Thank You! Rate and give feedback:. This document helped resolve my issue Yes No. Additional Comments characters remaining. May we contact you if necessary? Need product assistance?
0コメント