Multicast traffic monitoring

    NetFlow Analyzer shows the Multicast traffic information that passes through the interface. This option needs addition configuration in the device to export the multicast traffic information.

    IP Multicasting allows a host to send packets to a specific group of hosts. These hosts are called group members. In a multicast environment, packets delivered to group members are identified by a single multicast group address. A group of hosts consists of both senders and receivers. Any host, regardless of whether it is a member of a group, can send to a group. However, only the members of a group receive the message. NetFlow Analyzer displays IP Multicasting reports based on volume, speed, utilization and packets.

    Multicast traffic monitoring

    Enabling Multicast routing in Cisco routers

    Follow the commands below to be enable Multicast on Cisco routers:

    (config) ip multicast-routing
    (config) ip multicast netflow output-counters
    (config) ip multicast netflow rpf-failure
    (config) interface fastethernet 0/0
    (config-if) ip multicast netflow egress
    IP Multicasting can be viewed using the Flexible NetFlow, including the multicasting fields in exports. Given below is an example to export the flows.

    Configuring Flow Exporter

    cisco_281(config)#flow exporter FNFexp
    cisco_281(config-flow-exporter)#destination 192.168.116.80
    cisco_281(config-flow-exporter)#source fastEthernet 0/0
    cisco_281(config-flow-exporter)#transport udp 9996
    cisco_281(config-flow-exporter)#version 9

    Configuring Flow Record

    cisco_281(config)#flow record FNFREC
    cisco_281(config-flow-record)#match routing is-multicast
    cisco_281(config-flow-record)#match ipv4 protocol
    cisco_281(config-flow-record)#match ipv4 source address
    cisco_281(config-flow-record)#match ipv4 destination address

    cisco_281(config-flow-record)#match transport source-port
    cisco_281(config-flow-record)#match transport destination-port
    cisco_281(config-flow-record)#collect routing multicast replication-factor
    cisco_281(config-flow-record)#collect routing forwarding-status
    cisco_281(config-flow-record)#collect ipv4 dscp
    cisco_281(config-flow-record)#collect ipv4 ttl
    cisco_281(config-flow-record)#collect ipv4 source mask
    cisco_281(config-flow-record)#collect ipv4 destination mask
    cisco_281(config-flow-record)#collect interface input
    cisco_281(config-flow-record)#collect interface output
    cisco_281(config-flow-record)#collect counter bytes
    cisco_281(config-flow-record)#collect counter packets
    cisco_281(config-flow-record)#collect counter bytes replicated
    cisco_281(config-flow-record)#collect counter packets replicated
    cisco_281(config-flow-record)#collect timestamp sys-uptime first
    cisco_281(config-flow-record)#collect timestamp sys-uptime last

    Configuring Flow Monitor

    cisco_281(config)#flow monitor FNFMON
    cisco_281(config-flow-monitor)#exporter FNFEXP
    cisco_281(config-flow-monitor)#record FNFREC
    cisco_281(config-flow-monitor)#cache timeout active 1
    cisco_281(config-flow-monitor)#cache timeout inactive 15

    Once the configuration is done and saved, flows will be exported to the server where NetFlow Analyzer is installed. NetFlow Analyzer is based on automatic discovery and so the NetFlow exporting devices are automatically discovered and reports are generated within seconds of receiving the flows.