NetFlow Questions
If you are not sure about NetFlow, please read our NetFlow tutorial.
Quick review:
NetFlow is a network protocol to report information about the traffic on a router/switch or other network device. NetFlow collects and summaries the data that is carried over a device, and then transmitting that summary to a NetFlow collector for storage and analysis. An IP flow is based on a set of five, and up to seven, IP packet attributes, which may include the following:
+ Destination IP address
+ Source IP address
+ Source port
+ Destination port
+ Layer 3 protocol type
+ Class of Service (optional)
+ Router or switch interface (optional)
Question 1
Explanation
The “show ip flow export” command is used to display the status and the statistics for NetFlow accounting data export, including the main cache and all other enabled caches. An example of the output of this command is shown below:
| Router# show ip flow export Flow export v5 is enabled for main cache Exporting flows to 10.51.12.4 (9991) 10.1.97.50 (9111) Exporting using source IP address 10.1.97.17 Version 5 flow records 11 flows exported in 8 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures 0 export packets were dropped enqueuing for the RP 0 export packets were dropped due to IPC rate limiting 0 export packets were dropped due to output drops |
The “output drops” line indicates the total number of export packets that were dropped because the send queue was full while the packet was being transmitted.
Question 2
Explanation
In general, NetFlow requires CEF to be configured in most recent IOS releases. CEF decides which interface the traffic is sent out. With CEF disabled, router will not have specific destination interface in the NetFlow report packets. Therefore a NetFlow Collector cannot show the OUT traffic for the interface.
Question 3
Explanation
This command is used to display the current status of the specific flow exporter, in this case Flow_Exporter-1. For example
N7K1# show flow export
Flow exporter Flow_Exporter-1:
Description: Fluke Collector
Destination: 10.255.255.100
VRF: default (1)
Destination UDP Port 2055
Source Interface Vlan10 (10.10.10.5)
Export Version 9
Exporter Statistics
Number of Flow Records Exported 726
Number of Templates Exported 1
Number of Export Packets Sent 37
Number of Export Bytes Sent 38712
Number of Destination Unreachable Events 0
Number of No Buffer Events 0
Number of Packets Dropped (No Route to Host) 0
Number of Packets Dropped (other) 0
Number of Packets Dropped (LC to RP Error) 0
Number of Packets Dropped (Output Drops) 0
Time statistics were last cleared: Thu Feb 15 21:12:06 2015
Question 4
Explanation
The sampling mode determines the algorithm that selects a subset of traffic for NetFlow processing. In the random sampling mode, incoming packets are randomly selected so that one out of each n sequential packets is selected on average for NetFlow processing. For example, if you set the sampling rate to 1 out of 100 packets, then NetFlow might sample the 5th, 120th, 299th, 302nd, and so on packets. This sample configuration provides NetFlow data on 1 percent of total traffic. The n value is a parameter from 1 to 65535 packets that you can configure.
In the above output we can learn the number of packets that has been sampled is 10. The sampling mode is “random sampling mode” and sampling interval is 100 (NetFlow samples 1 out of 100 packets).
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/nfstatsa.html
Question 5
Explanation
The “ip flow-export destination 10.10.10.1 5858” command is used to export the information captured by the “ip flow-capture” command to the destination 10.10.10.1. “5858” is the UDP port to which NetFlow packets are sent (default is 2055). The syntax of this command is:
| ip flow-export destination ip-address [udp-port] [version 5 {origin-as | peer-as}] |
Question 6
Explanation
Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.
For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode:
Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)#
(Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_01.html#wp1314030)
Question 7
Question 8
Explanation
The following is an example of configuring an interface to capture flows into the NetFlow cache. CEF followed by NetFlow flow capture is configured on the interface:
| Router(config)# ip cef Router(config)# interface ethernet 1/0 Router(config-if)# ip flow ingress or Router(config-if)# ip route-cache flow |
Note: Either ip flow ingress or ip route-cache flow command can be used depending on the Cisco IOS Software version. Ip flow ingress is available in Cisco IOS Software Release 12.2(15)T or above.
Question 9
Question 10
Explanation
There are two primary methods to access NetFlow data: the Command Line Interface (CLI) with show commands or utilizing an application reporting tool. If you are interested in an immediate view of what is happening in your network, the CLI can be used. The other choice is to export NetFlow to a reporting server or what is called the “NetFlow collector”.
Question 11
Explanation
An example of configuring NetFlow data exporting is shown below:
| Router(config)#interface fa0/1 Router(config-if)#ip route-cache flow Router(config-if)#exit Router(config)#ip flow-export destination 10.1.1.1 2055 Router(config)#ip flow-export source fa0/2 //NetFlow will use Fa0/2 as the source IP address for the UDP datagrams sent to the NetFlow Collector Router(config)#ip flow-export version 5 Router(config)#ip flow-cache timeout active 1 //export flow records every minute. |
The most important parameter when configuring NetFlow is the destination where NetFlow sends data to. Other parameters can be ignored and they will use default values (except the command “ip route-cache flow” to enable NetFlow).
Question 12
Explanation
Below is an example of the “show ip cache flow” output:
Information provided includes packet size distribution (the answer says “IP packet distribution” but maybe it is “IP packet size distribution”); basic statistics about number of flows and export timer setting, a view of the protocol distribution statistics and the NetFlow cache.
Also we can see the flow samples for TCP and UDP protocols (including Total Flows, Flows/Sec, Packets/Flow…).
Question 13
Explanation
NetFlow Collector: collects flow records sent from the NetFlow exporters, parsing and storing the flows. Usually a collector is a separate software running on a network server. NetFlow records are exported to a NetFlow collector using User Datagram Protocol (UDP).
Question 14
Explanation
To configure multiple NetFlow export destinations to a router, use the following commands in global configuration mode:
Step 1: Router(config)# ip flow-export destination ip-address udp-port
Step 2: Router(config)# ip flow-export destination ip-address udp-port
The following example enables the exporting of information in NetFlow cache entries:
ip flow-export destination 10.42.42.1 9991
ip flow-export destination 10.0.101.254 1999
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/12s_mdnf.html
Question 15
Explanation
The distinguishing feature of the NetFlow Version 9 format is that it is template based -> Answer A is correct.
Reference: https://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html
Export bandwidth increases for version 9 (because of template flowsets) versus version 5 -> Answer D is correct.
Version 9 slightly decreases overall performance, because generating and maintaining valid template flowsets requires additional processing -> Answer E is not correct.
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/nfexpfv9.html
Question 16
Explanation
MPLS-aware NetFlow uses the NetFlow Version 9 export format. MPLS-aware NetFlow exports up to three labels of interest from the incoming label stack, the IP address associated with the top label, as well as traditional NetFlow data.
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsmnf24.html
you can find part of the questions from the exam in this dumps https://drive.google.com/open?id=0B5mAFqgydmCzak03eUlLMVgtQXM
I think the correct answer for Question 3 should be C as per this document from Cisco.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/command/fnf-cr-book/fnf-m1.html#wp2285123312
@Ciscokid
I believe you would be correct if it did not specify the name of the flow exporter ‘ “Flow_Exporter-1”
Smashed my route exam today, 9xx used the dumps from it libraries and tut.
Confirming the 440q dumps are valid.
Thanks all, done with the router. 440q dumps from IT-Libraries are valid. Practice the labs since the ips change on the exam
Please check Question 14.
Refer to the exhibit. How can you configure a second export destination for IP address
192.168.10.1?
A. Specify a different TCP port
B. Specify a different UDP port
C. Specify a VRF
D. Configure a version 5 flow-export to the same destination
E. Specify a different flow ID
B is incorrect, because you are unable to use the same IP address as flow-export destination, even if you use different UDP port.
It seems like C is correct.
Question 14 ..
Refer to the exhibit. How can you configure a second export destination for IP address
192.168.10.1?
La correcta es la B.
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/12s_mdnf.html
For Q14 :I think answer is B
Reference link: https://www.cisco.com/c/en/us/td/docs/ios/netflow/command/reference/nf_book/nf_01.html
Section:
The most common use of the multiple-destination feature is to send the NetFlow cache entries to two different destinations for redundancy. Therefore, in most cases the second destination IP address is not the same as the first IP address. The port numbers can be the same when you are configuring two unique destination IP addresses. If you want to configure both instances of the command to use the same destination IP address, you must use unique port numbers. You receive a warning message when you configure the two instances of the command with the same IP address. The warning message is, “%Warning: Second destination address is the same as previous address “.
The following example shows how to configure the networking device to export the NetFlow cache entry
to two different UDP ports on the same destination system:
Router(config)# ip flow-export destination 10.42.42.1 9991
Router(config)# ip flow-export destination 10.42.42.1 9992
%Warning: Second destination address is the same as previous address 10.42.42.1
so after warning message does it work? Anybody labbed it ?
About Q3. I guess the answer should be A. Explanation:
Yes, at the url mentioned above, Cisco says “To display Flexible NetFlow flow exporter status and statistics, use the show flow exporter command”. EXPORTER. But options C and D describes MONITOR both. So, C and D are incorrect.
Next, the status is not explicitly shown in the output, so B is not correct.
Next, the configuration (dst/src of IP/port) is explicitly shown in the output, so A is correct.
Q14:
Configuring Multiple NetFlow Export Destinations to a Router
To configure multiple NetFlow export destinations to a router, use the following commands in global configuration mode:
Router(config)# ip flow-export destination ip-address udp-port
Note Do not enter the same ip address twice. However, entering two different ip addresses with the same udp port number is configurable.
You are more fun than bubble wrap. It is rare to see a nice post like this one these days. That is a very good tip especially to those fresh to the blogosphere.
http://johnathanqjbsj.pages10.com
A network engineer executes the ipv6 flowset command. What is the result?
A.
Flow-label marking in 1280-byte or larger packets is enabled.
B.
Flow-set marking in 1280-byte or larger packets is enabled.
C.
IPv6 PMTU is enabled on the router.
D.
IPv6 flow control is enabled on the router.
What is the correct answer to this question?
After the 28th change, the previous question bank is useless. It depends on the latest 29th, and now if you want to prepare for the exam, you must find the question bank after the 29th.
W w w .
cciedumps.xyz/ccie_rs.php?utm_source=bbs&utm_medium=bbs
Marcus, Q3 – correct answer B.
show flow exporter exporter-name
(Optional) Displays the current status of the specified flow exporter.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/cfg-de-fnflow-exprts.html
please update there a question about netflow v9 and it has 2 answer
Alex, but we see Exporter Statistics too.
what does the “Show ip flow export” display?
A) Top Talkers
B) local status and Statistics
C) Sent Status and Statistics
D) export interface configuration
what is the correct choice because I’m not sure whether it’s B or C…. Please let me know your thoughts
show ip flow export command shows export interface configuration