Configuring Traffic Monitors Via Cisco SD-WAN

Cisco SD-WAN environments require a different configuration approach for network flow compared to standalone IOS-XE or Nexus devices. In SD-WAN deployments, you configure a centralized Cflowd policy through the Cisco SD-WAN Manager (formerly vManage), rather than manually configuring individual devices.

See the Cisco documentation titled Cisco SD-WAN Policies Configuration Guide for Cisco IOS XE Release 17.x for instructions to set up and configure Cflowd. Refer to the example below to create a Cflowd policy for your sites.

Notes for Cisco SD-WAN networking platform:

  • For Cisco SD-WAN environments that use Cisco Catalyst SD-WAN, see Traffic Monitor Requirements.

  • The forwarder used for Traffic Insights must have SNMP read-only access to the devices that are sending Cflowd.

  • If this is a new network device, you may have to create a feature template for it. Additionally, make sure sites are already created before following the steps listed below as they will be assigned to the Cflowd policy.

Create Cflowd Policy Via UI

Locate or Create a Centralized Policy

Locate the centralized default policy in your Cisco SD-WAN manager. If you do not have one, you need to create one. In the following example, you create a policy called "Default_Central_Policy".

  1. Go to Configuration > Policies > Centralized Policies > Default_Central_Policy.

  2. Select "..." (ellipsis).

  3. Click Edit.

    Cisco Catalyst SD-WAN Screen

  4. Select Traffic Rules as shown in the figure above.

    Traffic rules screen

  5. Select the Cflowd tab.

  6. Click Add Policy.

    Add Cflowd policy screen

  7. In the Cflowd Policy screen, fill in the following fields:

  • Name: Enter a policy name, in this example we use ThousandEyes-ETM.

  • Description: Enter a simple description for the policy.

  • Active Flow Timeout: 60

  • Inactive Flow Timeout: 15

  • Flow Refresh: 120

  • Sampling Interval: 1

  • Protocol: IPv4 (an additional policy can be created for IPv6).

  1. Click New Collector and fill in the following fields:

  • VPN ID: Use the VPN that will send traffic to the cflowd collector.

  • IP Address: IP of the ThousandEyes Enterprise Agent that has Traffic Insights enabled.

  • Port: 18089 (that can be customized for example 9995).

  • Transport Protocol: TCP or UDP (this must match the forwarder settings in Enabling and Managing Forwarders).

  • Source Interface: Type the interface that will send Cflowd records to the forwarder. Use the dropdown to help select the interface type.

  1. Click Add.

  2. Click Save Cflowd Policy.

Cflowd apply policy to sites

Apply the Cflowd Policy to Sites

  • Select Policy Application.

  • Click the Cflowd tab.

  • Click the + New Site List.

    • Select your site(s) from the popup list.

    • Click Add.

    • Click Save Policy Changes to update your policy.

Create Cflowd Policy Via Command-Line

Below is a command-line example of the Cflowd configuration; the IP address 192.168.100.176 and port 18089 refer to the Enterprise Agent that has been enabled as a forwarder.

#show sdwan policy from-vsmart cflowd-template 
  flow-active-timeout 60 
  flow-inactive-timeout 15 
  template-refresh 120 
  flow-sampling-interval 1 
  protocol ipv4 
  no collect-tloc-loopback 
  customized-ipv4-record-fields 
    no collect-tos 
    no collect-dscp-output 
  collector vpn 2 address 192.168.100.176 port 18089 transport transport_udp
    source-interface GigabitEthernet0/0/3 
    bfd-metrics-export  
    export-interval 60

Additionally, the command show sdwan app-fwd cflowd statistics can be used to verify flow statistics.

PreviousConfiguring Traffic Monitors on Cisco Devices Via CLINextConfiguring Traffic Monitors Via Meraki Dashboard

Last updated