Sometime between IOS 12.4 and 15.x, IPv6 flow export configuration changed. It used to be quite simple:
voilà….IPv4 and IPv6 flows exported to your favorite collector (mine being the wonderful and always useful NFDUMP/NFSEN).
Somebody at Cisco obviously found this too easy, so it is now required to re-engineer this functionality into “Flexible Netflow”. It does allow you, via the creation of a flow record, customize your own format, which is beyond this simple blog post and likely my current understanding as well ;).
For my purposes, I simply want to export IPv6 flows to my collector for business as usual. This is done by defining a flow exporter and flow monitor, attaching the exporter to the monitor, in the gobal configuration, and applying it to the interface somewhat as before:
Presto. The original-output defined in the flow monitor specifies using the predefined (?legacy?) record instead of specifying a flow record with user-defined parameters.
And as a side note, if you haven’t played with NFDUMP/NFSEN, you really should give it a try, its very useful as a tool for traffic analysis/DDoS/post-mortems.