Here is a sort of generalized FnF – Flexible NetFlow configuration where I created a TCP class that includes all TCP traffic. I don't normally recommend this as typically I would identify the business applications that I want to track with performance monitor and create classes for monitoring each. If all TCP latency is desired, this should work fine. Also, this FnF configuration is based on IOS 15.2(2)T and includes Cisco NBAR configuration details as well. If an earlier IOS is being used, ignore the error when creating the flow records. Reports should still work well if of course you have the best NetFlow reporting solution.


!define  standard FnF record
flow record nbar-mon
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
match application name
collect datalink dot1q vlan input
collect datalink dot1q vlan output
collect datalink mac source address input
collect datalink mac source address output
collect datalink mac destination address input
collect datalink mac destination address output
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 id
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!


!define specific record for TCP flows
flow record type performance-monitor TCP
match ipv4 protocol
match ipv4 source address
match ipv4 source prefix
match ipv4 destination address
match ipv4 destination prefix
match transport source-port
match transport destination-port
collect routing forwarding-status
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 ttl
collect ipv4 source mask
collect ipv4 destination mask
collect transport round-trip-time
collect transport event packet-loss counter
collect interface input
collect interface output
collect counter bytes
collect counter packets
collect counter bytes rate
collect timestamp interval
collect application name
collect application media bytes counter
collect application media packets rate
collect application media event
collect monitor event
!
!Define record for VOIP flows
flow record type performance-monitor RTP
match ipv4 protocol
match ipv4 source address
match ipv4 source prefix
match ipv4 destination address
match ipv4 destination prefix
match transport source-port
match transport destination-port
match transport rtp ssrc
collect routing forwarding-status
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 ttl
collect ipv4 source mask
collect ipv4 destination mask
collect transport packets expected counter
collect transport packets lost counter
collect transport packets lost rate
collect transport event packet-loss counter
collect transport rtp jitter mean
collect transport rtp jitter minimum
collect transport rtp jitter maximum
collect interface input
collect interface output
collect counter bytes
collect counter packets
collect counter bytes rate
collect timestamp interval
collect application name
collect application media bytes counter
collect application media bytes rate
collect application media packets counter
collect application media packets rate
collect application media event
collect monitor event

!define exporter
flow exporter export-to-scrutinizer
description FNF v9
destination x.x.x.x
source XXXXXXX !interface
transport udp 2055
option interface-table
option application-table

!create VOIP flow monitor
flow monitor type performance-monitor RTP
description RTP stats
record RTP
exporter export-to-scrutinizer
!
!create TCP flow monitor
flow monitor type performance-monitor TCP
description TCP stats
record TCP
exporter export-to-scrutinizer

 
!Standard FnF Monitor
flow monitor nbar-mon
description app traffic analysis
exporter export-to-scrutinizer
cache timeout active 60
record nbar-mon

!create access list to filter TCP only
access-list 100 permit tcp any any

!create class to match voice traffic. "Cisco-Phone" usually means standard RTP voice traffic. Those 3 items should catch all the voice and video.
class-map match-any realtime
  match protocol rtp audio
  match protocol rtp video
  match protocol cisco-phone

!use TCP ACL to create a class map
class-map match-any TCP-class
  match access-group 100

 
policy-map type performance-monitor RTPMON
!Apply monitors to perfotmance monitor Policy-Map
class realtime
   flow monitor RTP
   monitor parameters
    interval duration 10
    flows 100
class TCP-class
   flow monitor TCP
   monitor parameters
    flows 1000

!Apply ingress/egress monitors to an interface. Egress (output) commented out unless needed.
interface XXXXXX
service-policy type performance-monitor input RTPMON
!service-policy type performance-monitor output RTPMON
ip flow monitor nbar-mon input
!ip flow monitor nbar-mon output
 
If you are looking for the best flexible NetFlow reporting tool, you will find the leader in NetFlow within the "Medianet 2.2 Deployment Guide".  Our NetFlow Analyzer can be found on page 7,8,10 & 11. 

 

Our company is a Cisco NetFlow partner for Medianet also known as Performance Monitoring because our system provides flexible filtering and sorting with Customizable Reports on the latest flow exports (e.g. Jitter , latency).   Please let me know is you have any questions about the above configuration.