BradReese.Com Instant Quotes

Home About Repair Power Supplies Refurbished Blog Quick Links Site Map Contact Us

Brad Reese how to


Power Supplies

VoIP Gateways

Cisco Repair

Refurbished Cisco

Cisco CPQRGs

New Cisco

New HP ProCurve

Cisco Tools

Competitive Lab Tests

Tech Forums

How-to Tutorials

CCIE Gossip


Archive of Brad's how to

Subscribe to Brad's how to

How-to configure a free NetFlow forwarder or NetFlow duplicator

Fri, 05/21/10 - 8:50pm    View how to tips and comments

Plixer InternationalMichael PattersonMichael Patterson - President and CEO of network performance measurement vendor - Plixer International, sent to me the following "how-to email" earlier this week:

Hi Brad,

I had a customer with some Enterasys switches contact me the other day with a problem. It seems that Enterasys N series switches will only forward NetFlow to one collector. This is a problem because the customer needed to get the NetFlow to two destinations.

What this customer needed was a NetFlow Forwarder or NetFlow Duplicator. Some even call it a NetFlow replicator.

The diagram below explains what he needed to configure:


We installed a program called the Samplicator, below is a description of this program:

"This simple program listens for UDP datagrams on a network port, and sends copies of these datagrams on to a set of destinations. Optionally, it can perform sampling, i.e. rather than forwarding every packet, forward only 1 in N. Another option is that it can 'spoof' the IP source address, so that the copies appear to come from the original source, rather than the relay. Currently only supports IPv4."

Here is the process we went through to set it up.

Most Linux people are used to building from source. First perform the following:

Download the samplicator-1.3.6.tar.gz file from the site.

Download file

At this point the binary is in the system path and can be run from any directory.


Learn more about sudo...

The options are as follows:


Specifying receivers:



Config file format:

a.b.c.d[/e.f.g.h]: receiver...


Note: Receivers specified on the command line will get all packets, those specified in the config-file will get only packets with a matching source.

I setup the Enterasys switch ( to send Netflow to the Samplicator on port 2000. The Samplicator on my PC was configured to listen on port 2000 (which is the default) and to export to three NetFlow collectors (, and which are all listening on port 2055. When a packet comes into from, it spits out 3 packets, one for each collector (, and

In summary, on the command line we typed in:


Remember, the "-f" runs the program in the background and it is optional. Anyway, we performed a Wireshark capture on port 2055 and saw that it was indeed samplicating while spoofing the source. Notice below that the switch ( sent the NetFlow to the Samplicator ( and the Samplicator forwarded the same packet onto 3 destinations without modifying the source IP address:


Each of the above 3 destinations was running Plixer's Scrutinizer NetFlow and sFlow Analyzer.

Scrutinizer NetFlow and sFlow Analyzer

It actually only took a few minutes to set this up. Since this will work on all types of UDP packets, this can be useful for SNMP Traps, Syslogs or Netflow. Some of you probably have questions on its performance. I haven't stressed tested it, but the load on the CPU was about 1%.

Anyway, this should work for forwarding IPFIX or NetFlow from Cisco routers, Cisco ASA devices, sFlow switches, etc.

Hopefully, you'll stress test it and let me know, Plixer's President and CEO, if it works, you can email me at: Michael Patterson.

Visit Brad's how to archive.

Don't be shy, what tips can you provide on NetFlow forwarder or NetFlow duplicator?

Contact Brad Reese

Subscribe to Brad's how to

Brad's how to picks

  1. Archive of Brad's how to
  2. How-to setup sampled Cisco NetFlow
  3. How to configure a Cisco Nexus 7000 to export NetFlow v9
  4. How to setup Cisco's Flexible NetFlow (FNF) with LEGO Blocks
  5. How to absolutely guarantee QoS with network traffic
  6. How-to configure Cisco Flexible NetFlow for NBAR exports
  7. How to reduce the high cost of T1 service
  8. How to setup Cisco IP SLA jitter monitors
  9. How to use NAT in overlapping networks
  10. How to redistribute routing protocols
  11. How to ensure that the optimal path is taken in a redundant network setup
  12. How to configure MPLS VPN over ATM using cell mode MPLS with BGP or RIPv2 on the customer site
  13. How to configure NAT
  14. How to configure HSRP on a Cisco router
  15. How to avoid fragmentation of MPLS packets over Fast Ethernet interfaces
  16. How to configure EIGRP variance to load balance traffic across unequal cost links
  17. How to configure MD5 authentication for BGP
  18. How to configure floating static routes for redundancy
  19. How to configure a GRE tunnel
  20. How to configure OSPF over a point-to-point link
blog comments powered by Disqus

Brad Reese music work ambience

Supplement Cisco SMARTnet Contracts


©2013 BradReese.Com - Home - About - Repair - Power Supplies - Refurbished - Blog - Quick Links - Site Map - Contact Us