dokucama

User Tools

Site Tools

Trace: netsim sd-wan flow_information
network_stuff:flow_information

This is an old revision of the document!

FLOW INFORMATION

  • SFlow UDP-6343
  • Netflow (v5, v9) UDP-2055 or UDP-9996
    • IPFIX

Neflow vanilla configuration CSR1000v 

flow exporter Flow-exporter
 destination 10.10.11.143
 source GigabitEthernet1
 transport udp 9995
 template timeout 180    # every 3 minutes the router sends 'options template' which includes the sampler rate. This allows 'embedded sampling' to be requested by collector
 template data timeout 180    # 'data' and 'options'. the lack of templates just means it takes X minutes until collector can decode netflow from initial start of collecting process
 template options timeout 180
 option sampler-table timeout 60
!
flow monitor Flow-monitor
 exporter Flow-exporter
 cache timeout active 60
 cache timeout active 5
 record netflow-original   # record netflow ipv4 original-input
!
sampler Flow-sampler
 mode random 1 out-of 50
!
interface GigabitEthernet3
 ip flow monitor Flow-monitor sampler Flow-sampler input

Netflow in ubuntu or FRR: 

FRR01:~# systemctl status pmacctd.service
● pmacctd.service - promiscuous mode accounting daemon
   Loaded: loaded (/lib/systemd/system/pmacctd.service; enabled; vendor preset: enabled)
  Process: 530 ExecStart=/usr/sbin/pmacctd -f ${PMACCTD_CONF} $DAEMON_OPTS (code=exited, status=0/SUCCESS)
 Main PID: 546 (pmacctd)
   CGroup: /system.slice/pmacctd.service
           ├─546 pmacctd: Core Process [default]
           └─548 pmacctd: Netflow Probe Plugin [ens20]

root@Router-FRR01:~# cat /lib/systemd/system/pmacctd.service
[Unit]
Description=promiscuous mode accounting daemon
After=network.target

[Service]
Type=forking
EnvironmentFile=-/etc/default/pmacctd
ExecStart=/usr/sbin/pmacctd -f ${PMACCTD_CONF} $DAEMON_OPTS
cat /etc/pmacct/pmacctd.conf
daemonize: true
interface: ens20
aggregate: src_host, dst_host, src_port, dst_port, proto, tos
plugins: nfprobe[ens20]
nfprobe_receiver: 10.100.10.142:9995
nfprobe_version: 9
nfprobe_direction[ens20]: tag
nfprobe_ifindex[ens20]: tag2
pre_tag_map: /etc/pmacct/pretag.map
timestamps_secs: true

SFLOW
IN LINUX / FRR:
USE 'HOST SFLOW' PROJECT: https://sflow.net/documentation.php

In Arista: 

int e2
ip address 10.100.11.129/24
description to-tra
sflow destination 10.100.11.143 6343
sflow source 10.100.11.129
sflow polling-interval 30    # interval for sending counter data to the sFlow collector. The default interval is two seconds.
sflow sample 15    #  packet sampling rate. Packets are sampled at random intervals to avoid inaccurate sampling of periodic events.
sflow extension bgp    # Optional. routing agent will export the BGP routing table and autonomous system path information to the sFlow agent
network_stuff/flow_information.1683807513.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki