I’m sure most of you have heard about Brocades recent acquisition of Vyatta, a software-based virtual application provider. But that’s not all they have done. Not long after they released a new version of Vyattas 5600 vRouter: the Brocade 5600 vRouter.
The cool thing about the vRouter is it supports IPFIX, a network protocol that strips off packet headers and sends them off to a flow collector. Using a flow collector like Scrutinizer, you can gain unmatched visibility into the traffic that traverses your network.
I have included the link for the commands, but I decided I’d help out by walking you through the commands needed to enable IPFIX on your virtual router!
Brocade Configuration
Step 1) Create a flow-monitoring exporter and specify the IP address and UDP port of the NetFlow collector.
[email protected]# set service flow-monitoring exporter foo udp-collector address 10.10.1.2 [email protected]# set service flow-monitoring exporter foo udp-collector port 9995
Step 2) Create a packet selector named foo and specify a sampling size of 10 packets. The sampling rate in this case is 1:10, which means that the router will randomly select one packet from every 10 packets that flow through any data plane interface with which the selector is associated.
[email protected]# set service flow-monitoring selector foo randomly out-of 10
Step 3) Create a packet aggregator named “foo” and specify an expiration time of 1,800 seconds for active flows and 15 seconds for inactive flows.
[email protected]# set service flow-monitoring aggregator foo expiration inactive-timeout 15 [email protected]# set service flow-monitoring aggregator foo expiration active-timeout 1800
Step 4) Connect the aggregator to the exporter
[email protected]# set service flow-monitoring aggregator foo next exporter foo
Step 5) Now configure the aggregation rule for the foo aggregator-
[email protected]# set service flow-monitoring aggregator foo key destinationIPv4Address [email protected]# set service flow-monitoring aggregator foo key destinationTransportPort [email protected]# set service flow-monitoring aggregator foo key ipClassOfService [email protected]# set service flow-monitoring aggregator foo key protocolIdentifier [email protected]# set service flow-monitoring aggregator foo key sourceIPv4Address [email protected]# set service flow-monitoring aggregator foo key sourceTransportPort [email protected]# set service flow-monitoring aggregator foo non-key bgpDestinationAsNumber [email protected]# set service flow-monitoring aggregator foo non-key bgpSourceAsNumber [email protected]# set service flow-monitoring aggregator foo non-key destinationIPv4PrefixLength [email protected]# set service flow-monitoring aggregator foo non-key egressInterface [email protected]# set service flow-monitoring aggregator foo non-key flowEndMilliseconds [email protected]# set service flow-monitoring aggregator foo non-key flowStartMilliseconds [email protected]# set service flow-monitoring aggregator foo non-key ipNextHopIPv4Address [email protected]# set service flow-monitoring aggregator foo non-key octetDeltaCount [email protected]# set service flow-monitoring aggregator foo non-key packetDeltaCount [email protected]# set service flow-monitoring aggregator foo non-key sourceIPv4PrefixLength [email protected]# set service flow-monitoring aggregator foo non-key tcpControlBits
Step 6) Next you are going to apply the foo selector and foo aggregator to the dp0p1s1 data plane interface-
[email protected]# set interfaces dataplane dp0p1s1 flow-monitoring selector foo [email protected]# set interfaces dataplane dp0p1s1 flow-monitoring aggregator foo
Step 7) Commit the configuration, and then save it-
[email protected]# commit [email protected]# save
Step 8) Verify that everything looks good before you exit the configuration. Hopefully it looks similar to this-
[email protected]# show interfaces interfaces { dataplane dp0p1s1 { address 10.10.1.1/24 flow-monitoring { aggregator foo selector foo } } } [email protected]# show services service { flow-monitoring { exporter foo { udp-collector { address 10.10.1.2 port 9995 } } selector foo { randomly { out-of 10 } } aggregator foo { aggregator statistics: { flows in cache: 18 expired flows: 180 expiration { active-timeout 1800 inactive-timeout 15 } next { exporter foo } rule { key destinationIPv4Address key destinationTransportPort key ingressInterface key ipClassOfService key protocolIdentifier key sourceIPv4Address key sourceTransportPort non-key bgpDestinationAsNumber non-key bgpSourceAsNumber non-key destinationIPv4PrefixLength non-key egressInterface non-key flowEndMilliseconds non-key flowStartMilliseconds non-key ipNextHopIPv4Address non-key octetDeltaCount non-key packetDeltaCount non-key sourceIPv4PrefixLength non-key tcpControlBits } } }
Step 9) Exit the configuration and check your exporter statistics-
[email protected]# exit [email protected]:~$ show flow-monitoring dataplane statistics: interface dp0p1s1: monitor default: packets observed: 884 samples taken: 88 export daemon statistics: /exporter/default: /monitor/mon1/ipv4: reports received: 88 reports exported: 88 /monitor/mon1/ipv6: reports received: 0 reports exported: 0
Step 10) Get up, stretch your legs, you’re done!
Now that you’ve successfully configured your vRouter for IPFIX exports, you’re going to need a NetFlow/IPFIX analyzer. Scrutinizer can give you unparalleled visibility into your Flow data. Don’t believe me? Take advantage of the fully supported trial version of Scrutinizer, and see for yourself what kind of visibility you’ll get!