I’m sure most of you have heard about Brocades recent acquisition of Vyatta, a software-based virtual application provider. But that’s not all they have done. Not long after they released a new version of Vyattas 5600 vRouter: the Brocade 5600 vRouter.
The cool thing about the vRouter is it supports IPFIX, a network protocol that strips off packet headers and sends them off to a flow collector. Using a flow collector like Scrutinizer, you can gain unmatched visibility into the traffic that traverses your network.
I have included the link for the commands, but I decided I’d help out by walking you through the commands needed to enable IPFIX on your virtual router!
Brocade Configuration
Step 1) Create a flow-monitoring exporter and specify the IP address and UDP port of the NetFlow collector.
vyatta@R1# set service flow-monitoring exporter foo udp-collector address 10.10.1.2 vyatta@R1# set service flow-monitoring exporter foo udp-collector port 9995
Step 2) Create a packet selector named foo and specify a sampling size of 10 packets. The sampling rate in this case is 1:10, which means that the router will randomly select one packet from every 10 packets that flow through any data plane interface with which the selector is associated.
vyatta@R1# set service flow-monitoring selector foo randomly out-of 10
Step 3) Create a packet aggregator named “foo” and specify an expiration time of 1,800 seconds for active flows and 15 seconds for inactive flows.
vyatta@R1# set service flow-monitoring aggregator foo expiration inactive-timeout 15 vyatta@R1# set service flow-monitoring aggregator foo expiration active-timeout 1800
Step 4) Connect the aggregator to the exporter
vyatta@R1# set service flow-monitoring aggregator foo next exporter foo
Step 5) Now configure the aggregation rule for the foo aggregator-
vyatta@R1# set service flow-monitoring aggregator foo key destinationIPv4Address vyatta@R1# set service flow-monitoring aggregator foo key destinationTransportPort vyatta@R1# set service flow-monitoring aggregator foo key ipClassOfService vyatta@R1# set service flow-monitoring aggregator foo key protocolIdentifier vyatta@R1# set service flow-monitoring aggregator foo key sourceIPv4Address vyatta@R1# set service flow-monitoring aggregator foo key sourceTransportPort vyatta@R1# set service flow-monitoring aggregator foo non-key bgpDestinationAsNumber vyatta@R1# set service flow-monitoring aggregator foo non-key bgpSourceAsNumber vyatta@R1# set service flow-monitoring aggregator foo non-key destinationIPv4PrefixLength vyatta@R1# set service flow-monitoring aggregator foo non-key egressInterface vyatta@R1# set service flow-monitoring aggregator foo non-key flowEndMilliseconds vyatta@R1# set service flow-monitoring aggregator foo non-key flowStartMilliseconds vyatta@R1# set service flow-monitoring aggregator foo non-key ipNextHopIPv4Address vyatta@R1# set service flow-monitoring aggregator foo non-key octetDeltaCount vyatta@R1# set service flow-monitoring aggregator foo non-key packetDeltaCount vyatta@R1# set service flow-monitoring aggregator foo non-key sourceIPv4PrefixLength vyatta@R1# set service flow-monitoring aggregator foo non-key tcpControlBits
Step 6) Next you are going to apply the foo selector and foo aggregator to the dp0p1s1 data plane interface-
vyatta@R1# set interfaces dataplane dp0p1s1 flow-monitoring selector foo vyatta@R1# set interfaces dataplane dp0p1s1 flow-monitoring aggregator foo
Step 7) Commit the configuration, and then save it-
vyatta@R1# commit vyatta@R1# save
Step 8) Verify that everything looks good before you exit the configuration. Hopefully it looks similar to this-
vyatta@R1# show interfaces
interfaces {
dataplane dp0p1s1 {
address 10.10.1.1/24
flow-monitoring {
aggregator foo
selector foo
}
}
}
vyatta@R1# show services
service {
flow-monitoring {
exporter foo {
udp-collector {
address 10.10.1.2
port 9995
}
}
selector foo {
randomly {
out-of 10
}
}
aggregator foo {
aggregator statistics: {
flows in cache: 18
expired flows: 180
expiration {
active-timeout 1800
inactive-timeout 15
}
next {
exporter foo
}
rule {
key destinationIPv4Address
key destinationTransportPort
key ingressInterface
key ipClassOfService
key protocolIdentifier
key sourceIPv4Address
key sourceTransportPort
non-key bgpDestinationAsNumber
non-key bgpSourceAsNumber
non-key destinationIPv4PrefixLength
non-key egressInterface
non-key flowEndMilliseconds
non-key flowStartMilliseconds
non-key ipNextHopIPv4Address
non-key octetDeltaCount
non-key packetDeltaCount
non-key sourceIPv4PrefixLength
non-key tcpControlBits
}
}
}
Step 9) Exit the configuration and check your exporter statistics-
vyatta@R1# exit vyatta@R1:~$ show flow-monitoring dataplane statistics: interface dp0p1s1: monitor default: packets observed: 884 samples taken: 88 export daemon statistics: /exporter/default: /monitor/mon1/ipv4: reports received: 88 reports exported: 88 /monitor/mon1/ipv6: reports received: 0 reports exported: 0
Step 10) Get up, stretch your legs, you’re done!
Now that you’ve successfully configured your vRouter for IPFIX exports, you’re going to need a NetFlow/IPFIX analyzer. Scrutinizer can give you unparalleled visibility into your Flow data. Don’t believe me? Take advantage of the fully supported trial version of Scrutinizer, and see for yourself what kind of visibility you’ll get!
