I’m sure most of you have heard about Brocades recent acquisition of Vyatta, a software-based virtual application provider. But that’s not all they have done. Not long after they released a new version of Vyattas 5600 vRouter: the Brocade 5600 vRouter.
The cool thing about the vRouter is it supports IPFIX, a network protocol that strips off packet headers and sends them off to a flow collector. Using a flow collector like Scrutinizer, you can gain unmatched visibility into the traffic that traverses your network.
I have included the link for the commands, but I decided I’d help out by walking you through the commands needed to enable IPFIX on your virtual router!
Brocade Configuration
Step 1) Create a flow-monitoring exporter and specify the IP address and UDP port of the NetFlow collector.
vyatta@R1# set service flow-monitoring exporter foo udp-collector address 10.10.1.2 vyatta@R1# set service flow-monitoring exporter foo udp-collector port 9995
Step 2) Create a packet selector named foo and specify a sampling size of 10 packets. The sampling rate in this case is 1:10, which means that the router will randomly select one packet from every 10 packets that flow through any data plane interface with which the selector is associated.
vyatta@R1# set service flow-monitoring selector foo randomly out-of 10
Step 3) Create a packet aggregator named “foo” and specify an expiration time of 1,800 seconds for active flows and 15 seconds for inactive flows.
vyatta@R1# set service flow-monitoring aggregator foo expiration inactive-timeout 15 vyatta@R1# set service flow-monitoring aggregator foo expiration active-timeout 1800
Step 4) Connect the aggregator to the exporter
vyatta@R1# set service flow-monitoring aggregator foo next exporter foo
Step 5) Now configure the aggregation rule for the foo aggregator-
vyatta@R1# set service flow-monitoring aggregator foo key destinationIPv4Address vyatta@R1# set service flow-monitoring aggregator foo key destinationTransportPort vyatta@R1# set service flow-monitoring aggregator foo key ipClassOfService vyatta@R1# set service flow-monitoring aggregator foo key protocolIdentifier vyatta@R1# set service flow-monitoring aggregator foo key sourceIPv4Address vyatta@R1# set service flow-monitoring aggregator foo key sourceTransportPort vyatta@R1# set service flow-monitoring aggregator foo non-key bgpDestinationAsNumber vyatta@R1# set service flow-monitoring aggregator foo non-key bgpSourceAsNumber vyatta@R1# set service flow-monitoring aggregator foo non-key destinationIPv4PrefixLength vyatta@R1# set service flow-monitoring aggregator foo non-key egressInterface vyatta@R1# set service flow-monitoring aggregator foo non-key flowEndMilliseconds vyatta@R1# set service flow-monitoring aggregator foo non-key flowStartMilliseconds vyatta@R1# set service flow-monitoring aggregator foo non-key ipNextHopIPv4Address vyatta@R1# set service flow-monitoring aggregator foo non-key octetDeltaCount vyatta@R1# set service flow-monitoring aggregator foo non-key packetDeltaCount vyatta@R1# set service flow-monitoring aggregator foo non-key sourceIPv4PrefixLength vyatta@R1# set service flow-monitoring aggregator foo non-key tcpControlBits
Step 6) Next you are going to apply the foo selector and foo aggregator to the dp0p1s1 data plane interface-
vyatta@R1# set interfaces dataplane dp0p1s1 flow-monitoring selector foo vyatta@R1# set interfaces dataplane dp0p1s1 flow-monitoring aggregator foo
Step 7) Commit the configuration, and then save it-
vyatta@R1# commit vyatta@R1# save
Step 8) Verify that everything looks good before you exit the configuration. Hopefully it looks similar to this-
vyatta@R1# show interfaces interfaces { dataplane dp0p1s1 { address 10.10.1.1/24 flow-monitoring { aggregator foo selector foo } } } vyatta@R1# show services service { flow-monitoring { exporter foo { udp-collector { address 10.10.1.2 port 9995 } } selector foo { randomly { out-of 10 } } aggregator foo { aggregator statistics: { flows in cache: 18 expired flows: 180 expiration { active-timeout 1800 inactive-timeout 15 } next { exporter foo } rule { key destinationIPv4Address key destinationTransportPort key ingressInterface key ipClassOfService key protocolIdentifier key sourceIPv4Address key sourceTransportPort non-key bgpDestinationAsNumber non-key bgpSourceAsNumber non-key destinationIPv4PrefixLength non-key egressInterface non-key flowEndMilliseconds non-key flowStartMilliseconds non-key ipNextHopIPv4Address non-key octetDeltaCount non-key packetDeltaCount non-key sourceIPv4PrefixLength non-key tcpControlBits } } }
Step 9) Exit the configuration and check your exporter statistics-
vyatta@R1# exit vyatta@R1:~$ show flow-monitoring dataplane statistics: interface dp0p1s1: monitor default: packets observed: 884 samples taken: 88 export daemon statistics: /exporter/default: /monitor/mon1/ipv4: reports received: 88 reports exported: 88 /monitor/mon1/ipv6: reports received: 0 reports exported: 0
Step 10) Get up, stretch your legs, you’re done!
Now that you’ve successfully configured your vRouter for IPFIX exports, you’re going to need a NetFlow/IPFIX analyzer. Scrutinizer can give you unparalleled visibility into your Flow data. Don’t believe me? Take advantage of the fully supported trial version of Scrutinizer, and see for yourself what kind of visibility you’ll get!