Gigamon uses GigaSMART for most of its NetFlow configurations, but some of us just love working from within a CLI. With a bit of direction from a Gigamon representative, we were able to document the process of configuring IPFIX for Gigamon devices from—you guessed it—the command line! Here we’ll walk you through an example IPFIX configuration for Gigamon devices.
Gigamon IPFIX Configuration: Required Hardware and Licensing
Before we get started, it’s important to note what devices and licenses Gigamon requires in order to export IPFIX data from their devices.
For HC2, HD4, and HD8 nodes, you will need to add the GigaSMART blade. You will also need to include a NetFlow/metadata license from Gigamon.
Once the hardware and licensing is in check, we can open up the CLI of our Gigamon devices and begin the below configuration. If you would like to work from within GigaSMART instead of the CLI, you can follow our blog on Gigamon IPFIX configuration using GigaSMART.
apps netflow exporter alias exp1 destination ip4addr 18.104.22.168 transport udp 2055 ttl 64 dscp 10 netflow-version ipfix template-refresh-interval 15 exit
apps netflow record alias rec1 netflow-version ipfix match add ipv4 destination address match add ipv4 source address match add transport destination-port match add transport source-port collect add ipv4 destination address collect add ipv4 source address collect add transport tcp destination-port collect add transport tcp source-port exit
apps netflow monitor alias mon1 record add rec1 cache timeout inactive 60 cache timeout active 30 cache timeout event transaction-end exit
Define GSgroup and Tunnel Port
gsgroup alias GS1 port-list 1/3/e1 port 1/1/g1 type tool tunneled-port 1/1/g1 ip 22.214.171.124 /24 gateway 126.96.36.199 mtu 1500 port-list GS1 tunneled-port 1/1/g1 netflow-exporter add exp1 gsop alias gsop1 flow-ops netflow port-list GS1 map alias for-netflow1 from 1/1/g2 use gsop gsop1 to 1/1/g1 rule add pass ipver 4 exit gsparams gsgroup GS1 netflow-monitor add mon1
sh apps netflow exporter stats sh apps netflow monitor stats sh gsop stat
clear port stats all clear gsgroup stats clear map stats all clear gsop stat clear app netflow exporter stat clear app netflow monitor cac clear app netflow monitor stat clear tunneled-port stats
gsparams gsgroup GS1 netflow-monitor delete no map alias for-netflow1 tunneled-port 1/1/g1 netflow-exporter delete exporter-id 1
tunneled-port 1/1/g1 netflow-exporter delete all
Gigamon’s IPFIX exports unique metadata, including SSL details. Below is a report I’ve pulled from Scrutinizer, our network and security intelligence platform. Within the Gigamon SSL All Details report, you can view fields like SSL version, cipher, key size, cert subject, and more.
This is just one of the unique reports exported by Gigamon. In the reports menu we can view all of the unique reports types Scrutinizer can build from the data received by Gigamon devices.
To see the data being exported by your own Gigamon devices, try sending your flow data to Scrutinizer using the 30 day trial!