Configure NetFlow Forwarding

If you’re a faithful follower of our blogs, then you are familiar with the Flow Replicator described in Michael Patterson’s “Free NetFlow Forwarder or NetFlow Duplicator” blog from May 29th, 2010.

If you’re not familiar with this NetFlow Forwarder application and you have the need for exporting NetFlow packets to multiple (unlimited!) collectors, then you must read his blog.

Configuration is quick and easy and, if using the config file to list source (exporters) and destinations (collectors), extremely scalable.

For example, in the configuration displayed below, we have 18 exporters forwarding to 9 different collectors in varying combinations.  Several of the exporters only forward to one collector, whereas the remainder forward to either 7 or 8 collectors.

The flexibility of configuring NetFlow duplication is limitless using the config file.

But reading the list of source ips and destination ips in this config file can be very confusing, and our manager, like so many, prefers to see a graphical display.

Graphical view

So we created a quick graph (using GraphViz) of the exporter and collector ip addresses with arrows of who forwards to who.

The exporters are all displayed around the outer perimeter of the graphs and the collectors are on the inside with the arrows pointing to them.  Gives you a simple display of the complexity that the configuration file can provide.

Using this NetFlow replicator and the config file, you can expand your NetFlow reporting capabilities to multiple NetFlow collectors, including my favorite, Scrutinizer NetFlow and sFlow Analyzer.  And don’t forget, since the samplicator forwards UDP packets, you can also forward sFlow and IPFIX packets, and also SNMP Traps or Syslogs.