Blog :: Configuration

Gigamon IPFIX Configuration from Command Line

traci feature

Gigamon uses GigaSMART for most of its NetFlow configurations, but some of us just love working from within a CLI. With a bit of direction from a Gigamon representative, we were able to document the process of configuring IPFIX for Gigamon devices from—you guessed it—the command line! Here we’ll walk you through an example IPFIX configuration for Gigamon devices.

Gigamon IPFIX Configuration: Required Hardware and Licensing

Before we get started, it’s important to note what devices and licenses Gigamon requires in order to export IPFIX data from their devices.

For HC2, HD4, and HD8 nodes, you will need to add the GigaSMART blade. You will also need to include a NetFlow/metadata license from Gigamon.

Once the hardware and licensing is in check, we can open up the CLI of our Gigamon devices and begin the below configuration. If you would like to work from within GigaSMART instead of the CLI, you can follow our blog on Gigamon IPFIX configuration using GigaSMART.

Define Exporter

apps netflow exporter alias exp1
destination ip4addr 1.1.1.1
transport udp 2055
ttl 64
dscp 10
netflow-version ipfix
template-refresh-interval 15
exit

Define Recorder

apps netflow record alias rec1
netflow-version ipfix
match add ipv4 destination address
match add ipv4 source address
match add transport destination-port
match add transport source-port
collect add ipv4 destination address
collect add ipv4 source address
collect add transport tcp destination-port
collect add transport tcp source-port
exit

Define Monitor

apps netflow monitor alias mon1
record add rec1
cache timeout inactive 60
cache timeout active 30
cache timeout event transaction-end
exit

Define GSgroup and Tunnel Port

gsgroup alias GS1 port-list 1/3/e1
port 1/1/g1 type tool
tunneled-port 1/1/g1 ip 1.1.1.2 /24 gateway 1.1.1.1 mtu 1500 port-list GS1
tunneled-port 1/1/g1 netflow-exporter add exp1
gsop alias gsop1 flow-ops netflow port-list GS1

map alias for-netflow1
from 1/1/g2
use gsop gsop1
to 1/1/g1
rule add pass ipver 4
exit
gsparams gsgroup GS1 netflow-monitor add mon1

Show Stats

sh apps netflow exporter stats
sh apps netflow monitor stats
sh gsop stat

Clear Stats

clear port stats all
clear gsgroup stats
clear map stats all
clear gsop stat
clear app netflow exporter stat
clear app netflow monitor cac
clear app netflow monitor stat
clear tunneled-port stats

Deleting

gsparams gsgroup GS1 netflow-monitor delete
no map alias for-netflow1
tunneled-port 1/1/g1 netflow-exporter delete exporter-id 1

OR

tunneled-port 1/1/g1 netflow-exporter delete all

Gigamon’s IPFIX exports unique metadata, including SSL details. Below is a report I’ve pulled from Scrutinizer, our network and security intelligence platform. Within the Gigamon SSL All Details report, you can view fields like SSL version, cipher, key size, cert subject, and more.

SSL Details Report

This is just one of the unique reports exported by Gigamon. In the reports menu we can view all of the unique reports types Scrutinizer can build from the data received by Gigamon devices.

Gigamon IPFIX configuration: unique Gigamon reports

To see the data being exported by your own Gigamon devices, try sending your flow data to Scrutinizer using the 14-day trial!

Related

briand

Advanced Silver Peak monitoring with IPFIX

Competition generally ends up being good for the consumer. It keeps prices down and forces innovation as vendors compete for market share. A great

context

Network Traffic Analytics with Gigamon

Quite some time ago, my colleague wrote about our Gigamon NetFlow support. That article will help you understand how to configure your Gigamon appliances

joanna

Uncovering SSL Vulnerabilities with Gigamon Metadata Exports

While we have supported Gigamon reports for a couple of years, we now leverage the SSL information pulled from Gigamon flows. This enables you