I found out the other day that the HP 9300 series Procurve routing switches (9304m, 9308m, and 9315m) support NetFlow in software release 07.6.04 or greater. In the Advanced Configuration and Management Guide on page A-8 the NetFlow capabilities are outlined. It also supports sFlow which is discussed on page A-30. In this blog however, I’m going to discuss the impressive HP NetFlow support.
Here are some highlights of the HP 9300 NetFlow Support abilities:
- You can use a total of 15 collectors. You can specify up to 10 collectors for the main flow cache, and one additional collector for each aggregate cache.
- The support NetFlow v1 and v5 for traditional exports and v8 for aggregated exports but, I didn’t see anything about v9 or IPFIX. The default configuration is v5 which is the most popular.
- The configuration process is very similar to a Cisco IOS NetFlow setup
- You can Disable the export for specific transport protocols.
- You can export peer or origin autonomous system information
- It supports the ability to configure NetFlow aggregation using NetFlow v8.
The HP NetFlow Configuration Process
To enable NetFlow, enter the following command at the global CONFIG level of the CLI:
HP9300(config)# ip flow-export enable
HP9300(config)# ip flow-export version 5
HP9300(config)# ip flow-export destination 10.10.10.1 2055 1
HP9300(config)# ip flow-cache timeout active 1
HP9300(config)# ip flow-cache timeout inactive 15
HP9300(config)# ip flow-export source loopback 1/1
HP9300(config)# exit
Read the manual to get details on the above. The point is that it is very similar to a Cisco IOS NetFlow configuration.
To enable Flow Switching on an interface, enter commands such as the following:
HP9300(config)# interface ethernet 1/1
HP9300(config-if-1/1)# ip route-cache flow
HP9300(config-if-1/1)# exit
HP9300(config)# interface ethernet 1/2
HP9300(config-if-1/1)# ip route-cache flow
HP9300(config-if-1/1)# exit
HP9300(config)# interface ethernet 1/3
HP9300(config-if-1/1)# ip route-cache flow
HP9300(config-if-1/1)# exit
;Repeat the above for each interface
HP9300(config)# exit
HP9300# reload
Perhaps the feature that impressed me that most is the ability to configure NetFlow aggregation in 5 different ways:
- as – Configures an AS cache. Flows are aggregated based on AS number.
- destination-prefix – Configures a destination prefix cache. Flows are aggregated based on destination network prefix.
- prefix – Configures a prefix cache. Flows are aggregated based on both source and destination network prefixes.
- protocol-port – Configures a protocol port cache. Flows are aggregated based on source and destination IP protocol port.
- source-prefix – Configures a source prefix cache. Flows are aggregated based on source network prefix.
The above aggregation methods allow for the dramatic reduction in flow exports at the cost of less detail but, the benefit is that you don’t have to resort to sampling like sFlow. I would prefer the ability to specify my own custom aggregation method like I can with Cisco IOS but, the way the manual read, I don’t think you can. Personally, I might like to aggregate based on Source/Destination IP address, protocol, nexthop, and subnet mask. By removing source and destination port from the aggregation, the volume of flows can often be reduced by well over half!
Example Aggregation Configuration for AS number:
HP9300(config)# ip flow-aggregation cache as
HP9300(config-flow-cache_as)# cache entries 2046
HP9300(config-flow-cache_as)# cache timeout inactive 200
HP9300(config-flow-cache_as)# cache timeout active 45
HP9300(config-flow-cache_as)# export destination 10.42.42.1 9992
HP9300(config-flow-cache_as)# enabled
Finally, the following command will display the NetFlow configuration:
HP9300(config)# show ip flow export
Again, the manual has way more information than I’m providing here. Read up if you have any questions on how to get this configured and give us call if you need help. BTW: the HP SR6600, the HP 10500 Switch and the EFS WAN Accelerator all support Netflow as well.