With the exhaustion of IPv4 addresses, the need to switch to IPv6 is inevitable and has been for many years. As your company makes the switch to IPv6, don’t forget NetFlow collector’s IPv6 support. I’m not only talking about the ability of your NetFlow collector to report on IPv6 conversations, but also the ability to collect NetFlow sent in IPv6 packets.
As the number of internet capable devices continues to grow, we need to be aware that we need to make the switch to IPv6 sometime soon. I am not saying that IPv4 will go by the wayside. It’s said that in 2014, 27 percent of internet capable devices are IPv6 compatible. I alone have multiple laptops, a smartphone and a tablet that I use to help me do my job and I’m only one man.
Collecting IPv6 NetFlow Packets
NetFlow collector IPv6 support is very important when network administrators do make the switch to IPv6. All the devices that are taking up the IPv6 addresses of the new IPv6 networks can now be monitored. Our NetFlow collector supports not only the ability to report on IPv6 conversations, but also collects packets addressed for IPv6, as shown in the screenshot of a Wireshark packet capture. Notice that the source and destination addresses are using the IPv6 address format.
Monitoring IPv6 Traffic
Let’s take a little time to enable the collection of IPv6 information on your NetFlow capable devices. Please note: the configuration is going to vary from vendor to vendor, but the overall goal is the same. Below is an example of a flow record set up to collect IPv6 information from traffic conversations on Cisco IOS.
(config)#flow record IPv6-Record
(config-flow-record)#match ipv6 source address
(config-flow-record)#match ipv6 destination address
(config-flow-record)#match transport source-port
(config-flow-record)#match transport destination-port
(config-flow-record)#match interface input
(config-flow-record)#match ipv6 protocol
(config-flow-record)#match ipv6 dscp
(config-flow-record)#collect routing destination as
(config-flow-record)#collect routing source as
(config-flow-record)#collect ipv6 destination mask
(config-flow-record)#collect ipv6 source mask
(config-flow-record)#collect routing next-hop address ipv6
(config-flow-record)#collect transport tcp flags
(config-flow-record)#collect counter bytes
(config-flow-record)#collect counter packets
(config-flow-record)#collect timestamp sys-uptime first
(config-flow-record)#collect timestamp sys-uptime last
(config-flow-record)#collect interface output
(config-flow-record)#collect flow direction
Now that you are exporting the IPv6 information, go to your NetFlow collector and use this to its full capability. The next screenshot is showing the ability to search for any IPv6 address in our NetFlow collector. From the Status tab, we can use the Wizard function to select Search and add in our IPv6 address. Below that are a few options for selecting the device you would like to look from and the timeframe to do the search.
IPv6 Subnet Filters
Our collector has always had the ability to configure IP subnets to monitor different groups within your network. As of our latest version, we have added IPv6 subnets. These filters can be used along-side your IPv4 subnets to give you a picture of all the traffic. This shows the amount of bandwidth that each subnet is taking up in the last five minutes.
NetFlow Collector IPv6 Support
While we know that IPv4 is not going to be replaced, it still has the ability to be used alongside IPv6. It’s just that the ability to collect CFLOW packets sent across the network using IPv6 will expand the ever-growing collection of internet connected devices. Be sure to check if your Netflow collector has IPv6 support.