Recently, I discovered that the HP 6600 Router Series has support for NetFlow. If you search for HP 6600 NetFlow Support, though, you don’t find much. This is because HP’s version of NetFlow is called NetStream (likely from their acquisition of 3Com). I first learned about this when I browsed HP’s website to see if they offered NetFlow/IPFIX support. After much searching, I found what I was looking for. Today, I want to help you configure your HP 6600 Routers to send flow data to your collector.HP 6608

A colleague of mine contacted HP to see what information they had on the HP 6600 Router Series. Unfortunately, much to my surprise, they did not have any documentation regarding ‘IPFIX’. After scouring the interwebs to find something on how to configure the device, I discovered that, though there are a number of models in the 6600 series, many of them use the same configuration.

HP 6600 NetFlow Support Configuration

To configure the HP 6600 Router Series to send NetFlow (NetStream) to your collector, you need to enter system view and issue a number of commands.

In this example, see Figure 1, we will configure NetStream on Router A: enable NetStream for incoming traffic on GigabitEthernet 2/0/0 and for outgoing traffic on GigabitEthernet 2/0/1, and configure the router to export NetStream traditional data to UDP port 2055 of the NetStream server at 12.110.2.2/16.

A quick note: NetStream exports data in UDP datagrams in one of the following formats:

  • Version 5—Exports original statistics collected based on the 7-tuple elements. The packet format is fixed and cannot be extended flexibly.
  • Version 8—Supports NetStream aggregation data export. The packet formats are fixed and cannot be extended flexibly.
  • Version 9—The most flexible format. Users can define templates that have different statistics fields. The template feature supports different statistics, such as BGP next hop and MPLS information.

We will be using the Version 5 export in this example.

HP 6600 NetFlow Support
Figure 1

Enable NetStream for incoming traffic on GigabitEthernet 2/0/0.

<RouterA> system-view
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] ip address 11.110.2.1 255.255.0.0
[RouterA-GigabitEthernet2/0/0] ip netstream inbound
[RouterA-GigabitEthernet2/0/0] quit

Enable NetStream for outgoing traffic on GigabitEthernet 2/0/1.

[RouterA] interface gigabitethernet 2/0/1
[RouterA-GigabitEthernet2/0/1] ip address 12.110.2.1 255.255.0.0
[RouterA-GigabitEthernet2/0/1] ip netstream outbound
[RouterA-GigabitEthernet2/0/1] quit

Configure the destination address and the destination UDP port number for the NetStream traditional data export.

[RouterA] ip netstream export host 12.110.2.2 2055

Configure Flow Aging

Because the default aging time for active and inactive flows is higher than we recommend (1800 and 30 seconds respectively), we need to set them manually. To do this issue the following commands.

<RouterA> system-view
[RouterA] ip netstream aging
[RouterA] ip netstream timeout active 60
[RouterA] ip netstream timeout inactive 15
[RouterA] quit

If you have any questions on how to configure this device please reach out to our support team or review the “HP 6600/HSR6600 Routers Network Management and Monitoring Configuration Guide“.

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related