Vyatta Network MonitoringHow to configure Vyatta NetFlow?  That is the question we will be answering in this blog. I thought you might need a short and concise Vyatta NetFlow configuration guide that goes straight to the point.

Configuring NetFlow on a Vyatta is fairly simple:

1. For a start we set the NetFlow version.

set system flow-accounting netflow version 9

2. To export flows to the collector where the NetFlow reporting tool is installed, we will need to set the flow destination. A flow destination is the IP address of the NetFlow collector and the listening port.

set system flow-accounting netflow server <Collector IP> port <Port #> Ex: set system flow-accounting netflow server 10.23.36.46 port 2055

3. Then we issue the following command for every interface you want to monitor

set system flow-accounting interface <interface name> Ex: set system flow-accounting interface eth0

4. Since our NetFlow and sFlow Analyzer expects flows every minutes let’s make sure the active flow timeout is set to 1 minutes. By default this is already set to 1 minute or 60 seconds.

set system flow-accounting netflow timeout expiry-interval 60

5. Vyatta flow accounting can be resource intensive when statistics are being collected on all received packets. The alternative is to turn on sampling where 1 packet is accounted for every N packets, N being the sampling rate.

set system flow-accounting netflow sampling-rate N Ex: set system flow-accounting netflow sampling-rate 500

6. Finally, the following commands will set other essential Vyatta flow accounting parameters.

set system flow-accounting netflow engine-id  id (id values range between 0 – 255)
set system flow-accounting netflow timeout max-active-life 604800
set system flow-accounting netflow timeout flow-generic 3600
set system flow-accounting netflow timeout tcp-fin 300
set system flow-accounting netflow timeout tcp-generic 3600
set system flow-accounting netflow timeout tcp-rst 120
set system flow-accounting netflow timeout icmp 300
set system flow-accounting netflow timeout udp 300

I haven’t heard of any updates on Vyatta NetFlow and sFlow implementation since VC 6.0 release, so please share any exciting news about the future of Vyatta NetFlow . Vendors such as nProbe already have URLs, Latency and other features that often require deep packet inspection. I wonder weather Vyatta will be taking the same path.

Dale

Dale Locke is the Regional Manager for the southeast US at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long lasting relationships with his clients. Dale's favorite hobbies include fishing, hiking, soccer, and football.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

2 comments on “Vyatta NetFlow Configure

  1. Why you use such following timeout value? How to make sure that value suitable with an existing Vyatta box.

    set system flow-accounting netflow timeout max-active-life 604800
    set system flow-accounting netflow timeout flow-generic 3600
    set system flow-accounting netflow timeout tcp-fin 300
    set system flow-accounting netflow timeout tcp-generic 3600
    set system flow-accounting netflow timeout tcp-rst 120
    set system flow-accounting netflow timeout icmp 300
    set system flow-accounting netflow timeout udp 300

Comments are closed.