How to configure Vyatta NetFlow? That is the question we will be answering in this blog. I thought you might need a short and concise Vyatta NetFlow configuration guide that goes straight to the point.
Configuring NetFlow on a Vyatta is fairly simple:
1. For a start we set the NetFlow version.
set system flow-accounting netflow version 9
2. To export flows to the collector where the NetFlow reporting tool is installed, we will need to set the flow destination. A flow destination is the IP address of the NetFlow collector and the listening port.
set system flow-accounting netflow server <Collector IP> port <Port #> Ex: set system flow-accounting netflow server 10.23.36.46 port 2055
3. Then we issue the following command for every interface you want to monitor
set system flow-accounting interface <interface name> Ex: set system flow-accounting interface eth0
4. Since our NetFlow and sFlow Analyzer expects flows every minutes let’s make sure the active flow timeout is set to 1 minutes. By default this is already set to 1 minute or 60 seconds.
set system flow-accounting netflow timeout expiry-interval 60
5. Vyatta flow accounting can be resource intensive when statistics are being collected on all received packets. The alternative is to turn on sampling where 1 packet is accounted for every N packets, N being the sampling rate.
set system flow-accounting netflow sampling-rate N Ex: set system flow-accounting netflow sampling-rate 500
6. Finally, the following commands will set other essential Vyatta flow accounting parameters.
set system flow-accounting netflow engine-id id (id values range between 0 – 255)
set system flow-accounting netflow timeout max-active-life 604800
set system flow-accounting netflow timeout flow-generic 3600
set system flow-accounting netflow timeout tcp-fin 300
set system flow-accounting netflow timeout tcp-generic 3600
set system flow-accounting netflow timeout tcp-rst 120
set system flow-accounting netflow timeout icmp 300
set system flow-accounting netflow timeout udp 300
I haven’t heard of any updates on Vyatta NetFlow and sFlow implementation since VC 6.0 release, so please share any exciting news about the future of Vyatta NetFlow . Vendors such as nProbe already have URLs, Latency and other features that often require deep packet inspection. I wonder weather Vyatta will be taking the same path.
