Vyatta NetFlow Mononitoring

has been improved in some of the latest VC 6.x releases. I worked on a NetFlow reporting issue with a VC 6.0 user in the past trying to figure out why his NetFlow Analyzer was not showing the expected amount of traffic. We used Wireshark and found that a large number of flow packets were being exported without flow data, therefore were useless and discarded by the collector. Since he upgraded to VC 6.2, he was able to see all his traffic.Vyatta now supports MAC addresses, as seen in the image below!

How do you configure NetFlow on a Vyatta?

Use the following commands to enable NetFlow:

set system flow-accounting interface <interface name> (This command should be issued for each interface you want to monitor)
set system flow-accounting netflow sampling-rate rate ("The rate at which packets are sampled (that is, if 1 in n packets are sampled, n is the rate"))
set system flow-accounting netflow version 9
set system flow-accounting netflow server <Collector IP> port 2055
set system flow-accounting netflow engine-id id

set system flow-accounting netflow timeout expiry-interval 60 (The NetFlow and sFlow Analyzer expects the timeout expiry-interval value to be 60 seconds)
set system flow-accounting netflow timeout max-active-life life
set system flow-accounting netflow timeout flow-generic timeout
set system flow-accounting netflow timeout tcp-fin timeout
set system flow-accounting netflow timeout tcp-generic timeout
set system flow-accounting netflow timeout tcp-rst timeout
set system flow-accounting netflow timeout icmp timeout
set system flow-accounting netflow timeout udp timeout
Configuration Statement 
system {
       flow-accounting {
           interface <ifname> {
	   netflow {
	      version 9           # default 5
	      engine-id <u32>           # 0-255
	      server <Collector IP> {
	            port 2055     # Can be different
              }
              timeout {
	            expiry-interval 60
	            flow-generic 3600
	            icmp 300
	            max-active-life 604800
	            tcp-fin 300
	            tcp-generic 3600
	            tcp-rst 120
	            udp 300
	        }
	     }
          }
     }
sFlow configuration statement
system {
    flow-accounting {
         sflow {
	    agentid <u32>
	    server <ipv4> {           # multi-value
	        port <u32>            # default 6343
	    }
	}

More information on Vyatta Netflow can be found in the Vyatta basic system reference. Enjoy monitoring network traffic on your Vyatta device, and I hope you enjoyed this blog. Cheers!!

Dale Locke author pic

Dale

Dale Locke is the Regional Manager for the southeast US at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long lasting relationships with his clients. Dale's favorite hobbies include fishing, hiking, soccer, and football.

Related

Big Data

Sankey Flow Graph

Posted on - by Jeff Morrison

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply