Monitoring Network Traffic Using IPFIX
IP Flow Information Export (IPFIX) allows clients to easily monitor network traffic to and from the node. This information is cached on the managed device, then exported to an assigned collector server within the node once the table is full or the timer has expired. This information is then logged and stored by the collector server for viewing.
Enabling IPFIX
Before enabling IPFIX, the device must be configured for local management within the node. If the device is not locally managed, the IPFIX tab will not display in the WebUI.
In the WebUI
|
1.
|
In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab. |
|
3.
|
Select Enabled from the Enable IPFIX drop-down list. |
|
5.
|
Click Pending Changes. |
|
6.
|
In the Pending Changes window, select the check box and click Deploy changes. |
In the CLI
(host) [mynode] (config)#ip-flow-export-profile
(host) [mynode] (ip flow collector profile)#enable
Assigning the Collector Device
When a device belonging to a node exports a cache, it is sent to the designated Collector Device in that node. The Collector Device receives, logs and stores the data from the other devices in the node.
In the WebUI
|
1.
|
In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab. |
|
3.
|
Select Enabled from the Enable IPFIX drop-down list. |
|
4.
|
Enter the IP address of the device in the Collector IP address field. |
|
6.
|
Click Pending Changes. |
|
7.
|
In the Pending Changes window, select the check box and click Deploy changes. |
In the CLI
(host) [mynode] (config)#ip-flow-export-profile
(host) [mynode] (ip flow collector profile)#collector-ip <collector ip address>
Selecting a Transfer Mode
IPFIX supports UDP and TCP transfer protocols when sending a cache from a device to the Collector Device.
In the WebUI
|
1.
|
In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab. |
|
3.
|
Select Enabled from the Enable IPFIX drop-down list. |
|
4.
|
Select a transfer protocol from the Transport mode drop-down list. |
|
6.
|
Click Pending Changes. |
|
7.
|
In the Pending Changes window, select the check box and click Deploy changes. |
In the CLI
(host) [mynode] (config)#ip-flow-export-profile
(host) [mynode] (ip flow collector profile)# transport-protocol<protocol>
Assigning a Destination Port
Clients can assign a destination port on the Collector Device to direct incoming data caches from other devices in the node.
In the WebUI
|
1.
|
In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab. |
|
3.
|
Select Enabled from the Enable IPFIX drop-down list. |
|
4.
|
Enter the port number into the Port field. |
|
6.
|
Click Pending Changes. |
|
7.
|
In the Pending Changes window, select the check box and click Deploy changes. |
In the CLI
(host) [mynode] (config)#ip-flow-export-profile
(host) [mynode] (ip flow collector profile)#port <port number>
Modifying the Flow Cache Size and Interval Settings
The Flow Cache limits when the cache is exported to the Collector Device and can be determined by the size of the cache or the duration of time in the session. When any one of these values is met, the cache is exported and a new one begins.
|
|
Flow cache size: The maximum number of entries in a cache before it is exported. |
|
|
Upload interval (all): The interval (time in minutes) to export active sessions. |
|
|
Upload interval (inactive): The interval (time in minutes) to export inactive flows. |
|
|
Upload interval template: The interval (time in minutes) to export templates. |
In the WebUI
|
1.
|
In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab. |
|
3.
|
Select Enabled from the Enable IPFIX drop-down list. |
|
4.
|
Enter the maximum number of entries in the Flow cache size field. |
|
5.
|
Enter the time interval for an active session in the Upload interval (all) field. |
|
6.
|
Enter the time interval for an inactive session in the Upload interval (inactive) field. |
|
7.
|
Enter the time interval to export templates in the Upload interval template field. |
|
9.
|
Click Pending Changes. |
|
10.
|
In the Pending Changes window, select the check box and click Deploy changes. |
In the CLI
The following CLI commands can be used to adjust the Flow cache size and interval export settings.
(host) [mynode] (config)#ip-flow-export-profile
(host) [mynode](ip flow collector profile)#flow-cache-size<interger>
(host) [mynode](ip flow collector profile)#upload-all-interval<interger>
(host) [mynode](ip flow collector profile)#upload-inactive-interval<interger>
(host) [mynode](ip flow collector profile)#upload-template-interval<interger>
Selecting the Observation Domain
The Observation Domain is a value used by the Collector Device to group devices when receiving data sessions.
In the WebUI
|
1.
|
In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab. |
|
3.
|
Select Enabled from the Enable IPFIX drop-down list. |
|
4.
|
Enter the value in the Observation Domain field. |
|
6.
|
Click Pending Changes. |
|
7.
|
In the Pending Changes window, select the check box and click Deploy changes. |
In the CLI
(host) [mynode] (config)#ip-flow-export-profile
(host) [mynode] (ip flow collector profile)#observation-domain