Monitoring Network Traffic Using IP Flow Information Export

IP Flow Information Export allows clients to easily monitor network traffic to and from the node. This information is cached on the managed device, then exported to an assigned collector server within the node once the table is full or the timer has expired. This information is then logged and stored by the collector server for viewing. Listed below are the tasks to monitor network traffic using IP flow information export:

Enabling IP Flow Information Export

Before enabling IP Flow Information Export, the device must be configured for local management within the node. If the device is not locally managed, the IPFIX tab will not be displayed in the WebUI.

The following procedure describes how to enable IP Flow Information Export:

1. In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab.

2. Expand IPFIX accordion.

3. Click the Enable IPFIX toggle switch to enable this setting.

4. Click Submit.

5. Click Pending Changes.

6. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands enable IP Flow Information Export:

(host) [md] (config)#ip-flow-export-profile

(host) [md] (ip flow collector profile)#enable

Enabling Wireless Export

Starting with ArubaOS 8.0.1.0, IP Flow Information Export supports wireless export. When wireless export is enabled, a new template is defined to gather and export information about WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. clients, in addition to the standard attributes exported through the existing, pre-defined template.

The wireless attributes include:

Station MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.

Station IP

Station SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.

AP MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.

 

If wireless export is enabled, data flows become unidirectional.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands enable wireless export:

(host) [mynode] (config) #ip-flow-export-profile

(host) [mynode] (ip flow collector profile) #wireless-export

Assigning the Collector Device

When a device belonging to a node exports a cache, it is sent to the designated Collector Device in that node. The Collector Device receives, logs and stores the data from the other devices in the node.

The following procedure describes how to assign the collector IP address:

1. In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab.

2. Expand IPFIX accordion.

3. Click the Enable IPFIX toggle switch to enable this setting.

4. Enter the IP address of the device in the Collector IP address field.

5. Click Submit.

6. Click Pending Changes.

7. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands assign the collector IP address:

(host) [md] (config)#ip-flow-export-profile

(host) [md] (ip flow collector profile)#collector-ip <collector ip address>

Selecting a Transfer Mode

IP Flow Information Export supports UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. and TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. transfer protocols when sending a cache from a device to the Collector Device.

The following procedure describes how to select a transport mode:

1. In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab.

2. Expand IPFIX accordion.

3. Click the Enable IPFIX toggle switch to enable this setting.

4. Select a transfer protocol from the Transport mode drop-down list.

5. Click Submit.

6. Click Pending Changes.

7. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands select a transport mode:

(host) [md] (config)#ip-flow-export-profile

(host) [md] (ip flow collector profile)# transport-protocol<protocol>

Assigning a Destination Port

Clients can assign a destination port on the Collector Device to direct incoming data caches from other devices in the node.

The following procedure describes how to ssign a destination port on the Collector Device:

1. In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab.

2. Expand IPFIX accordion.

3. Click the Enable IPFIX toggle switch to enable this setting.

4. Enter the port number in the Port field.

5. Click Submit.

6. Click Pending Changes.

7. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands assign a port on the Collector Device :

(host) [md] (config)#ip-flow-export-profile

(host) [md] (ip flow collector profile)#port <port number>

Modifying the Flow Cache Size and Interval Settings

The Flow Cache limits when the cache is exported to the Collector Device and can be determined by the size of the cache or the duration of time in the session. When any one of these values is met, the cache is exported and a new one begins.

Flow cache size: The maximum number of entries in a cache before it is exported.

Upload interval (all): The interval (time in minutes) to export active sessions.

Upload interval (inactive): The interval (time in minutes) to export inactive flows.

Upload interval template: The interval (time in minutes) to export templates.

The following procedure describes how to adjust the flow cache size and interval settings:

1. In a Managed Network node hierarchy, navigate to Configuration > Services and select the External Services tab.

2. Expand IPFIX accordion.

3. Click the Enable IPFIX toggle switch to enable this setting.

4. Enter the maximum number of entries in the Flow cache size field.

5. Enter the time interval for an active session in the Upload interval (all) field.

6. Enter the time interval for an inactive session in the Upload interval (inactive) field.

7. Enter the time interval to export templates in the Upload interval (template) field.

8. Click Submit.

9. Click Pending Changes.

10. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands adjusts the Flow cache size and interval export settings:

(host) [md] (config)#ip-flow-export-profile

(host) [md](ip flow collector profile)#flow-cache-size<interger>

(host) [md](ip flow collector profile)#upload-all-interval<interger>

(host) [md](ip flow collector profile)#upload-inactive-interval<interger>

(host) [md](ip flow collector profile)#upload-template-interval<interger>

Selecting the Observation Domain

The Observation Domain is a value used by the Collector Device to group devices when receiving data sessions.

The following procedure describes how to configure observation domain:

1. In a Managed Network node hierarchy, navigate to ConfigurationServices and select the External Services tab.

2. Expand IPFIX accordion.

3. Click the Enable IPFIX toggle switch to enable this setting.

4. Enter the value in the Observation Domain field.

5. Click Submit.

6. Click Pending Changes.

7. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure observation domain:

(host) [md] (config)#ip-flow-export-profile

(host) [md] (ip flow collector profile)#observation-domain