IPFIX

Internet Protocol Flow Information Export (IPFIX) is an IETF protocol, as well as the name of the IETF working group defining the protocol. It was created based on the need for a common, universal standard of export for Internet Protocol flow information from routers, probes and other devices that are used by mediation systems, accounting/billing systems and network management systems to facilitate services such as measurement, accounting and billing. The IPFIX standard defines how IP flow information is to be formatted and transferred from an exporter to a collector.

IPFIX flow exporter

IPFIX exporter information is configured and saved as flow exporter

Commands

flow exporter

Enter flow exporter configuration mode

destination A.B.C.D

Set IPFIX flow collector IPv4 address

source A.B.C.D

Set IPFIX flow packets source. This address should be valid on router.

transport udp (1-65535)

Define destination port

IPFIX flow monitor

IPFIX flow definitions

Commands

flow monitor

Enter flow monitor configuration mode

cache timeout active (1-604800)

Set active flow cache timeout in seconds

cache timeout inactive (1-604800)

Set inactive flow cache timeout in seconds

record netflow <ipv4|ipv6> prefix-port

Start recording flows information containing 5-tuple of source address, destination address, protocol, source port and destination port

no record netflow <ipv4|ipv6> prefix-port

stop recording flows information

ip flow monitor output

Apply flow monitor on an interface output

no ip flow monitor output

Remove flow monitor on an interface output

Logging

Debugging logs can be set in case of need.

[no] debug ipfix event

log data plane installation processes and results

Setup IPFIX

To setup IPFIX, one needs to do three things:

  1. Define flow exporter

  2. Define flow monitor

  3. Apply monitor on 1 or more interfaces to collect data

Example configuration

soodar(config)# interface ge3
soodar(config-if)# ip address 192.168.1.10/24
soodar(config-if)# flow exporter
soodar(config-flow-exporter)# destination 192.168.1.20
soodar(config-flow-exporter)# source 192.168.1.10
soodar(config-flow-exporter)# transport udp 15200
soodar(config-flow-exporter)# flow monitor
soodar(config-flow-monitor)# cache timeout active 1800
soodar(config-flow-monitor)# cache timeout inactive 15
soodar(config-flow-monitor)# record netflow ipv4 prefix-port
soodar(config-flow-monitor)# interface ge0
soodar(config-if)# ip flow monitor output