Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_options:opt_statistics:statistics_settings [2020/02/05 17:30] – ↷ Page moved from en:dpi:dpi_options:base_functionality:opt_statistics:statistics_settings to en:dpi:dpi_options:opt_statistics:statistics_settings lexx26
+++ en:dpi:dpi_options:opt_statistics:statistics_settings [2025/03/06 08:05] (current) – [Configuration of each type NetFlow] elena.krasnobryzh
@@ Line 1: / Line 1: @@
 ====== Configuring service ======
+{{indexmenu_n>2}}
+The option is configured or disabled by parameters in configuration file ''/etc/dpi/fastdpi.conf''.
+<note warning>NetFlow parameters are cold, so changes require a service restart.</note>
+===== Statistics export configuration =====
+To switch on the export of statistics:
+<code>netflow=1</code>
+  * 0 or no parameter - export disabled;
+  * 1 - export statistics by protocols (port numbers);
+  * 2 - export statistics by directions (independent systems' numbers);
+  * 4 - export statistics for billing;
+  * 8 - export the complete statistical information on sessions;
+<note important>3 = 1 + 2 - simultaneous export of statistics by protocols and by directions. Other values are combined similarly.</note>
+The network interface name to export netflow with statistics:
+<code>netflow_dev=eth2</code>
+Data export period in seconds:
+<code>netflow_timeout=10</code>
+===== Configuration of each type NetFlow =====
+IP address and port number of netflow collector for statistics **by protocols**:
+<code>netflow_collector=192.168.0.1:9997</code>
+<note warning>It is necessary to specify a separate collector for each type so that the data does not mix!</note>
+IP address and port number of netflow collector with statistics **by directions**:
+<code>netflow_as_collector=192.168.0.1:9998</code>
+Directions to collect and aggregate data:
+  * 1 for external independent systems only (OK for household operators as there are no other independent systems rather than the operator itself on one side);
+  * 2 for internal independent systems only;
+  * 3 = 1 + 2 for both (OK for transit operators. However, as the aggregation by AS is made separately, data would be counted twice in the exported statistics - for each of AS participating in data transmission).
+<code>netflow_as_direction=1</code>
+IP address and port number of NetFlow collector with** statistics for billing.** One has to specify the separate collector to avoid data messing with other statistics:
+<code>netflow_bill_collector=192.168.0.1:9995</code>
+<note important>The billing statistics is formed only for those subscribers that have [[en:dpi:dpi_components:platform:dpi_billing|service 9]] enabled.\\
+IPFIX does not pass information about the host IP:port with which the subscriber is communicating.</note>
+Setting up the statistics format:
+<code>netflow_bill_collector_type=2</code>
+  * 0 - netflow_v5 ( default )
+  * 1 - ipfix udp
+  * 2 - ipfix tcp
+The whole traffic volume is counted by default. This includes packet headers as well. In order to count the useful traffic only((The traffic with no packet headers may be 3.5 times smaller than the total one. For example, the minimal torrent UDP packet may be 64 bytes. The UDP header is 28 bytes and Ethernet frame size is 18 bytes. The resulting useful information is 18 bytes only of 64 total.)) please specify:
+<code>netflow_bill_method=1</code>
+[[en:dpi:dpi_options:opt_priority:priority_config|The traffic class assigned by DPI]] is specified in TOS field of netflow with billing statistics. This information can be used to create attractive billing plans.
+IP address and port number of netflow collector with full statistics. One has to specify the separate collector to avoid data messing with other statistics:
+<code>netflow_full_collector=192.168.0.1:9996
+netflow_passive_timeout=30
+netflow_active_timeout=300
+</code>
+Here
+  * netflow_passive_timeout=30 - is the time to wait for session activity. If no activity in this time, the session is treated as closed and its information is transmitted
+  * netflow_active_timeout=300 - is the time to report on the long sessions: in fact, such sessions are split into fragments of this duration.
+The complete statistics preserved original port numbers. The information on detected protocols is sent in normally empty bytes 46-47. In case one needs to analyse the protocols in use, the system can be configured to send the protocol information in the port number:
+<code>netflow_full_port_swap=1</code>
+<note>NetFlow protocol does not ensure the delivery of packets as it works over UDP. If the collector has not enough capacity to receive the data, some packets are just lost. The collector has to receive data at rates no less than 60 Mb/s to handle full statistics for 10Gb channel. Please check your collector's capabilities before sending the netflow traffic.
+At the same time short peaks up to 100 Mb/s may happen when sending netflow from DPI. Few collectors are able to receive such data flow with no losses, for example nfsen/nfdump.</note>
+In order to smooth such peaks and load the collector in a uniform way one can set the parameter:
+<code>netflow_rate_limit=60</code>
+Here 60 is the maximal netflow rate in Mb/s.
+<note important>This value has to be set according to 6 Mb/s for each 1Gb of the external channel. Insufficient rate setting leads to data losses already on DPI side. This event is reflected in log file **/var/log/dpi/fastdpi_alert.log.**</note>
+===== Configuration Example =====
+An example is described in the section [[en:dpi:dpi_components:qoestor:configuration:dpi|QoE Stor: DPI Configuration]]

Profile

Settings

Differences