Table of Contents
Configuring Full NetFlow Export in IPFIX Format
The netflow_full_collector_type parameter defines the export format for full NetFlow. Possible values:
0- export in NetFlow5 format (default value).1- export IPFIX to a UDP collector.2- export IPFIX to a TCP collector.
The netflow_tos_format parameter defines the format of the TOS field data in IPFIX. Possible values:
0- 3 bits are transmitted (default value).1- 6 bits are transmitted (full DSCP).
The netflow_plc_stat parameter defines the set of transmitted statistics data for dropped packets according to policing or drop rules. The parameter is a bitmask.
By default, the mask has the value 0x07 — statistics for dropped data of session + subscriber + virtual channel policing are transmitted.
Affects the formation of the DROPPED_BYTES and DROPPED_PACKETS counters.
Values that make up the mask:
0xff- any drop is transmitted0- do not count1- count for session policing2- count for subscriber policing4- count for virtual channel policing8- count when packets are dropped (drop) by protocol16- count in all other cases
The ipfix_mtu_limit parameter sets the maximum UDP packet size when sending IPFIX. By default, it equals the minimum MTU of the interfaces used for sending.
The configuration parameter
ipfix_reserved allows reserving the necessary memory to enable/change IPFIX/Netflow parameters.If IPFIX/Netflow parameters are set in the configuration file, memory reservation for IPFIX/Netflow is automatically enabled, and IPFIX/Netflow parameters and new exporter types can be changed without restarting fastDPI.
For collecting information in IPFIX format, any universal IPFIX collector that understands templates, or the IPFIX Receiver utility, is suitable.
Export Template in IPFIX Format (Netflow v10) for IPv4 Protocol
| Export Template for IPv4 | ||||||
|---|---|---|---|---|---|---|
| № | Bytes | Data Type | IANA | Description | Notes | Used in QoEStor |
| 1 | 8 | int64 | 0 | OCTET_DELTA_COUNT | Analog in NetFlow v9 IN_BYTES | Used |
| 2 | 8 | int64 | 0 | PACKET_DELTA_COUNT | Analog in NetFlow v9 IN_PKTS | Used |
| 4 | 1 | int8 | 0 | PROTOCOL_IDENTIFIER | Analog in NetFlow v9 PROTOCOL | Used |
| 5 | 1 | int8 | 0 | IP_CLASS_OF_SERVICE | Analog in NetFlow v9 TOS | Used |
| 7 | 2 | int16 | 0 | SOURCE_TRANSPORT_PORT | Analog in NetFlow v9 L4_SRC_PORT | Used |
| 8 | 4 | int32 | 0 | SOURCE_IPV4_ADDRESS | Analog in NetFlow v9 IPV4_SRC_ADDR | Used |
| 11 | 2 | int16 | 0 | DESTINATION_TRANSPORT_PORT | Analog in NetFlow v9 L4_DST_PORT | Used |
| 12 | 4 | int32 | 0 | DESTINATION_IPV4_ADDRESS | Analog in NetFlow v9 IPV4_DST_ADDR | Used |
| 16 | 4 | int32 | 0 | BGP_SOURCE_AS_NUMBER | Analog in NetFlow v9 SRC_AS | Used |
| 17 | 4 | int32 | 0 | BGP_DESTINATION_AS_NUMBER | Analog in NetFlow v9 DST_AS | Used |
| 152 | 8 | int64 | 0 | FLOW_START_MILLISECOND | Used | |
| 153 | 8 | int64 | 0 | FLOW_END_MILLISECOND | Used | |
| 10 | 2 | int16 | 0 | INPUT_SNMP | Analog in NetFlow v9 IngressInterface | Used |
| 14 | 2 | int16 | 0 | OUTPUT_SNMP | Analog in NetFlow v9 EgressInterface | Used |
| 60 | 1 | int8 | 0 | IP_VERSION | Analog in NetFlow v9 IP_PROTOCOL_VERSION | Used |
| 2000 | 8 | int64 | 43823 | SESSION_ID | Used | |
| 2001 | - | string | 43823 | HTTP_HOST or CN_HTTPS | Used | |
| 2002 | 2 | int16 | 43823 | DPI_PROTOCOL | Used | |
| 2003 | - | string | 43823 | LOGIN | Analog in Radius User-Name | Used |
| 225 | 4 | int32 | 0 | POST_NAT_SOURCE_IPV4_ADDRESS | Used | |
| 227 | 2 | int16 | 0 | POST_NAPT_SOURCE_TRANSPORT_PORT | Used | |
| 2010 | 2 | int16 | 43823 | FRGMT_DELTA_PACKS | Delta of fragmented packets. | Used |
| 2011 | 2 | int16 | 43823 | REPEAT_DELTA_PACK | Delta of retransmissions. | Used |
| 2012 | 4 | int32 | 43823 | PACKET_DELIVER_TIME | Delay (RTT/2) in ms (RTT=round-trip time). | Used |
| 2016 | 2 | int16 | 43823 | BRIDGE_CHANNEL_NUM | Channel number (vchannel) or bridge. If vchannels are configured in DPI, the channel number will be transmitted, otherwise the bridge number. | Used |
| 6 | 2 | int16 | 0 | TCP_FLAGS | TCP control bits | Used |
| 58 | 2 | int16 | 0 | SRC_VLAN | VLAN ID | Used |
| 59 | 2 | int16 | 0 | DST_VLAN | Post VLAN ID | Used |
| 56 | 6 | mac_address | 0 | SRC_MAC | Source MAC address | Used |
| 57 | 6 | mac_address | 0 | DST_MAC | Destination MAC address | Used |
| 2017 | - | raw | 43823 | MPLS Lables | Used | |
| 132 | 8 | int64 | 0 | DROPPED_BYTES | Delta count of dropped octets. For example: data is dumped at minute T1 and T2. The delta will show the difference in the number of octets between minute T1 and T2. | Used |
| 133 | 8 | int64 | 0 | DROPPED_PACKETS | Delta count of dropped packets. For example: data is dumped at minute T1 and T2. The delta will show the difference in the number of packets between minute T1 and T2. | Used |
| 2019 | 1 | int8 | 43823 | originalTOS | Original TOS value from IP header | Used |
Export Template in IPFIX Format (Netflow v10) for IPv6 Protocol
The template is similar to IPv4 except that the following fields are absent: SOURCE_IPV4_ADDRESS, DESTINATION_IPV4_ADDRESSs, POST_NAT_SOURCE_IPV4_ADDRESS, POST_NAT_SOURCE_TRANSPORT_PORT, – and the following are present:
| Export Template for IPv6 | |||||
|---|---|---|---|---|---|
| № | Bytes | Data Type | IANA | Description | Notes |
| 27 | 16 | int128 | 0 | SOURCE_IPV6_ADDRESS | Analog in NetFlow v9 IPV6_SRC_ADDR |
| 28 | 16 | int128 | 0 | DESTINATION_IPV6_ADDRESS | Analog in NetFlow v9 IPV6_DST_ADDR |