Accounting data export using the IPFIX format [Документация VAS Experts]

Accounting data export using the IPFIX format

Starting from the VAS Experts DPI version 8.0, accounting data along with the Radius protocol data can also be exported using the ipfix format. Ipfix export is configured by the following parameters in fastpcrf.conf:

ipfix_dev=em1
ipfix_udp_collectors=1.2.3.4:1500,1.2.3.5:1501
ipfix_tcp_collectors=1.2.3.6:9418

here em1 is the name of network interface used to export
ipfix_udp_collectors are the udp collectors addresses
ipfix_tcp_collectors are the tcp collectors addresses

Only "in use" collector addresses should be specified: for example, if only the UDP collector is supported then there is no need to specify the ipfix_tcp_collectors.

Шаблон:

Number of bytes Data type IANA Description
1001 4 int32 43823 TIMESTAMP
4001 4 int32 43823 AAA event type: 0 - beginning, 1 - end, 2 - update
4002 - string 43823 Accounting session ID (max. length is 64 bytes)
1003 4 ipv4 43823 IPv4 address, in case of IPv6 it is equal to 0
1103 16 ipv6 43823 IPv6 address, in case of IPv4 it is equal to 0 (::)
1002 - string 43823 LOGIN
4003 4 int32 43823 Connection type
4004 - string 43823 Calling-Station-Id
4005 - string 43823 Called-Station-Id
4006 4 ipv4 43823 NAS-IP-Address, in case of IPv6 it is equal to 0
4106 16 ipv6 43823 NAS-IPv6-Address, in case of IPv4 it is equal to 0 (::)
4007 4 int32 43823 NAS-Port
4008 8 int64 43823 Incoming bytes number
4009 8 int64 43823 Outcoming bytes number

Connection types (value of the Framed-Protocol Radius attribute):

Type Description
0 Attribute is not specified
1 PPP
2 SLIP
3 AppleTalk Remote Access Protocol (ARAP)
4 Gandalf proprietary SingleLink/MultiLink protocol
5 Xylogics proprietary IPX/SLIP
6 X.75 Synchronous
7 GPRS PDP Context

Ipfixreceiver configuration:

[InfoModel]
InfoElements =  timestamp,         43823, 1001, SECONDS, True
                event_type,        43823, 4001, INT32,   True
                acct_session_id,   43823, 4002, STRING
                source_ip4,        43823, 1003, IP4ADDR, True
                source_ip6,        43823, 1103, IP6ADDR
                login,             43823, 1002, STRING
                conn_type,         43823, 4003, INT32,   True
                calling_station_id,43823, 4004, STRING
                called_station_id, 43823, 4005, STRING
                NAS_ip4,           43823, 4006, IP4ADDR, True
                NAS_ip6,           43823, 4106, IP6ADDR
                NAS_port,          43823, 4007, INT32,   True
                input_bytes,       43823, 4008, UINT64,  True
                output_bytes,      43823, 4009, UINT64,  True

[ExportModelFile]
Delimiter = ;
ExportElements = timestamp, seconds, %%Y-%%m-%%dT%%H:%%M:%%S
                event_type
                acct_session_id
                source_ip4, decodeipv4
                source_ip6, decodeipv6
                login
                conn_type
                calling_station_id
                called_station_id
                NAS_ip4, decodeipv4
                NAS_ip6, decodeipv6
                NAS_port
                input_bytes
                output_bytes

A list of the correspondence between the Protocol and the port number in netfow5 can be found here.