Configuring export in IPFIX (Netflow 10)
NetFlow control can be changed by next setting:
netflow_full_collector_type=1
0- export in NetFlow5 format (default value).1- IPFIX export to a UDP collector.2- IPFIX export to a TCP collector.
The netflow_tos_format parameter defines the data format of the TOS field in IPFIX.
0- default value.3- bit (priority only).1- 6-bit (full DSCP).
The following is an IPFIX (Netflow v10) export template for IPv4.
| Export template for IPFIX format (Netflow v10) | ||||||
|---|---|---|---|---|---|---|
| № | Size | Type | IANA | Description | Note | Use in QoEStor |
| 1 | 8 | int64 | 0 | OCTET_DELTA_COUNT | NetFlow v9 analogy IN_BYTES | Used |
| 2 | 8 | int64 | 0 | PACKET_DELTA_COUNT | NetFlow v9 analogy IN_PKTS | Used |
| 4 | 1 | int8 | 0 | PROTOCOL_IDENTIFIER | NetFlow v9 analogy PROTOCOL | Used |
| 5 | 1 | int8 | 0 | IP_CLASS_OF_SERVICE | NetFlow v9 analogy TOS | Used |
| 7 | 2 | int16 | 0 | SOURCE_TRANSPORT_PORT | NetFlow v9 analogy L4_SRC_PORT | Used |
| 8 | 4 | int32 | 0 | SOURCE_IPV4_ADDRESS | NetFlow v9 analogy IPV4_SRC_ADDR | Used |
| 11 | 2 | int16 | 0 | DESTINATION_TRANSPORT_PORT | NetFlow v9 analogy L4_DST_PORT | Used |
| 12 | 4 | int32 | 0 | DESTINATION_IPV4_ADDRESS | NetFlow v9 analogy IPV4_DST_ADDR | Used |
| 16 | 4 | int32 | 0 | BGP_SOURCE_AS_NUMBER | NetFlow v9 analogy SRC_AS | Used |
| 17 | 4 | int32 | 0 | BGP_DESTINATION_AS_NUMBER | NetFlow v9 analogy DST_AS | Used |
| 152 | 8 | int64 | 0 | FLOW_START_MILLISECOND | Used | |
| 153 | 8 | int64 | 0 | FLOW_END_MILLISECOND | Used | |
| 10 | 2 | int16 | 0 | INPUT_SNMP | NetFlow v9 analogy ingressInterface | Used |
| 14 | 2 | int16 | 0 | OUTPUT_SNMP | NetFlow v9 analogy egressInterface | Used |
| 60 | 1 | int8 | 0 | IP_VERSION | NetFlow v9 analogy IP_PROTOCOL_VERSION | Used |
| 2000 | 8 | int64 | 43823 | SESSION_ID | Used | |
| 2001 | - | string | 43823 | HTTP_HOST or CN_HTTPS | Used | |
| 2002 | 2 | int16 | 43823 | DPI_PROTOCOL | Used | |
| 2003 | - | string | 43823 | LOGIN | Radius UserName | Used |
| 225 | 4 | int32 | 0 | POST_NAT_SOURCE_IPV4_ADDRESS | Used | |
| 227 | 2 | int16 | 0 | POST_NAPT_SOURCE_TRANSPORT_PORT | Used | |
| 2010 | 2 | int16 | 43823 | FRGMT_DELTA_PACKS | Fragmented packets delta. Used in QoEStor. | Used |
| 2011 | 2 | int16 | 43823 | REPEAT_DELTA_PACK | Retransmissions delta. Used in QoEStor. | Used |
| 2012 | 4 | int32 | 43823 | PACKET_DELIVER_TIME | Latency (RTT/2), ms (RTT = Round Trip Time). Used in QoEStor. | Used |
| 2016 | 2 | int16 | 43823 | BRIDGE_CHANNEL_NUM | Channel number (vchannel) or bridge. If vchannel is configured in the DPI configuration, then the channel number will be transmitted, otherwise the bridge number. Used in QoEStor. | Used |
| 6 | 2 | int16 | 0 | TCP_FLAGS | TCP Control Bits | Used |
| 58 | 2 | int16 | 0 | SRC_VLAN | Vlan ID | Used |
| 59 | 2 | int16 | 0 | DST_VLAN | Post Vlan ID | Used |
| 56 | 6 | mac_address | 0 | SRC_MAC | Source MAC Address | Used |
| 57 | 6 | mac_address | 0 | DST_MAC | Destination MAC Address | Used |
| 2017 | - | raw | 43823 | MPLS Lables | Used | |
| 132 | 8 | int64 | 0 | DROPPED_BYTES | Dropped Octet Delta Count | Used |
| 133 | 8 | int64 | 0 | DROPPED_PACKETS | Dropped Packet Delta Count | Used |
| 2019 | 1 | int8 | 43823 | originalTOS | Original tos value from the IP header | Used |
Below is an IPFIX export template for an IPv6 protocl for IPv6. The following fields are missing from this template: SOURCE_IPV4_ADDRESS, DESTINATION_IPV4_ADDRESSs, POST_NAT_SOURCE_IPV4_ADDRESS, POST_NAT_SOURCE_TRANSPORT_PORT, – and contains the following fields:
| Export template for IPv6 | |||||
|---|---|---|---|---|---|
| № | Num of bytes | Data type | IANA | Description | Note |
| 27 | 16 | int128 | 0 | SOURCE_IPV6_ADDRESS | NetFlow v9 analogy IPV6_SRC_ADDR |
| 28 | 16 | int128 | 0 | DESTINATION_IPV6_ADDRESS | NetFlow v9 analogy IPV6_DST_ADDR |
To collect, process and store IPFIX we suggest using the QoE Store statistics module and DPIUI2 graphical interface.
For extended information in IPFIX format can be used any universal IPFIX collector, for instance - CESNET ipfixcol or our utility IPFIX Receiver.