This is an old revision of the document!
3 Configuring export in IPFIX (Netflow 10)
NetFlow control can be changed by next setting:
netflow_full_collector_type=1
где
0 - export netflow5 ( default )
1 - export UDP ipfix
2 - export TCP ipfix
Export template for IPFIX format (Netflow v10)
| № | Size | Type | IANA | Description | Note |
|---|---|---|---|---|---|
| 1 | 8 | int64 | 0 | OCTETDELTACOUNT | netflow9 analogy IN_BYTES |
| 2 | 8 | int64 | 0 | PACKETDELTACOUNT | netflow9 analogy IN_PKTS |
| 4 | 1 | int8 | 0 | PROTOCOLIDENTIFIER | netflow9 analogy PROTOCOL |
| 5 | 1 | int8 | 0 | IPCLASSOFSERVICE | netflow9 analogy TOS |
| 7 | 2 | int16 | 0 | SOURCETRANSPORTPORT | netflow9 analogy L4_SRC_PORT |
| 8 | 4 | int32 | 0 | SOURCEIPV4ADDRESS | netflow9 analogy IPV4_SRC_ADDR |
| 11 | 2 | int16 | 0 | DESTINATIONTRANSPORTPORT | netflow9 analogy L4_DST_PORT |
| 12 | 4 | int32 | 0 | DESTINATIONIPV4ADDRESS | netflow9 analogy IPV4_DST_ADDR |
| 16 | 4 | int32 | 0 | BGPSOURCEASNUMBER | netflow9 analogy SRC_AS |
| 17 | 4 | int32 | 0 | BGPDESTINATIONASNUMBER | netflow9 analogy DST_AS |
| 152 | 8 | int64 | 0 | FLOWSTARTMILLISECOND | |
| 153 | 8 | int64 | 0 | FLOWENDMILLISECOND | |
| 10 | 2 | int16 | 0 | INPUT_SNMP | netflow9 analogy ingressInterface |
| 14 | 2 | int16 | 0 | OUTPUT_SNMP | netflow9 analogy egressInterface |
| 60 | 1 | int8 | 0 | IPVERSION | netflow9 analogy IP_PROTOCOL_VERSION |
| 2000 | 8 | int64 | 43823 | SESSION ID | |
| 2001 | - | string | 43823 | HTTP HOST или CN HTTPS | |
| 2002 | 2 | int16 | 43823 | DPI PROTOCOL | |
| 2003 | - | string | 43823 | LOGIN (Radius UserName) | |
| 225 | 4 | int32 | 0 | POSTNATSOURCEIPV4ADDRESS | |
| 227 | 2 | int16 | 0 | POSTNAPTSOURCETRANSPORTPORT | |
| 2010 | 2 | int16 | 43823 | Fragmented packets delta | |
| 2011 | 2 | int16 | 43823 | Retransmissions delta | |
| 2012 | 4 | int32 | 43823 | Latency (RTT/2), ms (RTT = Round Trip Time) |
The export pattern in IPFIX format for IPv6 differs only in the absence of the fields: sourceIPv4Address, destinationIPv4Address, postNATsourceIPv4Address, postNAPTsourceTransportPort, and the presence of the following fields:
| № | Num of bytes | Data type | IANA | Description | Note |
|---|---|---|---|---|---|
| 27 | 16 | int128 | 0 | SOURCEIPV6ADDRESS | netflow9 analogy IPV6_SRC_ADDR |
| 28 | 16 | int128 | 0 | DESTINATINATIONIPV6ADDRESS | netflow9 analogy IPV6_DST_ADDR |
To collect, process and store IPFIX we suggest using the QoE Store statistics module and DPIUI2 graphical interface.
For extended information in IPFIX format can be used any universal IPFIX collector, for instance - CESNET ipfixcol or our utility IPFIX Receiver