This is an old revision of the document!
Configuring Full NetFlow export in IPFIX (Netflow 10)
NetFlow control can be changed by next setting:
netflow_full_collector_type=1
0- export in NetFlow5 format (default value).1- IPFIX export to a UDP collector.2- IPFIX export to a TCP collector.
The netflow_tos_format parameter defines the format of the TOS field data in IPFIX. Possible values:
0- 3 bits are transmitted (default value).1- 6 bits are transmitted (full DSCP).
The netflow_plc_stat=0xff parameter defines the method for saving dropped packet statistics for FullFlow policing. The parameter is a bitmask. By default, the mask has the value 0x07 — session + subscriber policing + virtual channel policing.
Affects the parameters of the DROPPED_BYTES and DROPPED_PACKETS template.
Values that make up the mask:
0- do not count1- count for session policing2- count for subscriber policing4- count for virtual channel policing8- count when packets are dropped by protocol16- count in all the above cases
The following is an IPFIX (Netflow v10) export template for IPv4.
| Export template for IPFIX format (Netflow v10) | ||||||
|---|---|---|---|---|---|---|
| № | Size | Type | IANA | Description | Note | Use in QoEStor |
| 1 | 8 | int64 | 0 | OCTET_DELTA_COUNT | NetFlow v9 analogy IN_BYTES | Used |
| 2 | 8 | int64 | 0 | PACKET_DELTA_COUNT | NetFlow v9 analogy IN_PKTS | Used |
| 4 | 1 | int8 | 0 | PROTOCOL_IDENTIFIER | NetFlow v9 analogy PROTOCOL | Used |
| 5 | 1 | int8 | 0 | IP_CLASS_OF_SERVICE | NetFlow v9 analogy TOS | Used |
| 7 | 2 | int16 | 0 | SOURCE_TRANSPORT_PORT | NetFlow v9 analogy L4_SRC_PORT | Used |
| 8 | 4 | int32 | 0 | SOURCE_IPV4_ADDRESS | NetFlow v9 analogy IPV4_SRC_ADDR | Used |
| 11 | 2 | int16 | 0 | DESTINATION_TRANSPORT_PORT | NetFlow v9 analogy L4_DST_PORT | Used |
| 12 | 4 | int32 | 0 | DESTINATION_IPV4_ADDRESS | NetFlow v9 analogy IPV4_DST_ADDR | Used |
| 16 | 4 | int32 | 0 | BGP_SOURCE_AS_NUMBER | NetFlow v9 analogy SRC_AS | Used |
| 17 | 4 | int32 | 0 | BGP_DESTINATION_AS_NUMBER | NetFlow v9 analogy DST_AS | Used |
| 152 | 8 | int64 | 0 | FLOW_START_MILLISECOND | Used | |
| 153 | 8 | int64 | 0 | FLOW_END_MILLISECOND | Used | |
| 10 | 2 | int16 | 0 | INPUT_SNMP | NetFlow v9 analogy ingressInterface | Used |
| 14 | 2 | int16 | 0 | OUTPUT_SNMP | NetFlow v9 analogy egressInterface | Used |
| 60 | 1 | int8 | 0 | IP_VERSION | NetFlow v9 analogy IP_PROTOCOL_VERSION | Used |
| 2000 | 8 | int64 | 43823 | SESSION_ID | Used | |
| 2001 | - | string | 43823 | HTTP_HOST or CN_HTTPS | Used | |
| 2002 | 2 | int16 | 43823 | DPI_PROTOCOL | Used | |
| 2003 | - | string | 43823 | LOGIN | Radius UserName | Used |
| 225 | 4 | int32 | 0 | POST_NAT_SOURCE_IPV4_ADDRESS | Used | |
| 227 | 2 | int16 | 0 | POST_NAPT_SOURCE_TRANSPORT_PORT | Used | |
| 2010 | 2 | int16 | 43823 | FRGMT_DELTA_PACKS | Fragmented packets delta. Used in QoEStor. | Used |
| 2011 | 2 | int16 | 43823 | REPEAT_DELTA_PACK | Retransmissions delta. Used in QoEStor. | Used |
| 2012 | 4 | int32 | 43823 | PACKET_DELIVER_TIME | Latency (RTT/2), ms (RTT = Round Trip Time). Used in QoEStor. | Used |
| 2016 | 2 | int16 | 43823 | BRIDGE_CHANNEL_NUM | Channel number (vchannel) or bridge. If vchannel is configured in the DPI configuration, then the channel number will be transmitted, otherwise the bridge number. Used in QoEStor. | Used |
| 6 | 2 | int16 | 0 | TCP_FLAGS | TCP Control Bits | Used |
| 58 | 2 | int16 | 0 | SRC_VLAN | Vlan ID | Used |
| 59 | 2 | int16 | 0 | DST_VLAN | Post Vlan ID | Used |
| 56 | 6 | mac_address | 0 | SRC_MAC | Source MAC Address | Used |
| 57 | 6 | mac_address | 0 | DST_MAC | Destination MAC Address | Used |
| 2017 | - | raw | 43823 | MPLS Lables | Used | |
| 132 | 8 | int64 | 0 | DROPPED_BYTES | Dropped Octet Delta Count | Used |
| 133 | 8 | int64 | 0 | DROPPED_PACKETS | Dropped Packet Delta Count | Used |
| 2019 | 1 | int8 | 43823 | originalTOS | Original tos value from the IP header | Used |
Below is an IPFIX export template for an IPv6 protocl for IPv6. The following fields are missing from this template: SOURCE_IPV4_ADDRESS, DESTINATION_IPV4_ADDRESSs, POST_NAT_SOURCE_IPV4_ADDRESS, POST_NAT_SOURCE_TRANSPORT_PORT, – and contains the following fields:
| Export template for IPv6 | |||||
|---|---|---|---|---|---|
| № | Num of bytes | Data type | IANA | Description | Note |
| 27 | 16 | int128 | 0 | SOURCE_IPV6_ADDRESS | NetFlow v9 analogy IPV6_SRC_ADDR |
| 28 | 16 | int128 | 0 | DESTINATION_IPV6_ADDRESS | NetFlow v9 analogy IPV6_DST_ADDR |
For extended information in IPFIX format can be used any universal IPFIX collector, for instance - CESNET ipfixcol or our utility IPFIX Receiver.
Was this information helpful?