IP Flow Information Export
Overview
In OcNOS, the Internet Protocol Flow Information Export (IPFIX) Exporter enables real-time traffic analysis. It achieves this through sampling, which involves selecting a subset of network traffic and exports flow records containing detailed information about the sampled traffic flows. It enables network operators to gain valuable insights into network traffic patterns and behaviors.
IPFIX Exporter Characteristics
The OcNOS router equipped with IPFIX Exporter functionality within the network infrastructure identifies the customer domain (Observation ID), samples ingress traffic, and generates IPFIX flow records. These flow records are transmitted to a designated collector node for further analysis.
Achieves efficient flow record management and export on the Jericho2 (Broadcom DNX) platform by leveraging hardware acceleration support and utilizing Application Specific Integrated Circuit (ASIC) capabilities, such as the Eventor block. ASIC ensures optimized performance and functionality at the hardware level.
The IPFIX exporter performs three core functions:
1. Selecting flows for sampling
2. Maintaining flow records
3. Exporting flow records
The following diagram illustrates the flow of network (ingress) traffic data in an IPFIX-enabled environment.
IPFIX Exporter
Here’s a breakdown of the process steps:
Packet Capture: Capture network traffic data by the IPFIX Exporter (OcNOS Router) from various sources within the network.
Flow Selection for Sampling: IPFIX enables administrators to selectively sample specific network flows, allowing targeted traffic monitoring based on predefined criteria.
Note: IPFIX supports ingress sampling and only one IPv4 template format.
Maintain Records: IPFIX Exporter maintains detailed flow records using hardware-accelerated functions. These records include comprehensive information such as IPv4 traffic details, source and destination addresses, port numbers, protocol specifics, and timestamps.
Export Records: The IPFIX Exporter aggregates and packages the flow records into IPFIX packets. These packets are then exported to configured collector nodes for centralized traffic analysis and management.
The IPFIX Exporter aggregates and packages flow records into IPFIX packets, which it then exports to configured collector nodes for centralized traffic analysis and management.
Transmission: The IPFIX Exporter sends packets to the designated collector device connected through the in-band network using the default UDP port number 4739. The collector IP address must be configured, and the port number is optional. If the port number is not specified, it defaults to 4739.
Collector: Collector nodes receive the IPFIX packets and parse the flow records for further analysis and interpretation
Note: OcNOS does not include an IPFIX Collector.
Analyzer: Specialized software or tools analyze the collected flow records to gain insights into network traffic patterns and behaviors.
Limitations:
• IPFIX does not support validating route reachability to collector nodes.
• IPFIX does not support sampling of sub-interfaces, LAG, and SVI interfaces.
• Hardware limitations cause disruptions lasting approximately twelve seconds when changes are made to samples-per-message.
• The hardware-profile filter command is not integrated with IPFIX. IPFIX allocates its TCAM resources upon configuration of the first IPFIX monitored interface and releases them when the last IPFIX monitored interface is removed. The key size for IPFIX is 320 bits.
Benefits
The IPFIX Exporter has the following benefits:
Enhanced Network Visibility: IPFIX provides detailed insights into network traffic, enabling network operators to identify and address issues promptly.
Efficient Network Management: By collecting and exporting flow records, IPFIX streamlines network management tasks, allowing for more effective monitoring and troubleshooting.
Optimized Resource Utilization: With targeted flow sampling and detailed flow records, IPFIX helps optimize resource utilization by focusing monitoring efforts on specific network segments or traffic types.
Prerequisites
• Before enabling IPFIX, check if any hardware-profile filter entries are enabled. If any entries with a key size less than 320 bits are enabled, it is recommended to first disable them. Then, configure the first IPFIX monitored interface, and finally, re-enable the existing entries. This ensures optimal allocation of TCAM resources. If a CRITICAL error message indicating No resources for operation appears when enabling IPFIX or re-enabling the existing entries, then all these features cannot be enabled simultaneously. Consider disabling other hardware filter entries. For example, on VXLAN Spine nodes, disable the vxlan filter to free up TCAM resources.
• Before configuring the IPFIX objects, enable the hardware-profile statistics cfm-lm enable filter statistics loss-measurement command in hardware. This action ensures that the necessary hardware functionality is enabled for seamless integration with the IPFIX configuration. It also ensures IPFIX counters are unused by other modules.
• Assign the IP address of a source and ingress interface configured on the exporter device.
The following show running output illustrates enabling hardware statistics loss-measurement and assigning the IP address to the required interfaces.
hardware-profile statistics cfm-lm enable
!
interface xe4
ip address 198.51.100.4/24
!
interface xe5
ip address 192.0.2.88/24
!
Note:
• The maximum number of unique sampling rates supported by IPFIX Exporter depends on the availability of free mirroring profiles in the ASIC.
• Various features like SFLOW, SNIFF, and Mirror utilize each mirroring profile. Qumran-2A series platform supports a maximum of 32 mirror profiles. For every sampling rate configuration, even if it matches an existing rate on another interface, it requires a new mirror-profile. Therefore, the number of ports that can be enabled with IPFIX is limited by the number of mirror-port profiles available in the system.
• The IPFIX Exporter sends template record format to the collector over the in-band, and the ASIC sends data records over the in-band.
Configuration
The following configuration enables the IPFIX feature on the OcNOS device, facilitating the collection and export of flow-specific information for network traffic analysis and management.
Topology
In this topology, simulated ingress traffic is routed through an OcNOS device equipped with IPFIX Exporter functionality before being transmitted to the collector.
Note: The collector should be operational and actively listening on the configured IP address and port. Additionally, it should be reachable from the OcNOS node.
IPFIX Exporter
The following commands configure the IPFIX Exporter in OcNOS, enabling the collection and export of flow-specific information for ingress traffic analysis and management. For additional information on each command, refer to the IPFIX Commands section.
Note: Ensure all Prerequisites are met before proceeding with the configuration.
1. Define an IP Flow Exporter for flow records:
When configuring the IP flow exporter (FLOW-EXPORTER), designate the source interface (xe5) for generating flow data and specify the destination collector IP address (192.0.2.89) and UDP port (90) for receiving the exported data. Assign a unique template ID (500) to ensure proper interpretation of the flow records, with templates refreshed at intervals of 600 seconds for accuracy. Also, set the number of flow samples per export message to 7 to determine the granularity of the exported data.
OcNOS(config)#ip-flow-exporter FLOW-EXPORTER
OcNOS(ip-flow-exporter)#source xe5
OcNOS(ip-flow-exporter)#collector 192.0.2.89 udp-port 90
OcNOS(ip-flow-exporter)#template-id 500
OcNOS(ip-flow-exporter)#template-refresh-interval 600
OcNOS(ip-flow-exporter)#samples-per-message 7
2. Create an IP Flow Monitor profile:
Establish a flow monitor (FLOW-MONITOR) to track network flows. Link it with the exporter (FLOW-EXPORTER) to transmit monitored flow data. Define a sampling rate 1024 to sample every 1024th packet for flow monitoring. Set the observation domain identifier (16) to identify the flow monitoring domain uniquely.
OcNOS(config)#ip-flow-monitor FLOW-MONITOR
OcNOS(ip-flow-monitor)#flow-exporter FLOW-EXPORTER
OcNOS(ip-flow-monitor)#sampling-rate 1024
OcNOS(ip-flow-monitor)#observation-domain-id 16
3. Map the flow monitor to the ingress interface:
Associate the IP Flow Monitor profile FLOW-MONITOR to the ingress interface xe4 to monitor traffic.
OcNOS(config)#interface xe4
OcNOS(config-if)#ip address 198.51.100.4/24
OcNOS(config-if)#flow-monitor FLOW-MONITOR
Validation
1. Verify the IPFIX exporter named FLOW-EXPORTER has been configured with the correct parameters using the output of the show ipfix command.
OcNOS#show ipfix
Exporters:
Name: FLOW-EXPORTER
Source: 192.0.2.88
Destination: 192.0.2.89
Source UDP: 53859
Destination UDP: 4739
Template ID: 500
Data Template Timeout:600
2. Check the exported fields in IPFIX data using the output of the show ipfix all command. Confirm the template ID and examine the list of fields in the template. These fields define the information captured in the flow records, including source and destination IP addresses, port numbers, and protocol details.
OcNOS#show ipfix all
Templates:
Template ID: 500
DIRECTON (61), Length:1
IP_VERSION (60), Length:1
IPV4_TOS (5), Length:1
IPV4_PKT_LEN (1), Length:2
IPV4_FRAG_OFFSET (88), Length:2
PROTOCOL (4), Length:1
IPV4_SIP (8), Length:4
IPV4_DIP (12), Length:4
L4_SRC_PORT (7), Length:2
L4_DST_PORT (11), Length:2
TCP_CONTROL (6), Length:2
ICMP_TYPE (32), Length:2
INGRESS_VRF (234), Length:4
INGRESS_IF (10), Length:2
EGRESS_VRF (235), Length:4
EGRESS_IF (14), Length:2
SYS_UPTIME (22), Length:4
Exporters:
Name: FLOW-EXPORTER
Source: 192.0.2.88
Destination: 192.0.2.89
Source UDP: 53859
Destination UDP: 4739
Template ID: 500
Data Template Timeout:600
3. Confirm the accuracy of the IPFIX-related configurations by examining the output of the show running-config ipfix command. Ensure the IP flow exporter and monitor profiles are properly configured with the correct parameters.
OcNOS#show running-config ipfix
hardware-profile statistics cfm-lm enable
!
ip-flow-exporter FLOW-EXPORTER
source xe5
collector destination 192.0.2.89
template-id 500
template-refresh-interval 600
samples-per-message 7
!
ip-flow-monitor FLOW-MONITOR
flow-exporter FLOW-EXPORTER
sampling-rate 1024
observation-domain-id 16
!
interface xe4
ip address 198.51.100.4/24
flow-monitor FLOW-MONITOR
!
interface xe5
ip address 192.0.2.88/24
!
4. Check the association of the IP flow monitor with the ingress interface (xe4) of the exporter device by examining the output of the show running-config interface command.
OcNOS#show running-config interface xe4
!
interface xe4
ip address 198.51.100.4/24
flow-monitor FLOW-MONITOR
!
Implementation Examples
Billing and Accounting System
Scenario: The Internet Service Provider (ISP) aims to implement a billing and accounting system to accurately track and bill customers based on their network usage.
Use Case: Implementing IPFIX exporters in OcNOS routers at the ISP’s network edge enables real-time monitoring of traffic flows, collection of usage data, and generation of detailed reports for billing and accounting purposes. This solution empowers the ISP to implement usage-based billing, enhance transparency, optimize revenue, and ensure compliance with regulatory requirements.
Security Monitoring
Scenario: A large enterprise wants to enhance security and compliance monitoring in its network infrastructure.
Use Case: By leveraging IPFIX exporters in OcNOS routers, the enterprise can monitor network traffic in real-time, detect security threats, and ensure compliance with industry regulations. This implementation allows for collecting detailed flow records, analyzing traffic patterns, and responding rapidly to security incidents. Additionally, it facilitates forensic analysis, audit trail generation, and proactive security measures, thereby strengthening the overall security posture of the enterprise network.
IPFIX Commands
The IPFIX exporter introduces the following configuration commands.
collector destination
Use this command to specify the destination IPv4 address and port number for exporting IPFIX flow records to a collector.
Use no parameter of this command to remove the specified collector destination address. This command eliminates the previously configured IPv4 address for data collection, effectively disabling the flow export feature for the specified destination.
Command Syntax
collector destination (ipv4-address) port <UINT32> (|vrf <WORD>)
no collector destination (ipv4-address)
Parameters
destination (ipv4-address) | Sets the IPv4 address of the collector where IPFIX flow records will be exported.It defines the destination endpoint for sending the flow records. |
port <UINT32> | Specifies the port number for sending the IPFIX flow records to the collector. The valid port numbers must fall within the range of 1024 to 65535. The default port number is 4739. |
vrf <WORD> | (Optional) Specifies the name of the virtual routing and forwarding (VRF) instance through which the flow records will be sent. |
Default
None
Command Mode
IP flow exporter mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following commands configure the ip-flow-exporter (FLOW-EXPORTER) profile with the collector destination set to IP address 192.0.2.89 and port 1025.
OcNOS#configure terminal
OcNOS(config)#ip-flow-exporter FLOW-EXPORTER
OcNOS(ip-flow-exporter)#collector destination 192.0.2.89 port 1025
flow-exporter
Use this command to associate the flow monitor with an ip-flow-exporter profile, enabling the flow monitor to export flow data to the specified destination defined in the exporter profile.
Command Syntax
flow-exporter <WORD>
Parameters
flow-exporter <WORD> | Specifies the name of the ip-flow-exporter profile, which must be unique within the device and can contain up to 32 alphanumeric characters, hyphens, and underscores. |
Default
None
Command Mode
IP flow monitor mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following command establishes a connection between an IP flow exporter profile named FLOW-EXPORTER and the ip-flow-monitor profile, enabling the flow monitor to export flow data using the settings configured in the exporter profile.
OcNOS#configure terminal
OcNOS(config)#ip-flow-monitor FLOW-MONITOR
OcNOS(ip-flow-monitor)#flow-exporter FLOW-EXPORTER
flow-monitor
Use this command to associate flow monitoring on an ingress interface, enabling the monitoring of traffic based on the settings specified in the ip-flow-monitor profile.
Use no parameter of this command to remove the association of flow monitoring from an ingress interface.
Command Syntax
flow-monitor <WORD>
no flow-monitor <WORD>
Parameters
flow-monitor <WORD> | Specifies the name of the ip-flow-monitor profile, which must be unique within the device and can contain up to 32 alphanumeric characters, hyphens, and underscores. |
Default
None
Command Mode
Interface mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following command associates the flow monitoring profile (FLOW-MONITOR) with the ingress interface xe4.
OcNOS#configure terminal
OcNOS(config)#interface xe4
OcNOS(config-if)#flow-monitor FLOW-MONITOR
OcNOS(config-if)#
ip-flow-exporter
Use this command to configure an IP flow exporter profile to collect and export flow data from the network device. This data includes traffic statistics and network behavior information, which is then exported to an external collector or monitoring system for analysis and reporting purposes.
Command Syntax
ip-flow-exporter <WORD>
Parameters
ip-flow-exporter <WORD> | Specifies the name of the flow exporter profile, which must be unique within the device and can contain up to 32 alphanumeric characters, hyphens, and underscores. |
Default
None
Command Mode
Configure mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following command creates an IP flow exporter profile named FLOW-EXPORTER.
OcNOS#configure terminal
OcNOS(config)#ip-flow-exporter FLOW-EXPORTER
OcNOS(ip-flow-exporter)#
ip-flow-monitor
Use this command to create an IP flow monitor profile, defining parameters and settings for monitoring network flows.
Use no parameter of this command to remove an existing IP flow monitor profile from the configuration.
Command Syntax
ip-flow-monitor <WORD>
no ip-flow-monitor <WORD>
Parameters
ip-flow-monitor <WORD> | Specifies the name of the flow monitor profile, which must be unique within the device and can contain up to 32 alphanumeric characters, hyphens, and underscores. |
Default
None
Command Mode
Configure mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following command configures an IP flow monitor profile named FLOW-MONITOR.
OcNOS#configure terminal
OcNOS(config)#ip-flow-monitor FLOW-MONITOR
OcNOS(ip-flow-monitor)#
observation-domain-id
Use this command to specify the Observation Domain Identifier (ODID) for flow monitoring. The ODID uniquely identifies the flow monitoring profile. The ODID helps distinguish flow data from different monitoring domains when exported to a collector.
Command Syntax
observation-domain-id <0-4294967295>
Parameters
observation-domain-id <0-4294967295> | Sets the observation domain identifier value within the specified range. |
Default
None
Command Mode
IP flow monitor mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following command assigns the ODID 16 to the flow monitoring profile.
OcNOS#configure terminal
OcNOS(config)#ip-flow-monitor FLOW-MONITOR
OcNOS(ip-flow-monitor)#observation-domain-id 16
samples-per-message
Use this command to set the number of flow records to be included in each export message.
Use no parameter of this command to set the number of flow records to be included in each export message.
Command Syntax
samples-per-message <1-7>
Parameters
samples-per-message <1-7> | Specifies the maximum number of data records to be included in a single IPFIX message, which controls the granularity of the exported flow data. |
Default
None
Command Mode
IP flow exporter mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following command sets the maximum number of data records to be included in each IPFIX message generated by the specified IP flow exporter profile.
OcNOS#configure terminal
OcNOS(config)#ip-flow-exporter FLOW-EXPORTER
OcNOS(ip-flow-exporter)#samples-per-message 7
sampling-rate
Use this command to configure the rate at which packets are sampled for flow monitoring. Every packet sampled at this rate will be sent to the monitor for IPFIX processing.
Use no parameter of this command to remove the sampling rate configuration from the device.
Command Syntax
sampling-rate <1024-16777215>
no sampling-rate <1024-16777215>
Parameters
sampling-rate <1024-16777215> | Specifies the range of sampling rates that determine how frequently packets are selected for inclusion in the flow monitoring process. |
Default
None
Command Mode
IP flow monitor mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following command configures the sampling rate for the specified IP flow monitor profile to 1024 packets per second.
OcNOS#configure terminal
OcNOS(config)#ip-flow-monitor FLOW-MONITOR
OcNOS(ip-flow-monitor)#sampling-rate 1024
show ipfix
Use this command to display detailed information about the configured IPFIX exporters on the device.
Command Syntax
show ipfix
Parameters
None
Default
None
Command Mode
Exec mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The show command output provides detailed information about the exporters configured on the device, including exporter name, source and destination addresses, UDP ports, Template ID, and timeout value.
OcNOS#show ipfix
Exporters:
Name: FLOW-EXPORTER
Source: 192.0.2.88
Destination: 192.0.2.89
Source UDP: 53859
Destination UDP: 4739
Template ID: 500
Data Template Timeout:600
Gain insights into IPFIX exporters with detailed field descriptions provided in the table.
Field | Description |
|---|---|
Exporter Name | Specifies the name of the IPFIX exporter. |
Source | Indicates the source IPv4 address of the exporter. |
Destination | Specifies the destination IPv4 address of the exporter. |
Source UDP | Indicates the source UDP port used by the exporter. |
Destination UDP | Specifies the destination UDP port used by the exporter. |
Template ID | Specifies the template ID used by the exporter. |
Data Template Timeout | Indicates the timeout interval, in seconds, for sending data templates to the collector. |
show ipfix all
Use this command to display detailed information and comprehensive insights into the IPFIX configured templates and exporters on the device.
Command Syntax
show ipfix all
Parameters
None
Default
None
Command Mode
Exec mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The show command output displays detailed information about the IPFIX template records sampled on the device.
OcNOS#show ipfix all
Templates:
Template ID: 500
DIRECTON (61), Length:1
IP_VERSION (60), Length:1
IPV4_TOS (5), Length:1
IPV4_PKT_LEN (1), Length:2
IPV4_FRAG_OFFSET (88), Length:2
PROTOCOL (4), Length:1
IPV4_SIP (8), Length:4
IPV4_DIP (12), Length:4
L4_SRC_PORT (7), Length:2
L4_DST_PORT (11), Length:2
TCP_CONTROL (6), Length:2
ICMP_TYPE (32), Length:2
INGRESS_VRF (234), Length:4
INGRESS_IF (10), Length:2
EGRESS_VRF (235), Length:4
EGRESS_IF (14), Length:2
SYS_UPTIME (22), Length:4
Exporters:
Name: FLOW-EXPORTER
Source: 192.0.2.88
Destination: 192.0.2.89
Source UDP: 53859
Destination UDP: 4739
Template ID: 500
Data Template Timeout:600
Gain insights into IPFIX configurations and exporters with detailed field descriptions provided in the table.
Field | Description |
|---|---|
Template ID | Indicates the unique identifier assigned to each IPFIX template. |
DIRECTON | Indicates the direction of the network traffic flow, such as ingress or egress. It has a length of 1 byte. |
IP_VERSION | Specifies the version of the Internet Protocol (IPv4) used. It has a length of 1 byte. |
IPV4_TOS | Indicates the type of service (TOS) field in an IPv4 header. It has a length of 1 byte. |
IPV4_PKT_LEN | Specifies the length of the IPv4 packet. It has a length of 2 bytes. |
IPV4_FRAG_OFFSET | Indicates the fragment offset value in an IPv4 header. It has a length of 2 bytes. |
PROTOCOL | Specifies the protocol used in the packet, such as TCP, UDP, and ICMP. It has a length of 1 byte. |
IPV4_SIP | Indicates the source IPv4 address of the IPv4 packet. It has a length of 4 bytes. |
IPV4_DIP | Specifies the destination IPv4 address of the IPv4 packet. It has a length of 4 bytes. |
L4_SRC_PORT | Specifies the source port number in the transport layer header. It has a length of 2 bytes. |
L4_DST_PORT | Specifies the destination port number in the transport layer header. It has a length of 2 bytes. |
TCP_CONTROL | Indicates whether the packet is a TCP control packet (e.g., SYN, ACK, FIN). It has a length of 2 bytes. |
ICMP_TYPE | Specifies the type of ICMP message, such as echo request or echo reply. It has a length of 2 bytes. |
INGRESS_VRF | Indicates the identifier of the ingress Virtual Routing and Forwarding (VRF) instance. It has a length of 4 bytes. |
INGRESS_IF | Specifies the ingress interface (IF) through which the packet enters the device. It has a length of 2 bytes. |
EGRESS_VRF | Indicates the identifier of the egress VRF instance. It has a length of 4 bytes. |
EGRESS_IF | Specifies the egress interface through which the packet exits the device. It has a length of 2 bytes. |
SYS_UPTIME | Indicates the system uptime or the time the device has been operational since its last reboot. It has a length of 4 bytes. |
Exporter Name | Specifies the name of the IPFIX exporter. |
Source | Indicates the source IPv4 address of the exporter. |
Destination | Specifies the destination IPv4 address of the exporter. |
Source UDP | Indicates the source UDP port used by the exporter. |
Destination UDP | Specifies the destination UDP port used by the exporter. |
Template ID | Specifies the template ID used by the exporter. |
Data Template Timeout | Indicates the timeout interval, in seconds, for sending data templates to the collector. |
show running-config ipfix
Use this command to display a detailed view of the current IPFIX configurations, including flow exporters, flow monitors, and interface settings applied to the device.
Command Syntax
show running-config ipfix
Parameters
None
Default
None
Command Mode
Exec mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The show command output displays the current IPFIX configurations applied on the device.
OcNOS#show running-config ipfix
hardware-profile statistics cfm-lm enable
! ip-flow-exporter FLOW-EXPORTER
source xe5
collector destination 192.0.2.89
template-id 500
template-refresh-interval 600
samples-per-message 1
! ip-flow-monitor FLOW-MONITOR
flow-exporter FLOW-EXPORTER
sampling-rate 100
observation-domain-id 16
! interface xe4
ip address 198.51.100.4/24
flow-monitor FLOW-MONITOR
! interface xe5
ip address 192.0.2.88/24
!
source
Use this command to specify the IPv4 source address for the exporter, which is used in the IPFIX message IPv4 header. Enables the export of flow records to the collector.
Use no parameter of this command to remove the association of the specified interface as the source address in the IPFIX message IPv4 header.
Command Syntax
source IFNAME
no source IFNAME
Parameters
source IFNAME | Specifies the interface name from which the IPv4 source address will be derived. |
Default
None
Command Mode
IP flow exporter mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The command instructs the system to obtain the IPv4 address associated with interface xe5 and use it as the source address in the IPFIX message IPv4 header.
OcNOS#configure terminal
OcNOS(config)#ip-flow-exporter FLOW-EXPORTER
OcNOS(ip-flow-exporter)#source xe5
template-id
Use this command to set the ID for the IPFIX template, specifying the structure and format of the data records sent to the collector, serving as a template for the flow record format within the IPFIX message.
Use no parameter of this command to remove the specified template ID from the IPFIX configuration.
Command Syntax
template-id <256-65535>
no template-id <256-65535>
Parameters
template-id <256-65535> | Specifies the unique identifier for the template used in exporting flow records. |
Default
None
Command Mode
IP flow exporter mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The command sets the template ID 500 for the IPFIX exporter profile.
OcNOS#configure terminal
OcNOS(config)#ip-flow-exporter FLOW-EXPORTER
OcNOS(ip-flow-exporter)#template-id 500
template-refresh-interval
Use this command to set the time interval for refreshing the IPFIX template, determining how often the template updates and sends to the IPFIX collector.
Use no parameter of this command to remove the configured time interval.
Command Syntax
template-refresh-interval <60-86400>
no template-refresh-interval <60-86400>
Parameters
template-refresh-interval <60-86400> | Specifies the time interval range, in seconds, for refreshing the IPFIX template. The default value is 600 seconds. |
Default
None
Command Mode
IP flow exporter mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The command sets the template-refresh-interval parameter to 600 seconds for the specified IPFIX exporter profile.
OcNOS#configure terminal
OcNOS(config)#ip-flow-exporter FLOW-EXPORTER
OcNOS(ip-flow-exporter)#template-refresh-interval 600
Troubleshooting
• If the collector isn't operational or isn't running on the assigned port, follow these steps:
• Check if the IPFIX collector service is active on the designated device.
• Ensure the IPFIX collector process is running correctly.
• Review the collector's configuration, including the specified port.
• Investigate port conflicts or misconfigurations if the collector is running on the wrong port.
• Monitor system logs for any error messages related to the IPFIX collector.
• To address TCAM resource availability issues on the exporter impacting IPFIX functionality, follow these steps:
• Identify which features are currently enabled on the exporter.
• Consider disabling or optimizing features to free up TCAM resources.
• Monitor the TCAM resource usage periodically to ensure sufficient availability for IPFIX functionality.
Glossary
The following provides definitions for key terms or abbreviations and their meanings used throughout this document:
Key Terms/Acronym | Description |
IPFIX Exporter (Internet Protocol Flow Information Export) | OcNOS feature that facilitates real-time traffic analysis by sampling network traffic and exporting flow records containing detailed information about sampled traffic flows. |
Flow Records | Detailed information about network traffic flows, including source and destination addresses, port numbers, protocol specifics, and timestamps. |
Mirroring Profile | Profiles are used by various features, such as SFLOW, SNIFF, and Mirror to enable the mirroring of network traffic. |
Jericho2 | Broadcom DNX Jericho2, a network routing chipset. |
Ingress and Egress Interfaces | The interface through which packets enter and exit the network device. |
Security Monitoring | Monitoring network traffic for security threats and compliance with regulations. |
ASIC | Application Specific Integrated Circuit |
SFLOW | Sampling Flow |
SVI | Switched Virtual Interface |
LAG | Link Aggregation Group |
ICMP | Internet Control Message Protocol |
UDP | User Datagram Protocol |
VRF | Virtual Routing and Forwarding |
ISP | Internet Service Provider |
Ternary Content Addressable Memory (TCAM) | TCAM facilitates rapid table lookups based on specific search criteria in networking devices like routers and switches. It performs searches for exact matches, wildcard matches, and ranges swiftly, making it highly efficient for matching patterns against large datasets. |