To ensure snychronized device date and time:
To configure the export of ingress flow export data:
Please see this article for help and information on how to enable and disable flow collection on devices.
Entuity recommends that you consult your device documentation before configuring the export of flow from a device. The following section uses an example export configuration to illustrate the configuration process and requirements, and consists of the following:
- synchronizing device times.
- uses the export of ingress data.
- uses NetFlow version 5.
To ensure snychronized device date and time:
All devices exporting flow data should have their time synchronized. You can use, for example, the Network Time Protocol (NTP) or Simple Network Time Protocol (SNTP). You should consult the appropriate documentation before synchronizing clocks.
The following example is applied to router R837:
- uses Ethernet0 interface on the device for NTP.
- uses the NIST Internet Time Service clock, 131.107.13.100, as the source of its time.
- displays the resulting NTP associations.
- Check the time protocol used by the device:
R837#sh clock detail
10:32:35.757 UTC Wed Jun 16 2010
Time source is NTP - Synchronize the clock on the device
ntp source Ethernet0
ntp server 131.107.13.100
R837#sh ntp association
address *~131.107.13.10
ref clock .ACTS.
st 1
when 53
poll 256
reach 377
delay 150.2
offset 9.81
disp 5.20
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
To configure the export of ingress flow export data:
When you want Entuity to manage flow data from a device, you must first configure the device to export its ingress flow data to the flow collector. Entuity therefore receives flow data for inbound traffic on an interface. To determine an interface's outbound flows, you should view inbound data on the interface on the device attached to this interface (where you must also have enabled flow collection).
You must enable flow colletion on each interface on the device, e.g.:
router#configure terminal
R8321(config)#interface GigabitEthernet0/0
R8321(config-if)#ip flow ingress
R8321(config-if)#exit
The following sample configuration is entered on a router to enable NetFlow version 5 on the GigabitEthernet 0/0 interface and export to the machine 10.44.1.81 on port 9996:
router#configure terminal
R8321(config)#interface GigabitEthernet0/0
R8321(config-if)#ip flow ingress
R8321(config-if)#exit
R8321(config)#ip flow-export destination 10.44.1.81 9996
R8321(config)#ip flow-export source GigabitEthernet0/0
R8321(config)#ip flow-export version 5
R8321(config)#ip flow-cache timeout active 1
R8321(config)#ip flow-cache timeout inactive 15
R8321(config)#snmp-server ifindex persist
where:
- ip flow ingress sets monitoring of inbound flows on the selected interface.
- ip flow-export destination is the IP address and port of the Entuity flow collector to which
the flow data is exported. - ip flow-export source is the IP address that the Entuity flow collector uses to identify the
source of the flow data. - ip flow-export version is the NetFlow version the device uses to export the flow data.
- ip flow-cache timeout active configures the device to every minute export flow records to
the Entuity flow collector. Valid values are between 1 and 60, however you should not
amend this setting. - ip flow-cache timeout inactive ensures that flows that have finished are periodically
exported. The default value is 15 seconds. Valid values are in the range of 10 and 600. - snmp-server ifindex persist maintains the ifIndex persistence on device reboot and hot
plug-ins.
Flexible NetFlow:
Flexible NetFlow permits the export of flow data containing user configurable flow information, although you must always consider the type of flow data that Entuity is configured to receive and process.
There are two methods for configuring flexible flow data:
Use the old style input method:
You can specify on the device the destination of the Entuity server, transport, NetFlow version and also for it to export predefined original-input and original-output records.
flow exporter EYE
destination 10.44.1.213
transport udp 9996
source mgmt0
version 9
template data timeout 300
option exporter-stats timeout 60
option interface-table timeout 600
flow monitor OldStyleIPMonitoringIn
record netflow ipv4 original-input
exporter EYE
flow monitor OldStyleIPMonitoringOut
record netflow ipv4 original-output
exporter EYE
Then, on each interface of interest, enter:
ip flow monitor OldStyleIPMonitoringIn input
ip flow monitor OldStyleIPMonitoringOut output
Explicitly specify the attributes that you want to export:
Note, for Barracuda flows, devices must be configured to send little-endian flow records.
Comments
0 comments
Please sign in to leave a comment.