IPFIX (Netflow) Configuration on ERS 5500 and 8600

Posted On Jul 31, 2008 at at 2:09 PM by Dophi  

      Many partners and customers always ask me how to configure IPFIX (IP Flow Information Export) on ERS5500 and wonder why it only supports ingress traffic. Basically, the IPFIX that ERS5500 supports bases on RFC 3917 and 3955. If you read it, you will understand that pre-IPFIX (Netflow v9) collects only inbound traffic from a device. But, how can we collect bi-direction traffic from an ERS5500? That depends on a collector. What we have to do is only setting it to collect the data from both inbound port and up-link port which the response traffic passes through. After that, the collector collects data from those ports and analyze it to generate a report of the traffic of every clients connected to that device.

      ERS5500 supports IPFIX with an advanced license and ERS8600 also does (After 5.0, an advanced license is required for ERS8600). This is the lab topology, simple and easy to have a test. Actually, I only provide an example topology of ERS5500 because the basic concept of ERS5500 and 8600 is the same.

ipfix

ERS5500 IPFIX Configuration:

      First of all, we have to download a license through a TFTP server into ERS5500 and reboot it after download.

5510-24T>en
5510-24T#conf t
5510-24T(config)#copy tftp license 192.168.10.109 bld_demo_5_1.lic
License successfully downloaded.
NOTE:  system must be rebooted to activate license.

After a reboot, enable IPFIX globally and configure the IP address of the collector. At this step, we should enable exporter as well.

Note: The destination port of IPFIX is restricted to 9995 and version is only 9 on ERS5500. The IPFIX feature shares resources with QoS. If the IPFIX feature is enabled, a QoS policy precedence will be used. In addition, ERS5500 only exports inbound traffic data.

5510-24T(config)#ip ipfix collector 1 192.168.10.202 enable
5510-24T(config)#ip ipfix slot 1 exporter-enable
5510-24T(config-if)#ip ipfix enable

Once the IPFIX is enabled, we should configure port settings for IPFIX data export. For this lab, I only enable port 5, 9, 19, and 23.

5510-24T(config)#interface fastEthernet 23
5510-24T(config-if)#ip ipfix port 5,9,19,23 enable

ERS8600 IPFIX Configuration:

Enable the IPFIX globally, setup collector IP address and ports to export. There are 8648GTR on slot 3 and 8630GBR on slot 2 of my ERS8600, so I use slot 3 as the example.

Note: Only R and RS modules support IPFIX. Unlike ERS5500, the exporter IP address is definable on ERS8600.

ERS-8606:5# config ip ipfix state enable
ERS-8606:5# config ip ipfix slot 3 collector add 192.168.10.202 exporter-ip 192.168.10.226
ERS-8606:5# config ip ipfix port 3/13 all-traffic enable
ERS-8606:5# config ip ipfix port 3/25 all-traffic enable

      Eventually, both ERS5500 and 8600 send IPFIX raw data to the collector. This is a snapshot of my lab collector.

netflow

 

2008-08-01 Update Note: The snapshot from another collector (Fluke Netflow Tracker). The test version of firmware of ERS 8600 are 4.1.6.3 and 5.0.0 for this lab; ERS5500 uses firmware 5.1.1.  

5.0-netflow

2008-08-04 Update Note: This is a screen capture from one more collector (Scrutinizer Netflow Analyzer). The test version of ERS8600 is 4.1.6.3.  The RFC 5103 has define the bi-direction IPFIX but I am not sure if Nortel ERS5500 supports it or not. Personally, I don't like this software because the speed of generating report is slower than the software I used above.

416

 

Posted in Labels: , , |

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)