Help Docs

Configuring Flow Exports on Vyatta Routers

For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller, which is the NetFlow collector. The On-Premise Poller will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.

Follow the steps below to configure NetFlow exports on Vyatta routers:

  1. Set the NetFlow version.
    set system flow-accounting netflow version 9
  2. To export flows to the Site24x7, provide the IP address (of the machine on which Site24x7 On-Premise Poller is installed) as the flow destination and its listening port.
    set system flow-accounting netflow server <NFA server IP> port <Port #>
    Example: set system flow-accounting netflow server 192.168.0.1 port 9996
  3. Issue the following command for every interface you want to monitor:
    set system flow-accounting interface <interface name>
    Example: set system flow-accounting interface eth0
  4. Set the active flow timeout to 1 minute. By default this will already be set to 1 minute or 60 seconds.
    set system flow-accounting netflow timeout expiry-interval 60
  5. Vyatta flow accounting can be resource intensive when statistics are being collected on all received packets. The alternative is to turn on sampling where 1 packet is accounted for every N packets, N being the sampling rate.
    set system flow-accounting netflow sampling-rate N
    Example: set system flow-accounting netflow sampling-rate 500
  6. Set the other essential Vyatta flow accounting parameters using the follwing commands:
    set system flow-accounting netflow engine-id id (id values range between 0 – 255)
    set system flow-accounting netflow timeout max-active-life 604800
    set system flow-accounting netflow timeout flow-generic 3600
    set system flow-accounting netflow timeout tcp-fin 300
    set system flow-accounting netflow timeout tcp-generic 3600
    set system flow-accounting netflow timeout tcp-rst 120
    set system flow-accounting netflow timeout icmp 300
    set system flow-accounting netflow timeout udp 300

NetFlow configuration

system {

flow-accounting {

interface <ifname> { // Please apply this on all active interface

netflow {
version 9 # Can use 5 or 9
engine-id <u32> # 0-255
server <Collector IP> {
port 9996 # user configurable

}

timeout {

expiry-interval 60
flow-generic 3600
icmp 300
max-active-life 604800
tcp-fin 300
tcp-generic 3600
tcp-rst 120
udp 300
}
}

}

}

sFlow configuration

system {

flow-accounting {

sflow {
agentid <u32>
server 192.168.1.1 {
port 9996
}
}

Was this document helpful?

Shortlink has been copied!