Configuring Flow Exports on Vyatta Routers
For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller, which is the NetFlow collector. The On-Premise Poller will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.
Follow the steps below to configure NetFlow exports on Vyatta routers:
- Set the NetFlow version.
set system flow-accounting netflow version 9 - To export flows to the Site24x7, provide the IP address (of the machine on which Site24x7 On-Premise Poller is installed) as the flow destination and its listening port.
Example: set system flow-accounting netflow server 192.168.0.1 port 9996set system flow-accounting netflow server <NFA server IP> port <Port #> - Issue the following command for every interface you want to monitor:
Example: set system flow-accounting interface eth0set system flow-accounting interface <interface name> - Set the active flow timeout to 1 minute. By default this will already be set to 1 minute or 60 seconds.
set system flow-accounting netflow timeout expiry-interval 60 - Vyatta flow accounting can be resource intensive when statistics are being collected on all received packets. The alternative is to turn on sampling where 1 packet is accounted for every N packets, N being the sampling rate.
Example: set system flow-accounting netflow sampling-rate 500set system flow-accounting netflow sampling-rate N - Set the other essential Vyatta flow accounting parameters using the follwing commands:
set system flow-accounting netflow engine-id id (id values range between 0 – 255)
set system flow-accounting netflow timeout max-active-life 604800
set system flow-accounting netflow timeout flow-generic 3600
set system flow-accounting netflow timeout tcp-fin 300
set system flow-accounting netflow timeout tcp-generic 3600
set system flow-accounting netflow timeout tcp-rst 120
set system flow-accounting netflow timeout icmp 300
set system flow-accounting netflow timeout udp 300
NetFlow configuration
system {
flow-accounting {
interface <ifname> { // Please apply this on all active interface
netflow {
version 9 # Can use 5 or 9
engine-id <u32> # 0-255
server <Collector IP> {
port 9996 # user configurable}
timeout {
expiry-interval 60
flow-generic 3600
icmp 300
max-active-life 604800
tcp-fin 300
tcp-generic 3600
tcp-rst 120
udp 300
}
}}
}
sFlow configuration
system {
flow-accounting {
sflow {
agentid <u32>
server 192.168.1.1 {
port 9996
}
}