aabc
commented
3 years ago Only system interface names are exported, in netflow v9 and ipfix protocol. You should be able to see them with wireshark.
Open pwp333 opened 3 years ago
aabc
commented
3 years ago Only system interface names are exported, in netflow v9 and ipfix protocol. You should be able to see them with wireshark.
pwp333
commented
3 years ago Could you please advise which filed in netflow data has the interface name? Did not see these have value for v9. 252 | ingressPhysicalInterface 253 | egressPhysicalInterface
aabc
commented
3 years ago IF_NAME(82) and possible IF_DESC(83).
vladum
commented
3 years ago Maybe the disconnect here is that if id-to-name mappings are in different records than flows?
I wonder what would it take to have IF_NAME in the flow records instead of just ids. Maybe performance concerns to convert ifindex to name in datapath. Or the fact that names and the interfaces themselves could change in the middle of a flow, so it doesn't really make sense to report on flows.
vladum
commented
3 years ago Actually, what I proposed makes no sense from the protocol's point of view. Sorry for the noise. IF_NAME is a single Information Element, but the Flow Record needs egress, ingress interfaces, as well as their physical counterparts, and all those are defined as integers.
So I guess the collector needs to support joining the id-to-name mapping with the flows. (Or the Exporting Process uses Enterprise-Specific Information Elements, but that is not ipt_NETFLOW's problem.)
Dear aabc,
Here you mentioned we can export interface names. But we don't see it in flows. Could you please advise how to export physical interfacename like eth0 and eth1? https://sourceforge.net/p/ipt-netflow/bugs-requests-patches/58/?page=1&limit=25#63d9
Thanks in advance.