search

rare-freertr / validated-design

RARE/freeRTr Validated Design
Apache License 2.0
6 stars 0 forks source link

NetFlow Configuration for FreeRtr #4

Open nkostopoulos opened 1 year ago

nkostopoulos commented 1 year ago

Hi,

Is there documentation on how to use FreeRtr to export NetFlow data? If not, can you point me to a vendor with equivalent configuration or provide hints to start? Thanks...

mc36 commented 1 year ago

hi,

as we dont have global there is nothing comparable imho...

conf t p4deb(cfg)#ipv4 flow inet ? collect - just collect export - collect and export parameters - session parameters

p4deb(cfg)#ipv4 flow inet export ?

- proxy profile home - proxy profile inet - proxy profile inet2 - proxy profile inet3 - proxy profile p4deb(cfg)#ipv4 flow inet export inet ? - target address p4deb(cfg)#ipv4 flow inet export inet then p4deb(cfg)#interface ethernet0 p4deb(cfg-if)#ipv4 flowspec-disable ? p4deb(cfg-if)#ipv4 flowspec-disable if it's not enough, monitor-session could also help with fastnetmon.... br, cs On 5/3/23 20:21, Nikos Kostopoulos wrote: > Hi, > > Is there documentation on how to use FreeRtr to export NetFlow data? If not, can you point me to a vendor with equivalent configuration? Thanks... > > > Reply to this email directly, view it on GitHub , or unsubscribe > . > You are receiving this because you are subscribed to this thread.Message ID: ***@***.***> >
nkostopoulos commented 1 year ago

Hi cs,

I am trying to configure NetFlow in the following topology:

NetFlow Collector (192.168.40.3/24) -------------- eth3(192.168.40.2/24) RARE Router eth1(192.168.30.2/24) 
                                                                                                  (192.168.30.1/24)
                                                                                                  Traffic Generator

A Traffic Generator sends traffic to interface ethernet1 of RARE router. I would like to monitor traffic on ethernet1 using NetFlow and export results to NetFlow collector that is connected to ethernet3 of RARE router.

In configuration mode, I did the following: (conf) proxy-profile inet2 (conf) ipv4 flow v1 export inet2 192.168.40.3 9995 (conf) ipv4 flow v1 parameters timeout 1000

(conf-if) interface ethernet1
vrf forwarding v1 ipv4 netflow-tx ipv4 flowspec-disable

(conf-if) interface ethernet3 vrf forwarding v1 ipv4 netflow-rx ipv4 flowspec-disable

After generating traffic with hping3, I use the following show command:

freerouter(cfg)#do show ipv4 flow v1 session
source target packet byte dir prt tos addr port addr port url rx tx rx tx time tx 17 0 192.168.30.2 0 192.168.30.1 81 null 1 0 28 0 00:00:00 tx 17 0 192.168.30.2 0 192.168.30.1 82 null 1 0 28 0 00:00:00 tx 17 0 192.168.30.2 0 192.168.30.1 83 null 1 0 28 0 00:00:00 tx 17 0 192.168.30.2 0 192.168.30.1 84 null 1 0 28 0 00:00:00

which disappear after 1000 msec

However I see nothing at the NetFlow collector port 9995. Note that I verified network connection after using pcapInt script.

I guess I don't need routing rules as I have directly connected networks.

Am I missing something?

Thanks, Nikos

nkostopoulos commented 1 year ago

Hi again cs,

I forgot to specify the vrf in the proxy-profile. It seems to work now.

Nikos