Configuring IPFIX

This chapter describes how to configure IPFIX on Cisco IOS XR devices.

IPFIX

Internet Protocol Flow Information Export (IPFIX) is an IETF standard export protocol for sending Netflow packets. IPFIX is based on Netflow version 9.

The IPFIX feature formats Netflow data and transfers the Netflow information from an exporter to a collector using UDP as transport protocol.

Restrictions for IPFIX

These IPFIX features are not supported:

  • Variable-length information element in the IPFIX template

  • Stream Control Transmission Protocol (SCTP) as the transport protocol

Limitations for IPFIX

  • You cannot modify an exporter version of an exporter map that is already applied to an interface. To modify the exporter version, first remove the exporter configuration applied on the interface, later modify the version and apply the configuration to the interface.

  • An interface can have three different monitor-maps but all the monitor maps should have the same version for the exporters. There can be different exporters for the three monitor maps but they all need to have the same exporter version either v9 or IPFIX.

  • You can only have monitor-maps one of each record type attached to an interface, that is one monitor-map for IPv4 record, one monitor-map for IPv6 record and one for MPLS record. There can be different exporter maps for these three monitor-maps but all the exporter maps should have same exporter version configured, either v9 or IPFIX.

  • Multiple sampler-maps can be configured but only two sampler maps can be appled to an interface across the system.

Configuring IPFIX

Consider SP-PE use case where SP (Service Provider) cloud is connected to the PE (Provider Edge) router through TenGigabit ethernet.

Figure 1. SP-PE Topology


Configuring NetFlow on PE router involves:

  1. Configuring Exporter map with IPFIX as an exporter

  2. Configuring Monitor map

  3. Configuring Sampler map

  4. Applying the Monitor map and Sampler map to an interface

Configuring Exporter map with IPFIX as the exporter version 

flow exporter-map fem_ipfix 
 destination 10.1.1.1
 source Loopback 0
 transport udp 1025
 exit
version ipfix
 template data timeout 600
 options sampler-table
exit

Configuring Monitor map 


flow monitor-map fmm1
   record ipv4
    option filtered 
   exporter fem_ipfix
   cache entries 10000
   cache timeout active 1800
   cache timeout inactive 15
   exit

Configuring Sampler map 


sampler-map fsm1 
 random 1 out-of 4000  /*Sampling rate supported is 1:4000*/
exit

Applying the Monitor map to an interface

Now apply the monitor-map fmm1 that is configured with an exporter version IPFIX and sampler-map fsm1 to the 10GE 0/0/0/1 interface in the ingress direction: 

configure
 interface 10GE0/0/0/1
  flow ipv4 monitor fmm1 sampler fsm1 ingress 
 exit

Verification

Use the show flow flow-exporter map command to verify the exporter version configured is IPFIX: 

RP/0/RP0/CPU0:router# show flow exporter-map fem_ipfix
Flow Exporter Map : fem_ipfix
-------------------------------------------------
Id                  : 3
Packet-Length       : 1468
DestinationIpAddr   : 10.1.1.1
VRFName             : default
SourceIfName        : Loopback1
SourceIpAddr        : 4.4.0.1
DSCP                : 40
TransportProtocol   : UDP
TransportDestPort   : 9001

Export Version: IPFIX
  Common Template Timeout : 1800 seconds
  Options Template Timeout : 1800 seconds
  Data Template Timeout : 1800 seconds
  Interface-Table Export Timeout : 0 seconds
  Sampler-Table Export Timeout : 0 seconds
  VRF-Table Export Timeout : 0 seconds

Exported packets in an IPFIX packet structure are in the form of template set or data set. The first data template is sent when the configuration is activated on the interface.

With constant stream, the flowset data does not change, so data is decoded. Data template is updated in the case of timeout on the template. To change the timeout options in the flow exporter, use the template options timeout command: 

RP/0/RP0/CPU0:router(config)#flow exporter-map ipfix_exp1
RP/0/RP0/CPU0:router(config-fem)#version ipfix
RP/0/RP0/CPU0:router(config-fem-ver)#template options 
RP/0/RP0/CPU0:TU-PE3(config-fem-ver)#template options timeout
RP/0/RP0/CPU0:TU-PE3(config-fem-ver)#template options timeout 30
 
RP/0/RP0/CPU0:router# show flow exporter-map ipfix_exp1
version ipfix                                                                                                                                    
  template data timeout 30
!
dscp 40
transport udp 9001
source Loopback0
destination 10.127.59.86

BGP community and AS path information elements for IPFIX

BGP community and AS path information elements are IPFIX (NetFlow v10) data elements that

  • enable tagging of network flows with BGP community and AS path values

  • allow users to correlate flow records with BGP path attributes for both communities and autonomous system numbers, and

  • support enhanced flow analysis, troubleshooting, and policy verification.

BGP communities and AS paths

BGP communities are mechanisms that tag routes with additional information, making it easier for network operators to manage routing policies and analyze routing decisions based on BGP attributes.

AS path represents the sequence of autonomous systems a route has traversed, providing insight into the journey of a route across multiple networks and enabling more informed routing decisions.

Exported attributes information

The IPFIX (NetFlow v10) export supports two primary BGP attributes:

  • bgpDestinationCommunityList (IE485): Exports a list of BGP community values associated with the destination of each flow.

  • bgpDestinationAsPathList (IE512): Exports the sequence of autonomous systems (AS path) associated with the destination prefix of each flow.

Guidelines for exporting BGP and AS attributes using IPFIX

Requirements for exporting BGP and AS attributes using IPFIX

  • Set the exporter map to IPFIX version to export BGP attributes.

  • Exported list is limited to 32 elements. If a list contains more than 32 elements, it will be truncated, and only the first 32 elements will be exported.

  • Verify BGP attribute export by checking the exported packets at the collector because show commands do not display these changes.

Caution for exporting BGP and AS attributes using IPFIX

  • This export feature is specific to NetFlow v10 (IPFIX).

BGP community information element export prerequisites

To export BGP community information elements using Cisco NetFlow and IPFIX, follow these key prerequisites and considerations:

  • Enable export of BGP community information elements by entering the 
    option
        bgpattr
    command under a flow monitor map in the CLI.

  • Configure the exporter map to use the IPFIX (NetFlow v10) format; NetFlow v9 does not support the updated BGP community information elements.

  • NetFlow v9 continues to support similar features, but exporting the updated BGP community information elements specifically requires IPFIX.

  • Show command outputs remain unchanged when using IPFIX export; to verify exported elements, inspect the export packets directly.