IPFIX
Internet Protocol Flow Information Export (IPFIX) is an IETF standard export protocol for sending Netflow packets. IPFIX is based on Netflow version 9.
The IPFIX feature formats Netflow data and transfers the Netflow information from an exporter to a collector using UDP as transport protocol.
Restrictions for IPFIX
These IPFIX features are not supported:
-
Variable-length information element in the IPFIX template
-
Stream Control Transmission Protocol (SCTP) as the transport protocol
Limitations for IPFIX
-
You cannot modify an exporter version of an exporter map that is already applied to an interface. To modify the exporter version, first remove the exporter configuration applied on the interface, later modify the version and apply the configuration to the interface.
-
An interface can have three different monitor-maps but all the monitor maps should have the same version for the exporters. There can be different exporters for the three monitor maps but they all need to have the same exporter version either v9 or IPFIX.
-
You can only have monitor-maps one of each record type attached to an interface, that is one monitor-map for IPv4 record, one monitor-map for IPv6 record and one for MPLS record. There can be different exporter maps for these three monitor-maps but all the exporter maps should have same exporter version configured, either v9 or IPFIX.
-
Multiple sampler-maps can be configured but only two sampler maps can be appled to an interface across the system.
Configuring IPFIX
Consider SP-PE use case where SP (Service Provider) cloud is connected to the PE (Provider Edge) router through TenGigabit ethernet.
Configuring NetFlow on PE router involves:
-
Configuring Exporter map with IPFIX as an exporter
-
Configuring Monitor map
-
Configuring Sampler map
-
Applying the Monitor map and Sampler map to an interface
Configuring Exporter map with IPFIX as the exporter version
flow exporter-map fem_ipfix
destination 10.1.1.1
source Loopback 0
transport udp 1025
exit
version ipfix
template data timeout 600
options sampler-table
exit
Configuring Monitor map
flow monitor-map fmm1
record ipv4
option filtered
exporter fem_ipfix
cache entries 10000
cache timeout active 1800
cache timeout inactive 15
exit
Configuring Sampler map
sampler-map fsm1
random 1 out-of 4000 /*Sampling rate supported is 1:4000*/
exit
Applying the Monitor map to an interface
configure
interface 10GE0/0/0/1
flow ipv4 monitor fmm1 sampler fsm1 ingress
exit
Verification
Use the show flow flow-exporter map command to verify the exporter version configured is IPFIX:
RP/0/RP0/CPU0:router# show flow exporter-map fem_ipfix
Flow Exporter Map : fem_ipfix
-------------------------------------------------
Id : 3
Packet-Length : 1468
DestinationIpAddr : 10.1.1.1
VRFName : default
SourceIfName : Loopback1
SourceIpAddr : 4.4.0.1
DSCP : 40
TransportProtocol : UDP
TransportDestPort : 9001
Export Version: IPFIX
Common Template Timeout : 1800 seconds
Options Template Timeout : 1800 seconds
Data Template Timeout : 1800 seconds
Interface-Table Export Timeout : 0 seconds
Sampler-Table Export Timeout : 0 seconds
VRF-Table Export Timeout : 0 seconds
Exported packets in an IPFIX packet structure are in the form of template set or data set. The first data template is sent when the configuration is activated on the interface.
With constant stream, the flowset data does not change, so data is decoded. Data template is updated in the case of timeout
on the template. To change the timeout options in the flow exporter, use the template options timeout command:
RP/0/RP0/CPU0:router(config)#flow exporter-map ipfix_exp1
RP/0/RP0/CPU0:router(config-fem)#version ipfix
RP/0/RP0/CPU0:router(config-fem-ver)#template options
RP/0/RP0/CPU0:TU-PE3(config-fem-ver)#template options timeout
RP/0/RP0/CPU0:TU-PE3(config-fem-ver)#template options timeout 30
RP/0/RP0/CPU0:router# show flow exporter-map ipfix_exp1
version ipfix
template data timeout 30
!
dscp 40
transport udp 9001
source Loopback0
destination 10.127.59.86
Feedback