home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Contents

thumbnailSupported platforms

Flow Monitoring

Flow Monitoring configuration

The Flow Monitoring service consists of aggregators and exporters that accept flows and pass flows to other connected modules. Aggregator and exporter modules may be configured on an interface. The interface selectors generate defined fixed single-packet flows. For more information about the fields in these flows, refer to Exported NetFlow Version 9 and IPFIX IPv4 data. Aggregator modules can connect with other aggregator and exporter modules by using a next statement. You can configure multiple such connections.

You can define a rule for the aggregator. Each rule is a list of key or nonkey fields. A key field identifies a unique entry in the cache functionality provided by the aggregator module. Nonkey fields are aggregated: for example, if packetDeltaCount is added as a nonkey field, the collected values are aggregated and summed before exporting the values to the flow report. An aggregator must have a rule, and a rule must have at least one key field.

Exporter modules do not pass flows to other modules.

Note: The flexible key feature works only if the key and non-key fields that are specified in an aggregator rule are present in flows entering that aggregator; otherwise, the flows are ignored. Therefore in the following example, the fields that are specified in the foo aggregator are a subset of the fields generated by the interface.

Configuring the flow-monitoring service shows how to configure the Flow Monitoring service on the R1 vRouter, as shown in the example in the following figure.

Figure 1. vRouter flow-monitoring configuration example

To configure the Flow Monitoring service on R1, perform the following steps in configuration mode.

Table 1. Configuring the flow-monitoring service

Step

Command

Create a flow-monitoring exporter and specify the IP address and UDP port of the NetFlow collector. 

 set service flow-monitoring exporter foo udp-collector address 192.168.122.200
vyatta@R1# set service flow-monitoring exporter foo udp-collector port 9995

Create a packet selector named foo and specify a sampling size of 10 packets. The sampling rate in this case is 1:10, which means that the router randomly selects one packet from every 10 packets that flow through any data plane interface with which the selector is associated. 

vyatta@R1# set service flow-monitoring selector foo randomly out-of 10

Create a packet aggregator named foo and specify an expiration time of 1,800 seconds for active flows and 15 seconds for inactive flows. 

vyatta@R1# set service flow-monitoring aggregator foo expiration inactive-timeout 15
vyatta@R1# set service flow-monitoring aggregator foo expiration active-timeout 1800

Connect the aggregator to the exporter. 

vyatta@R1# set service flow-monitoring aggregator foo next exporter foo

Configure the aggregation rule for the foo aggregator . 

vyatta@R1# set service flow-monitoring aggregator foo key destinationIPv4Address
vyatta@R1# set service flow-monitoring aggregator foo key destinationTransportPort
vyatta@R1# set service flow-monitoring aggregator foo key ipClassOfService
vyatta@R1# set service flow-monitoring aggregator foo key protocolIdentifier
vyatta@R1# set service flow-monitoring aggregator foo key sourceIPv4Address
vyatta@R1# set service flow-monitoring aggregator foo key sourceTransportPort
vyatta@R1# set service flow-monitoring aggregator foo non-key bgpDestinationAsNumber
vyatta@R1# set service flow-monitoring aggregator foo non-key bgpSourceAsNumber
vyatta@R1# set service flow-monitoring aggregator foo non-key destinationIPv4PrefixLength
vyatta@R1# set service flow-monitoring aggregator foo non-key egressInterface
vyatta@R1# set service flow-monitoring aggregator foo non-key flowEndMilliseconds
vyatta@R1# set service flow-monitoring aggregator foo non-key flowStartMilliseconds
vyatta@R1# set service flow-monitoring aggregator foo non-key ipNextHopIPv4Address
vyatta@R1# set service flow-monitoring aggregator foo non-key octetDeltaCount
vyatta@R1# set service flow-monitoring aggregator foo non-key packetDeltaCount
vyatta@R1# set service flow-monitoring aggregator foo non-key sourceIPv4PrefixLength
vyatta@R1# set service flow-monitoring aggregator foo non-key tcpControlBits

Apply the foo selector and foo aggregator to the dp0s7 data plane interface. 

vyatta@R1# set interfaces dataplane dp0s7 flow-monitoring selector foo
vyatta@R1# set interfaces dataplane dp0s7 flow-monitoring aggregator foo

Commit the configuration. 

vyatta@R1# commit

Save the configuration. 

vyatta@R1# save

Verify the configuration. 

vyatta@R1# show interfaces
interfaces {
   dataplane dp0s7 {
     address 10.10.1.1/24
     flow-monitoring {
          aggregator foo
          selector foo
            }
          }
       }        


vyatta@R1# show services
service {
  flow-monitoring {
       exporter foo {
         udp-collector {
           address 192.168.122.200
           port 9995
                       }
                    }
            selector foo {
                 randomly {
                   out-of 10
                          }
                       }
             aggregator foo {
                 aggregator statistics: {
                    flows in cache: 18
                    expired flows: 180
                    expiration {
                       active-timeout 1800
                       inactive-timeout 15
                               }
                        next {
                                exporter foo
                             }
                        rule {
                           key destinationIPv4Address
                           key destinationTransportPort
                           key ingressInterface
                           key ipClassOfService
                           key protocolIdentifier
                           key sourceIPv4Address
                           key sourceTransportPort
                           non-key bgpDestinationAsNumber
                           non-key bgpSourceAsNumber
                           non-key destinationIPv4PrefixLength
                           non-key egressInterface
                           non-key flowEndMilliseconds
                           non-key flowStartMilliseconds
                           non-key ipNextHopIPv4Address
                           non-key octetDeltaCount
                           non-key packetDeltaCount
                           non-key sourceIPv4PrefixLength
                           non-key tcpControlBits     
                              }
                      }
             }

Exit the configuration mode. 

vyatta@R1# exit

Show exporter statistics. 

vyatta@R1:~$ show flow-monitoring
dataplane statistics:
    interface dp0s7:
        monitor default:
            packets observed:            884
            samples taken:                88

export daemon statistics:
  /exporter/default:
    /monitor/mon1/ipv4:
      reports received:                   88
      reports exported:                   88
    /monitor/mon1/ipv6:
      reports received:                    0
      reports exported:                    0
Note: If a data plane interface fails to gather samples because of resource constraints, show flow-monitoring displays the number of lost samples in the samples lost field (under the samples taken field) in the output.

Last updated: May 7, 2021