NFSIM Configuration with IPv4 cache and Netflow v5 Export

From IPFlow Netflow Collector

In this section, a classical configuration with Netflow Simulator reading IPv4 packets and sending Netflow v5 packets will be studied.

Please consider the following configuration:

general {
    device eth1;
    ipv4-cache main-ipv4-cache;
};

/* Main Netflow cache for IPv4 */
cache main-ipv4-cache {
    fields {
        ipv4-src-addr;
        ipv4-dst-addr;
        tos;
        protocol;
        src-port;
        dst-port;
    };

    exporters {
        netflow_v5_export;
    };
};

exporter netflow_v5_export {
    version 5;

    receiver {   /* Netflow collector 1: 10.10.5.5, port 10000 */
        hostname 10.10.5.5;
        port 10000;
    };

    receiver {   /* Netflow collector 2: 10.10.6.6, port 10000 */
        hostname 10.10.6.6;
        port 10000;
    };
};

The key in the Netflow cache is based on these fields:

IPv4 Source Address (ipv4-src-addr)
IPv4 Destination Address (ipv4-dst-addr)
IP Type Of Service (ToS) (tos)
UDP/TCP Source Port (src-port)
UDP/TCP Destination Port (dst-port)

When flows expire, Netflow v5 packets are automatically generated and sent to two collectors (10.10.5.5 and 10.10.6.6, on UDP port 10000).

The Netflow Simulator would produce the following output:

nfc-c:~# ipflow nf_sim config-test1.txt 
IPFlow Collector - Release 0.49.8 19-Apr-05 (CURRENT)
Compiled at Apr 19 2005 19:01:32 by Christophe Fillot (cf@utc.fr)

Creating site matrix for traffic classifier.
8 sites, 2 networks found in configuration.
Netflow Simulator started on device eth1.

Retrieved from "http://www.ipflow.utc.fr/index.php/NFSIM_Configuration_with_IPv4_cache_and_Netflow_v5_Export"

NFSIM Configuration with IPv4 cache and Netflow v5 Export

From IPFlow Netflow Collector

Views

Personal tools

Navigation

Search

Toolbox