NFSIM Configuration with IPv4 & IPv6 caches and Netflow v9 Export
From IPFlow Netflow Collector
NFSIM Configuration with IPv4 & IPv6 caches and Netflow v9 Export
In this section, a relatively complex configuration with Netflow Simulator reading IPv4 and IPv6 packets and sending Netflow v9 packets will be studied.
general {
device eth1;
ipv4-cache main-ipv4-cache;
ipv6-cache main-ipv6-cache;
};
/* Main Netflow cache for IPv4 */
cache main-ipv4-cache {
fields {
ipv4-src-addr;
ipv4-dst-addr;
tos;
protocol;
src-port;
dst-port;
};
active-timeout 300;
inactive-timeout 15;
/* Export using template 256 */
exporters {
Netflow_v9_Export;
};
template 256;
};
/* Main Netflow cache for IPv6 */
cache main-ipv6-cache {
fields {
ipv6-src-addr;
ipv6-dst-addr;
ipv6-flow-label;
tos;
protocol;
src-port;
dst-port;
};
active-timeout 300;
inactive-timeout 15;
/* Export using template 257 */
exporters {
Netflow_v9_Export;
};
template 257;
};
exporter Netflow_v9_Export {
version 9;
/* IPv4 Template Definition */
template 256 {
/* Template is sent every minute */
timeout-rate 1;
/* Exported Fields */
fields {
ipv4-src-addr;
ipv4-dst-addr;
tos;
protocol;
src-port;
dst-port;
tcp-flags;
first-switch;
last-switch;
packets;
bytes;
};
};
/* IPv6 Template Definition */
template 257 {
/* Template is sent every minute */
timeout-rate 1;
/* Exported Fields */
fields {
ipv6-src-addr;
ipv6-dst-addr;
ipv6-options-headers;
tos;
protocol;
src-port;
dst-port;
tcp-flags;
first-switch;
last-switch;
packets;
bytes;
};
};
/* Netflow collector receiving flows */
receiver {
hostname 10.10.5.5;
port 10000;
};
};
The following collector configuration (running on host 10.10.5.5 and listening on UDP port 10000) would display IPv4 and IPv6 flows at screen:
router nfsim {
ip-address 127.0.0.1; /* not really useful here */
snmp-bypass yes; /* NFSIM does not support (yet) SNMP */
netflow {
version 9;
receiver-port 50000;
template-model ipv4 {
mandatory-fields {
ipv4-src-addr;
ipv4-dst-addr;
};
rule ipv4_rule;
};
template-model ipv6 {
mandatory-fields {
ipv6-src-addr;
ipv6-dst-addr;
};
rule ipv6_rule;
};
};
};
channel ipv4_screen {
filename "/dev/tty";
log-format default;
};
channel ipv6_screen {
filename "/dev/tty";
log-format ipv6_default;
};
rule ipv4_rule {
term 1 {
channel ipv4_screen;
color yellow;
};
};
rule ipv6_rule {
term 1 {
channel ipv6_screen;
color green;
};
};
Output Example:
nfsim 2005-04-20 14:20:05.949 | 67.19.197.18 | 194.199.46.5 | udp 53 32955 | P: 2 | S: 282 | T: 2249 | *unknown* -> *local* nfsim 2005-04-20 14:20:05.967 | 195.83.155.17 | 62.244.81.26 | tcp 80 8982 | P: 3 | S: 352 | T: 60 | *unknown* -> *local* nfsim 2005-04-20 14:20:13.411 | fe80::20b:45ff:feb6:3700 | fe80::209:e9ff:fecb:df00 | icmpv6 0 34560 | P: 1 | S: 1500 | T: 0 | *unknown* -> *local* nfsim 2005-04-20 14:20:13.412 | fe80::209:e9ff:fecb:df00 | fe80::20b:45ff:feb6:3700 | icmpv6 0 34816 | P: 1 | S: 52 | T: 0 | *unknown* -> *local* nfsim 2005-04-20 14:20:05.971 | 195.83.155.17 | 62.244.81.26 | tcp 80 8983 | P: 3 | S: 353 | T: 70 | *unknown* -> *local*
