NetFlow/IPFIX interface: Difference between revisions
Access restrictions were established for this page. If you see this message, you have no access to this page.
No edit summary |
No edit summary |
||
| (36 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
The Allegro Network Multimeter can generate NetFlow/IPFIX | The Allegro Network Multimeter can generate NetFlow/IPFIX messages for the traffic it analyzes. The [[Settings]] enable users to configure the '''IPFIX''' output. | ||
for the traffic it | The IPFIX output can be configured to use a TCP or UDP connection to send IPFIX messages to a specific IP and port. | ||
See the [[Settings]] for detailed information about how to set the correct values. | |||
==IPFIX settings== | |||
It is possible to export standard IPFIX records as well as Allegro-specific interface statistics. | |||
''' IPFIX flow export''' | |||
The settings dialogue allows a user to specify an active flow timeout. Even if a flow is active, the Allegro Network Multimeter will generate and send a flow record in the specified amount of time. | |||
The flow export contains the following data: | |||
interface | *Start and end timestamp in milliseconds (start can be time of last export). | ||
** until firmware 4.0, timestamps were exported in nanoseconds resolution, but some IPFIX collectors do not support this | |||
*Source and destination IP address. | |||
*Source and destination port. | |||
*Layer 4 protocol (TCP, UDP, ...). | |||
*ingress and egress network interface. | |||
*IP DSCP class. | |||
*VLAN IDs, if applicable. | |||
*Number of bytes and packets per direction. | |||
Instead of the ingress/egress network interface, it is possible to report the Virtual Link Group of the flow by enabling the corresponding option in the [[Global_settings#IPFIX_settings|IPFIX settings]]. | |||
==Interface throughput measurement== | |||
The Allegro Network Multimeter is able to measure interface throughput on a millisecond basis to identify micro bursts in network connections. | |||
If Allegro-specific interface statistics is enabled in the [[Global_settings#IPFIX_settings|IPFIX settings]], regular messages are sent containing the number of packets and bytes within a configurable time interval. | |||
The Allegro Network Multimeter can measure time intervals as small as one millisecond; the exact value can be chosen in the [[Module_settings#Interface_and_MAC_throughput|Interface and MAC throughput]] configuration section. | |||
The | The message format is described as follows. | ||
is | |||
'''IPFIX message content''' | |||
The IPFIX message contains the following fields: | |||
allegroMessageType = 5 | |||
ingressInterface = ... | |||
packetDeltaCount = ... | |||
octetDeltaCount = ... | |||
= | allegroUpdateIntervalMilliseconds = ... | ||
observationTimeMilliseconds = ... | |||
''' | *message type 5 is the '''interface throughput update''' message. | ||
*the ingress interface describes the corresponding network interface on which the packets were received. The value corresponds to the interface ID in the interface stats web page. | |||
*the packet delta count describes the number of packets within the specified interval. | |||
*the octet delta count describes the number of bytes on Layer 2 within the specified interval. | |||
*the update interval describes the duration of the reported interval in milliseconds. | |||
*the observation timestamp describes the UTC timestamp of the reported interval in milliseconds. | |||
To calculate the (extrapolated) Bit/s throughput in the interval, the following formula can be used: | To calculate the (extrapolated) Bit/s throughput in the interval, the following formula can be used: | ||
bps = octectDeltaCount * 8 * 1000000 / updateInterval | bps = octectDeltaCount * 8 * 1000000 / updateInterval | ||
'''Detailed IPFIX message description''' | '''Detailed IPFIX message description''' | ||
The IPFIX module sends IPFIX templates for all its | The IPFIX module sends IPFIX templates for all its messages which is needed to decode the message. | ||
needed to decode the message. As reference, the format of the | As a reference, the format of the interface throughput updates is as follows: | ||
interface throughput updates is as follows: | |||
{| class="wikitable sortable" | |||
|- | |||
! Byte offset !! Size !! Meaning | |||
|- | |||
|0 || 1 || message type (allegro packets enterprise field, field key 0) | |||
|- | |||
|1 || 4 || ingress interface (predefined IPFIX field, field key 10) | |||
|- | |||
|5 || 8 || packet delta count (predefined IPFIX field, field key 2) | |||
|- | |||
|13 || 8 || octet delta count (predefined IPFIX field, field key 1) | |||
|- | |||
|21 || 8 || update interval (allegro packets enterprise field, field key 13) | |||
|- | |||
|29 || 8 || observation timestamp (predefined IPFIX field, field key 323) | |||
|} | |||
==SIP events== | |||
An event is reported upon SIP INVITE request and its OK response as well as BYE requests and its OK response. | |||
'''Template IDs''' | |||
= | {| class="wikitable" | ||
|+ | |||
!SIP event | |||
!Template ID | |||
|- | |||
|INVITE request | |||
|4352 | |||
|- | |||
|BYE request | |||
|8448 | |||
|- | |||
|OK response | |||
|2304 | |||
|- | |||
|} | |||
Latest revision as of 09:14, 18 June 2024
The Allegro Network Multimeter can generate NetFlow/IPFIX messages for the traffic it analyzes. The Settings enable users to configure the IPFIX output. The IPFIX output can be configured to use a TCP or UDP connection to send IPFIX messages to a specific IP and port. See the Settings for detailed information about how to set the correct values.
IPFIX settings
It is possible to export standard IPFIX records as well as Allegro-specific interface statistics.
IPFIX flow export
The settings dialogue allows a user to specify an active flow timeout. Even if a flow is active, the Allegro Network Multimeter will generate and send a flow record in the specified amount of time.
The flow export contains the following data:
- Start and end timestamp in milliseconds (start can be time of last export).
- until firmware 4.0, timestamps were exported in nanoseconds resolution, but some IPFIX collectors do not support this
- Source and destination IP address.
- Source and destination port.
- Layer 4 protocol (TCP, UDP, ...).
- ingress and egress network interface.
- IP DSCP class.
- VLAN IDs, if applicable.
- Number of bytes and packets per direction.
Instead of the ingress/egress network interface, it is possible to report the Virtual Link Group of the flow by enabling the corresponding option in the IPFIX settings.
Interface throughput measurement
The Allegro Network Multimeter is able to measure interface throughput on a millisecond basis to identify micro bursts in network connections. If Allegro-specific interface statistics is enabled in the IPFIX settings, regular messages are sent containing the number of packets and bytes within a configurable time interval. The Allegro Network Multimeter can measure time intervals as small as one millisecond; the exact value can be chosen in the Interface and MAC throughput configuration section.
The message format is described as follows.
IPFIX message content
The IPFIX message contains the following fields:
allegroMessageType = 5
ingressInterface = ...
packetDeltaCount = ...
octetDeltaCount = ...
allegroUpdateIntervalMilliseconds = ...
observationTimeMilliseconds = ...
- message type 5 is the interface throughput update message.
- the ingress interface describes the corresponding network interface on which the packets were received. The value corresponds to the interface ID in the interface stats web page.
- the packet delta count describes the number of packets within the specified interval.
- the octet delta count describes the number of bytes on Layer 2 within the specified interval.
- the update interval describes the duration of the reported interval in milliseconds.
- the observation timestamp describes the UTC timestamp of the reported interval in milliseconds.
To calculate the (extrapolated) Bit/s throughput in the interval, the following formula can be used:
bps = octectDeltaCount * 8 * 1000000 / updateInterval
Detailed IPFIX message description
The IPFIX module sends IPFIX templates for all its messages which is needed to decode the message.
As a reference, the format of the interface throughput updates is as follows:
| Byte offset | Size | Meaning |
|---|---|---|
| 0 | 1 | message type (allegro packets enterprise field, field key 0) |
| 1 | 4 | ingress interface (predefined IPFIX field, field key 10) |
| 5 | 8 | packet delta count (predefined IPFIX field, field key 2) |
| 13 | 8 | octet delta count (predefined IPFIX field, field key 1) |
| 21 | 8 | update interval (allegro packets enterprise field, field key 13) |
| 29 | 8 | observation timestamp (predefined IPFIX field, field key 323) |
SIP events
An event is reported upon SIP INVITE request and its OK response as well as BYE requests and its OK response.
Template IDs
| SIP event | Template ID |
|---|---|
| INVITE request | 4352 |
| BYE request | 8448 |
| OK response | 2304 |