Integrações
Huawei
origin-as
É importante ressaltar que, para que os ASN (Autonomous System Numbers) sejam exportados, é necessário que o roteador possua pelo menos uma tabela de roteamento completa (full routing).
- Exemplo de configuração homologada.
Na caixa (Root/Admin)
slot 0 <0-10>
ip netstream sampler to slot self
ipv6 netstream sampler to slot self
Caixa (Root/Admin/VS)
ip netstream export version 9 origin-as bgp-nexthop ttl
ip netstream export template sequence-number fixed
ip netstream export index-switch 32
ip netstream as-mode 32
ip netstream timeout active 1
ip netstream timeout inactive 15
ip netstream export template timeout-rate 1
ip netstream export template option timeout-rate 1
ip netstream export template option application-label
ip netstream sampler fix-packets 1024 inbound
ip netstream sampler fix-packets 1024 outbound
ip netstream export source IP_ORIGEM
ip netstream export host IP_DO_RR_FLOW_API 3055
ipv6 netstream export version 9 origin-as bgp-nexthop ttl
ipv6 netstream export template sequence-number fixed
ipv6 netstream export index-switch 32
ipv6 netstream as-mode 32
ipv6 netstream timeout active 1
ipv6 netstream timeout inactive 15
ipv6 netstream export template timeout-rate 1
ipv6 netstream export template option timeout-rate 1
ipv6 netstream sampler fix-packets 1024 inbound
ipv6 netstream sampler fix-packets 1024 outbound
ipv6 netstream export source IP_ORIGEM
ipv6 netstream export host IP_DO_RR_FLOW_API 3055
# Sampling será fixo:
undo ip netstream export template option sampler
undo ipv6 netstream export template option sampler
# Adicione as interfaces de upstream.
interface Virtual-Ethernet0/1/101.408
description Operadora_1_IPv4
ip netstream inbound
ip netstream outbound
interface Virtual-Ethernet0/1/101.409
description Operadora_1_IPv6
ipv6 netstream inbound
ipv6 netstream outbound
interface 40GE0/1/49.2114
description Operadora_2_IPv4e6
ip netstream inbound
ip netstream outbound
ipv6 netstream inbound
ipv6 netstream outbound
É de extrema importância que o horário/UTC do roteador exportador de fluxos esteja devidamente configurado.
display clock
Perguntas frequentes
IP_ORIGEM - Normalmente o IP da interface de Loopback.
IP_DO_RR_FLOW_API Endereço IP do servidor RR Flow que irá receber os dados.
Em ambos vc pode configurar somente o IPv4 ou IPv6, exemplo:
ip netstream export source 10.50.50.50
ip netstream export host 172.16.0.100 3055
ipv6 netstream export source 10.50.50.50
ipv6 netstream export host 172.16.0.100 3055
Ou
ip netstream export source 2001:db8:ffff:ffff::ffff
ip netstream export host 2001:db8:cafe:d0ce::50 3055
ipv6 netstream export source 2001:db8:ffff:ffff::ffff
ipv6 netstream export host 2001:db8:cafe:d0ce::50 3055
ip netstream inbound | ip netstream outbound Associar às interfaces com IPv4 configurado que irão enviar os fluxos da interfaces. Normalmente apenas as interfaces de upstream.
interface 40GE0/1/49.32
vlan-type dot1q 32
description Operadora_IPv4
ip address 10.10.10.6 255.255.255.252
statistic enable
ip netstream inbound
ip netstream outbound
ipv6 netstream inbound | ipv6 netstream outbound Associar às interfaces com IPv6 configurado que irão enviar os fluxos da interfaces. Normalmente apenas as interfaces de upstream.
interface 40GE0/1/49.128
vlan-type dot1q 128
description Operadora_IPv6
ipv6 enable
ipv6 address 2001:DB8:1:1:1::2/64
statistic enable
ipv6 netstream inbound
ipv6 netstream outbound
Se a interfaces possuir IPv4 e IPv6
interface 40GE0/1/49.3264
vlan-type dot1q 3264
description Operadora_IPv6
ip address 10.10.10.6 255.255.255.252
ipv6 enable
ipv6 address 2001:DB8:1:1:1::2/64
statistic enable
ipv6 netstream inbound
ipv6 netstream outbound
Junos
Contribuição @Maykbn utilizando MX204.
set services flow-monitoring version-ipfix template ipv4 flow-active-timeout 60
set services flow-monitoring version-ipfix template ipv4 flow-inactive-timeout 15
set services flow-monitoring version-ipfix template ipv4 template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template ipv4 option-refresh-rate seconds 30
set services flow-monitoring version-ipfix template ipv4 ipv4-template
set services flow-monitoring version-ipfix template ipv6 flow-active-timeout 60
set services flow-monitoring version-ipfix template ipv6 flow-inactive-timeout 15
set services flow-monitoring version-ipfix template ipv6 template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template ipv6 option-refresh-rate seconds 30
set services flow-monitoring version-ipfix template ipv6 ipv6-template
set services flow-monitoring version-ipfix template ipv6 flow-key flow-direction
set forwarding-options sampling instance netflow input rate 1024
set forwarding-options sampling instance netflow input run-length 0
set forwarding-options sampling instance netflow family inet output flow-active-timeout 60
set forwarding-options sampling instance netflow family inet output flow-server IP_DESTINO port PORTA_DESTINO
set forwarding-options sampling instance netflow family inet output flow-server IP_DESTINO autonomous-system-type origin
set forwarding-options sampling instance netflow family inet output flow-server IP_DESTINO no-local-dump
set forwarding-options sampling instance netflow family inet output flow-server IP_DESTINO version-ipfix template ipv4
set forwarding-options sampling instance netflow family inet output inline-jflow source-address IP_ORIGEM
set forwarding-options sampling instance netflow family inet6 output flow-active-timeout 60
set forwarding-options sampling instance netflow family inet6 output flow-server IP_DESTINO port PORTA_DESTINO
set forwarding-options sampling instance netflow family inet6 output flow-server IP_DESTINO autonomous-system-type origin
set forwarding-options sampling instance netflow family inet6 output flow-server IP_DESTINO no-local-dump
set forwarding-options sampling instance netflow family inet6 output flow-server IP_DESTINO version-ipfix template ipv6
set forwarding-options sampling instance netflow family inet6 output inline-jflow source-address IP_ORIGEM
set chassis fpc 0 sampling-instance netflow
set chassis fpc 0 inline-services flow-table-size ipv4-flow-table-size 10
set chassis fpc 0 inline-services flow-table-size ipv6-flow-table-size 5
# Adicione as interfaces de upstream.
set interfaces ge-0/0/0 unit 0 family inet sampling input
set interfaces ge-0/0/0 unit 0 family inet sampling output
set interfaces ge-0/0/0 unit 0 family inet6 sampling input
set interfaces ge-0/0/0 unit 0 family inet6 sampling output
Contribuição @charles_barreto utilizando MX104/MX80.
set services flow-monitoring version-ipfix template ipv4 flow-active-timeout 60
set services flow-monitoring version-ipfix template ipv4 flow-inactive-timeout 15
set services flow-monitoring version-ipfix template ipv4 template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template ipv4 option-refresh-rate seconds 30
set services flow-monitoring version-ipfix template ipv4 ipv4-template
set services flow-monitoring version-ipfix template ipv6 flow-active-timeout 60
set services flow-monitoring version-ipfix template ipv6 flow-inactive-timeout 15
set services flow-monitoring version-ipfix template ipv6 template-refresh-rate seconds 30
set services flow-monitoring version-ipfix template ipv6 option-refresh-rate seconds 30
set services flow-monitoring version-ipfix template ipv6 ipv6-template
set services flow-monitoring version-ipfix template ipv6 flow-key flow-direction
set forwarding-options sampling instance netflow input rate 1024
set forwarding-options sampling instance netflow input run-length 0
set forwarding-options sampling instance netflow family inet output flow-active-timeout 15
set forwarding-options sampling instance netflow family inet output flow-server IP_DESTINO port PORTA_DESTINO
set forwarding-options sampling instance netflow family inet output flow-server IP_DESTINO autonomous-system-type origin
set forwarding-options sampling instance netflow family inet output flow-server IP_DESTINO no-local-dump
set forwarding-options sampling instance netflow family inet output flow-server IP_DESTINO version-ipfix template ipv4
set forwarding-options sampling instance netflow family inet output inline-jflow source-address IP_ORIGEM
set forwarding-options sampling instance netflow family inet6 output flow-active-timeout 15
set forwarding-options sampling instance netflow family inet6 output flow-server IP_DESTINO port PORTA_DESTINO
set forwarding-options sampling instance netflow family inet6 output flow-server IP_DESTINO autonomous-system-type origin
set forwarding-options sampling instance netflow family inet6 output flow-server IP_DESTINO no-local-dump
set forwarding-options sampling instance netflow family inet6 output flow-server IP_DESTINO version-ipfix template ipv6
set forwarding-options sampling instance netflow family inet6 output inline-jflow source-address IP_ORIGEM
set chassis afeb slot 0 sampling-instance netflow
# Adicione as interfaces de upstream.
set interfaces xe-2/0/1 unit 0 family inet sampling input
set interfaces xe-2/0/1 unit 0 family inet sampling output
set interfaces xe-2/0/1 unit 1 family inet6 sampling input
set interfaces xe-2/0/1 unit 1 family inet6 sampling output
Cisco
Exemplo 1
Contribuição @leofurtadonyc.
!
flow record RR_FLOW_RECORD_V4
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match bgp source-as
match bgp destination-as
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
flow record RR_FLOW_RECORD_V6
match ipv6 source address
match ipv6 destination address
match transport source-port
match transport destination-port
match bgp source-as
match bgp destination-as
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter RR_FLOW_EXPORTER
destination IP_DO_RR_FLOW_API
source IP_ORIGEM
transport udp 3055
template data timeout 60
!
!
flow monitor RR_FLOW_MONITOR_V4
exporter RR_FLOW_EXPORTER
cache timeout active 60
cache timeout inactive 15
record RR_FLOW_RECORD_V4
!
flow monitor RR_FLOW_MONITOR_V6
exporter RR_FLOW_EXPORTER
cache timeout active 60
cache timeout inactive 15
record RR_FLOW_RECORD_V6
!
!
! Aplicar o NetFlow às interfaces de upstream, exemplos:
!
!
interface GigabitEthernet0/0/0
ip address 10.0.0.1 255.255.255.252
ip flow monitor RR_FLOW_MONITOR_V4 input
ip flow monitor RR_FLOW_MONITOR_V4 output
!
interface GigabitEthernet0/0/1
ipv6 address 2001:DB8:ABCD::1/64
ipv6 flow monitor RR_FLOW_MONITOR_V6 input
ipv6 flow monitor RR_FLOW_MONITOR_V6 output
!
interface GigabitEthernet0/0/2
ip address 10.0.0.1 255.255.255.252
ipv6 address 2001:DB8:ABCD::1/64
ip flow monitor RR_FLOW_MONITOR_V4 input
ip flow monitor RR_FLOW_MONITOR_V4 output
ipv6 flow monitor RR_FLOW_MONITOR_V6 input
ipv6 flow monitor RR_FLOW_MONITOR_V6 output
!
Exemplo 2
!
flow record RR_FLOW_RECORD_V4
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 id
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags
collect interface output
collect flow sampler
collect counter bytes
collect counter packets
collect counter bytes long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
flow record RR_FLOW_RECORD_V6
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 id
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags
collect interface output
collect flow sampler
collect counter bytes
collect counter packets
collect counter bytes long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter RR_FLOW_EXPORTER
destination IP_DO_RR_FLOW_API
source IP_ORIGEM
transport udp 3055
template data timeout 60
!
!
flow monitor RR_FLOW_MONITOR_V4
exporter RR_FLOW_EXPORTER
cache timeout active 60
cache timeout inactive 15
record RR_FLOW_RECORD_V4
!
flow monitor RR_FLOW_MONITOR_V6
exporter RR_FLOW_EXPORTER
cache timeout active 60
cache timeout inactive 15
record RR_FLOW_RECORD_V6
!
!
! Aplicar o NetFlow às interfaces de upstream, exemplos:
!
!
interface GigabitEthernet0/0/0
ip address 10.0.0.1 255.255.255.252
ip flow monitor RR_FLOW_MONITOR_V4 input
ip flow monitor RR_FLOW_MONITOR_V4 output
!
interface GigabitEthernet0/0/1
ipv6 address 2001:DB8:ABCD::1/64
ipv6 flow monitor RR_FLOW_MONITOR_V6 input
ipv6 flow monitor RR_FLOW_MONITOR_V6 output
!
interface GigabitEthernet0/0/2
ip address 10.0.0.1 255.255.255.252
ipv6 address 2001:DB8:ABCD::1/64
ip flow monitor RR_FLOW_MONITOR_V4 input
ip flow monitor RR_FLOW_MONITOR_V4 output
ipv6 flow monitor RR_FLOW_MONITOR_V6 input
ipv6 flow monitor RR_FLOW_MONITOR_V6 output
!
RouterOS
Sem suporte dados de ASN🤡
O RouterOS atualmente não envia dados de ASN em seu fluxo, o que resulta na ausência de algumas informações no carregamento das dashboards. Se você deseja ter essa funcionalidade não deixe de cobrar aos desenvolvedores no fórum neste tópico aqui
Configurações que obtive mais eficazes, porém sem dados de ASN, não adianta reclamar, não posso oferecer suporte!
/ip traffic-flow set \
active-flow-timeout=5m \
inactive-flow-timeout=15 \
cache-entries=4k \
enabled=yes
interfaces=INTERFACE_UPSTREAM
/ip traffic-flow target add \
dst-address=IP_RR_NFDUMP_API \
port=PORTA_RR_NFDUMP_API \
src-address=IP_SOURCE_DO_SEU_ROUTER \
version=ipfix
Ajuste do seu config.json
...
"source_path": [
{
"buffer": "67108864",
"compress": "lz4",
"name": "Cgnat",
"port": 3056,
"sampling": 5,
"snmp": [
{
"community": "naoemaissegredo",
"ip": "10.0.0.6",
"port": 161,
"version": 2
}
],
"type": "netflow",
"vendor": "routeros"
}
]
...
Peer BGP RouterOS
Para obter os dados via SNMP de peers (apenas v4) no RouterOS é possível apartir da versão 7.10 ou superior.