CH logo® Knowledge Base
Contents Search
   

 

Router Flow Configs

This article covers the configuration of flow data export from the following specific routers:

Notes:
- For general (not model-specific) information about router configuration, as well as information on flow export troubleshooting and on SNMP polling, see Router Configuration.
- For configuration of routers for BGP peering with Kentik Detect, see Router BGP Configs.
- To learn how to register routers on the Kentik system see Device Admin.
- For general information about flow, see Flow Overview.
- For information about host configuration, see Host Configuration.
- As used in this article, the term “router” refers as well to other non-host network devices such as switches.

 

 
 top

About Router Flow Configs

The topics below provide router configuration information for a variety of specific router hardware/software combinations. Because every vendor changes flow configuration slightly based on hardware and software versions, the configuration information below is provided for reference only. Check your router vendor documentation before configuring your devices for use with Kentik Detect.

The following general points apply to all of the configurations provided below:

  • Routers must be configured to persist SNMP interface IDs across reboots. The example configurations below include, where applicable, the commands to accomplish this.
  • The router configurations below don’t include configuration for SNMP V3, which is supported by Kentik Detect. Consult your router documentation for correct configuration of SNMP V3.

 

 
 top

Arista Flow

The configuration example below applies to Arista routers, which generate sFlow. The example is based on the following considerations:

  • Destination: The IP address and port to which flow data should be sent:
    - To send flow data directly to Kentik, use the IP address and port assigned to your company, which you’ll find in the General Settings tab of the Add Device dialog in the Kentik Detect portal (Admin » Devices; see Device Config Info).
    - To direct the data to Kentik’s chfagent encryption agent (see NetFlow Proxy Agent), which by default listens on port 9995, use the IP address of the host running chfagent.
  • Interface: The name of the interface from which to source the sFlow packets (placeholder name for purpose of this example is interface_name).
  • Sample rate: Choose a sampling rate based on the total volume of traffic passing through the switch as described in Flow Sampling.

Arista configuration example (placeholder values in italics):

! Send either direct to Kentik Detect or to chfagent.
sflow destination flow_collector_ip flow_collector_port
! Name of interface whose IP will be source of flow records.
sflow source-interface interface_name
sflow polling-interval 10
! Set sample rate based on flow volume.
sflow sample sample_rate
sflow run

Note: SNMP ID persistence is on by default, and should be left on for Kentik-registered devices.

 

 
 top

Brocade Flow

The following considerations apply when configuring a Brocade router:

  • Ingress vs. egress options do not exist.
  • Traffic on sFlow-forwarding enabled interfaces are examined on ingress
  • The destination is the IP address and port to which flow data should be sent:
    - To send flow data directly to Kentik, use the IP address and port assigned to your company, which you’ll find in the General Settings tab of the Add Device dialog in the Kentik Detect portal (Admin » Devices; see Device Config Info).
    - To direct the data to Kentik’s chfagent encryption agent (see NetFlow Proxy Agent), which by default listens on port 9995, use the IP address of the host running chfagent.

The following configuration has been tested on a Brocade Fastiron-SX running 05.1.00cT3e3 (placeholder values in italics):

sflow enable
! Set sample rate based on flow volume.
sflow sample sample_rate
! Send either direct to Kentik Detect or to chfagent.
sflow destination flow_collector_ip flow_collector_port

Perform the following additional configuration on each interface:

sflow-forwarding

Notes:
- Set sample rate as recommended in Flow Sampling.
- For further information, please refer to Brocade documentation.
- Routers must persist SNMP interface IDs across reboots. Brocade routers are automatically configured to do this by default.

 

 
 top

Cisco 6500/7600 Flow

The following example shows configuration for Cisco 6500/7600 series (placeholder values in italics):

snmp-server ifindex persist
snmp ifmib ifindex persist

! Name of interface whose IP will be source of flow records.
ip flow-export source interface_name
ip flow-export version 9
! Send either direct to Kentik Detect or to chfagent.
ip flow-export flow_collector_ip flow_collector_port

ip flow-cache timeout active 1

mls nde sender version 9
! Set sample rate based on flow volume.
mls sampling packet-based sample_rate 8000

mls flow ip interface-full
mls flow ipv6 interface-full
mls nde interface
mls aging long 64
mls aging normal 64

flow-sampler-map mysampler
! Match sample rate set above.
  mode random one-out-of sample_rate

Perform the following additional configuration on each interface and subinterface that has an IP address:

mls netflow sampling
flow-sampler mysampler

Notes:
- The flow collector IP and port may be either the ingest IP and port for Kentik Detect (see Device Config Info), or the IP of a host running Kentik’s chfagent encryption agent (see NetFlow Proxy Agent), which by default listens on port 9995.
- When configuring a Cisco 6500/7600 series router, layer-2 traffic between ports on the same VLAN is not exported as NetFlow until it becomes layer-3 switched/routed.
- For further information, please refer to Cisco documentation on sampled NetFlow.

 

 
 top

Cisco IOS-XR Flow

The following configuration applies to Cisco routers that run Cisco IOS-XR software, including the ASR series, and reflects our recommendation to use ingress on any interface with an ipv4/ipv6 address (placeholder values in italics):

snmp-server ifindex persist
snmp ifmib ifindex persist
!
flow exporter-map FLOW-EXPORT
  version v9
    options interface-table timeout 60
    options sampler-table timeout 60
    template timeout 30
  !
  ! 20013 for Kentik; 9995 (default) for chfagent.
  transport udp flow_collector_port
  ! Name of interface whose IP will be source of flow records.
  source interface_name
  ! IP of either Kentik Detect or chfagent.
  destination flow_collector_ip
  !
flow monitor-map FLOW-IPv4
  record ipv4
  exporter FLOW-EXPORT
  cache entries 500000
  cache timeout active 60
  cache timeout inactive 15
!
flow monitor-map FLOW-IPv6
  record ipv6
  exporter FLOW-EXPORT
  cache timeout active 60
  cache timeout inactive 15
!
sampler-map FLOW-SAMPLER
  ! Set sample rate based on flow volume.
  random 1 out-of sample_rate
!
interface TenGigE0/0/0/0
  ipv4 address y.z.w.v/30
  ipv6 address y:y:y:y::1/64
  load-interval 30
  flow ipv4 monitor FLOW-IPv4 sampler FLOW-SAMPLER ingress
  flow ipv6 monitor FLOW-IPv6 sampler FLOW-SAMPLER ingress

Notes:
- The destination IP and port may be either the ingest IP and port for Kentik Detect (see Device Config Info), or the IP of a host running Kentik’s chfagent encryption agent (see NetFlow Proxy Agent), which by default listens on port 9995.
- Set sample rate as recommended in Flow Sampling.

 

 
 top

Cisco Nexus 3000 Flow

The configuration example below applies to Cisco Nexus 3000 routers, which export only sFlow. The example is based on the following considerations:

  • Destination: The IP address and port to which flow data should be sent:
    - To direct the data directly to Kentik, use the ingest IP and port for Kentik Detect (see Device Config Info).
    - To send flow data via Kentik’s chfagent encryption agent (see NetFlow Proxy Agent), which by default listens on port 9995, use the IP address of the host running chfagent.
  • Interface: The name of the interface from which to source the sFlow packets (placeholder name for purpose of this example is interface_name).
  • Sample rate: Choose a sampling rate (sampler mode setting) based on the total volume of traffic passing through the switch as described in Flow Sampling.

Cisco Nexus 3000 configuration example (placeholder values in italics):

feature sflow
! Set sample rate based on flow volume.
sflow sampling-rate 1000
sflow max-sampled-size 200
sflow counter-poll-interval 100
sflow max-datagram-size 2000
! Destination can be Kentik or chfagent.
sflow collector-ip flow_collector_ip vrf management
! 20013 for Kentik; 9995 (default) for chfagent.
sflow collector-port flow_collector_port
! Set to IP of interface on next line.
sflow agent-ip interface_ip
! Name of interface whose IP will be source of flow records.
sflow data-source interface interface_name

Note: SNMP ID persistence is on by default, and should be left on for Kentik-registered devices.

 

 
 top

Cisco Nexus 6000/7000 Flow

The configuration example below applies to Cisco Nexus 6000/7000 routers. The example is based on the following considerations:

  • Destination: The IP address and port to which flow data should be sent:
    - The example below directs the data directly to Kentik; use the ingest IP and port assigned to your company for Kentik Detect (see Device Config Info).
    - You can also send flow data to Kentik’s chfagent encryption agent (see NetFlow Proxy Agent), which by default listens on port 9995; use the IP address of the host running chfagent.
  • Interface: The name of the interface from which to source the sFlow packets (placeholder name for purpose of this example is interface_name).
  • Sample rate: Choose a sampling rate (sampler mode setting) based on the total volume of traffic passing through the switch as described in Flow Sampling.

Cisco Nexus 6000/7000 configuration example (placeholder values in italics):

feature netflow

flow exporter kentik
  description export netflow to kentik
! Destination IP for Kentik or chfagent.
  destination flow_collector_ip
  export Version 9
! 20013 for Kentik; 9995 (default) for chfagent.
  transport udp flow_collector_port
! Name of interface whose IP will be source of flow records.
  source interface_name

flow monitor monitor-kentik
  exporter kentik
  record netflow-original

sampler sampler-kentik
! Set sample rate based on flow volume.
  mode 1 out-of sample_rate

Perform the following additional configuration on each interface and subinterface that has an IP address:

ip flow monitor monitor-kentik input sampler-kentik

Note: SNMP ID persistence is on by default, and should be left on for Kentik-registered devices.

 

 
 top

Juniper MX Flow

By default Juniper devices export flow data as JFlow (equivalent to NetFlow version 5), but the Juniper MX Series can be set to export in-line JFlow as IPFIX instead. If you are unable to support in-line JFlow, try using NetFlow version 5 instead.

Notes:
- Routers must persist SNMP interface IDs across reboots. Juniper routers running the JUNOS operating system are automatically configured to do this by default.
- The Juniper MX default flow table size may not be large enough for some networks/environments, which will result in under-reporting in the flow data. See Adjusting Flow Table Size.

The following configuration has been tested on the Juniper MX80 with the TRIO chipset, which provides in-line JFlow support (placeholder values in italics):

services {
  flow-monitoring {
    version-ipfix {
      template ipv4 {
        flow-active-timeout 10;
        flow-inactive-timeout 10;
        template-refresh-rate {
          packets 30;
          seconds 60;
        }
       option-refresh-rate {
          packets 30;
          seconds 30;
        }
        ipv4-template;
      }
    }
  }
forwarding-options {
  sampling {
    instance {
      sample-ins {
        input {
          # Set sample rate based on flow volume.
          rate sample_rate;
          max-packets-per-second 65535;
        }
        family inet {
          output {
            # Destination can be Kentik or agent.
            flow-server destination_IP {
              # 20013 for Kentik; 9995 (default) for chfagent.
              port flow_collector_port;
              autonomous-system-type origin;
              # IP of interface that will be source of flow records.
              source-address source_ip;
              version-ipfix {
                template {
                  ipv4;
                }
              }
            }
            inline-jflow {
              # IP of interface that will be source of flow records.
              source-address source_ip;
            }
          }
        }
      }
    }
  }
}

For each linecard that you have active interfaces on, you’ll need to add a sampling-instance to the chassis config stanza:

chassis {
  fpc 0 {
    sampling-instance KENTIK;
  }
  fpc 1 {
    sampling-instance KENTIK;
  }
}

On every interface that has a family inet (including IRB interfaces), add a sampling input:

family inet {
  sampling {
    input;
  }
}

Notes:
- Set sample rate as recommended in Flow Sampling.
- For further information, please refer to Juniper configuration documentation.

 

Adjusting Flow Table Size

The Juniper MX default flow table size may not be large enough for some networks/environments, which will result in under-reporting in the flow data. The flow table size can be adjusted in increments of 256K flows with the following configuration:

chassis {
  # for MX-104, use "afeb slot 0"
  fpc 0 {
    inline-services {
      flow-table-size {
        # 15 × 256K = ˜4M
        ipv4-flow-table-size 15;
      }
    }
  }
}

Note: Adjusting the flow table size will cause the FPC to reboot. For more information, refer to the Juniper flow table size documentation.

 

 
 top

Vyatta Flow

The following configuration example shows the settings for monitoring a single interface on a Vyatta device that supports sFlow:

set system flow-accounting ingress-capture pre-dnat
# Name of interface on which to monitor flow (repeat this line for each interface to monitor).
set system flow-accounting interface interface_name
set system flow-accounting sflow agent-address auto
# Set sample rate based on flow volume.
set system flow-accounting sflow sampling-rate sample_rate
# Send either direct to Kentik Detect or to chfagent.
set system flow-accounting sflow server flow_collector_ip port flow_collector_port

Notes:
- SNMP ID persistence is on by default, and should be left on for Kentik-registered devices.
- The flow collector IP and port may be either the ingest IP and port for Kentik Detect (see Device Config Info), or IP of a host running Kentik’s chfagent encryption agent (see NetFlow Proxy Agent), which by default listens on port 9995.
- Set sample rate as recommended in Flow Sampling.

 

In this article: