IPv6 Traffic Measurement Using Netflow

In order to measure IPv6 traffic, Netflow can be used. Generate Netflow records for both IPv4 and IPv6 traffic, and then when they arrive at your collector (e.g. nfdump+nfsen) it can filter them out and draw different graphs. Or, you can send netflow packets for IPv4 and IPv6 traffic to separate UDP ports so that they’re already separated out (but then you’d have to sum them if you want a graph of total traffic).

For Cisco IOS:

You need to use the new “flexible netflow” CLI syntax to enable netflow for IPv6; the old syntax will only record IPv4 traffic.

Here is some sample config:

rtrX# configure terminal
 rtrX(config)# flow exporter EXPORTER-1
 rtrX(config-flow-exporter)# Description Export to collector
 rtrX(config-flow-exporter)# destination x.x.x.x
 rtrX(config-flow-exporter)# transport udp 9001
 rtrX(config-flow-exporter)# template data timeout 300
 rtrX(config-flow-exporter)# flow monitor FLOW-MONITOR-V4
 rtrX(config-flow-monitor)# exporter EXPORTER-1
 rtrX(config-flow-monitor)# record netflow ipv4 original-input
 rtrX(config-flow-monitor)# cache timeout active 300
 rtrX(config-flow-monitor)# flow monitor FLOW-MONITOR-V6
 rtrX(config-flow-monitor)# exporter EXPORTER-1
 rtrX(config-flow-monitor)# record netflow ipv6 original-input
 rtrX(config-flow-monitor)# cache timeout active 300
 rtrX(config)# interface FastEthernet 0/0
 rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 input
 rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 output
 rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 input
 rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 output
 rtrX(config-if)# exit
 rtrX(config)# snmp-server ifindex persist

If you want to send the v4 and v6 netflow data to different UDP ports, you create another flow exporter say EXPORTER-2 to udp port 9002, and bind the FLOW-MONITOR-V6 to that exporter

 

For JunOS:

[edit services]
flow-monitoring {
  version-ipfix {
    template IPv4-example {
      flow-active-timeout 300;
      flow-inactive-timeout 15;
      template-refresh-rate {
        seconds 30;
      }
      option-refresh-rate {
        seconds 30;
      }
      ipv4-template;
    }
    template IPv6-example {
      flow-active-timeout 300;
      flow-inactive-timeout 15;
      template-refresh-rate {
        seconds 30;
      }
      option-refresh-rate {
        seconds 30;
      }
      ipv6-template;
    }
  }
}

Sampling instance configuration in [edit forwarding-options] hierarchy is further provided:

[edit services]
sampling {
  instance {
    IPFIX-INSTANCE {
      input {
        rate 1;
      }
      family inet {
        output {
          flow-server x.x.x.x {
            port 4444;
            version-ipfix {
              template {
                IPv4-example;
              }
            }
          }
          inline-jflow {
            source-address y.y.y.y;
          }
        }
      }
      family inet6 {
        output {
          flow-server x.x.x.x {
            port 4444;
            version-ipfix {
              template {
                IPv6-example;
              }
            }
          }
          inline-jflow {
            source-address y.y.y.y;
          }
        }
      }
    }
  }
}

Further configuration is needed to associate sampling instance IPFIX-INSTANCE with particular hardware:

[edit chassis]
fpc 0 {
  sampling-instance IPFIX-INSTANCE;
}

But, for MX80 and MX104, the commands are little bit different. For MX80:

[edit chassis]
tfeb {
  slot 0 {
    sampling-instance IPFIX;
  }
}

For MX104:

[edit chassis]
afeb {
  slot 0 {
    sampling-instance IPFIX;
  }
}

Sampling input/output refers to the sampling export from the designated interface for specific address family according to the configuration example below:

[edit interface ge-1/0/0]
unit 0 {
  family inet {
    sampling {
      input;
      output;
    }
  }
  family inet6 {
    sampling {
      input;
      output;
    }
  }
}

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.