The Bluecoat Crossbeam NetFlow Support instructions for configuring flow sampling can be found in the XOS Configuration Guide. Outlined below is an explanation for configuring NetFlow or IPFIX.
Configuring Crossbeam NetFlow Support
XOS can generate NetFlow data on the X-Series Platform and forward flows to one or more external NetFlow collectors for analysis. Software on each APM generates NetFlow data and forwards it to the CPM where it is aggregated before transmission to the external NetFlow collector(s). Supported NetFlow versions are 5, 9, and even IPFIX.
IPFIX is the official IETF standard for all flow technologies. To configure NetFlow data generation on an X-Series Platform, you can use these commands:
- configure netflow — This command defines the NetFlow version and the IP addresses to which the flow statistics are exported by the CPM.
Configure Flow Provisioning
- configure circuit — This command defines whether NetFlow is enabled for the circuit, how often you want to capture a sample from the flow, and which values you want for the active and inactive timers.
- show netflow circuit – is used to view the current NetFlow configuration for any circuit. If you provide the name of a circuit, the command displays information about that circuit. If no circuit name is provided, information about all circuits on which NetFlow is configured is displayed.
- show netflow export – displays the list of external servers to which NetFlow information is being sent. These commands are described in detail in the XOS Command Reference Guide.
Crossbeam NetFlow Configuration NOTES
- No data analysis is performed on the X-Series chassis.
- The number of NetFlow-configured circuits that can be configured on any VAP group is limited for the following VAP operating systems:
- xsve: 16
- xslinux_v5: 16
- xslinux_v5_64: 16
- All other VAP operating systems do not support NetFlow.
Crossbeam NetFlow Configuration Example
The following command configured IPFIX (aka NetFlow version 10)
- CBS# configure netflow version 10
The following commands configure the inbound circuit as part of the fw1 VAP group and enables NetFlow data sampling with a sampling rate of one packet in every 2,000. Possible values range from 100 to 10, 000 and the default is 1,000.
- CBS# configure circuit inbound
- CBS(conf-cct)# vap-group fw1
- CBS(conf-cct-vapgroup)# netflow enable
- CBS(conf-cct-vapgroup)# netflow sampling-mode packet-interval 1000
Normally, a NetFlow record is generated when a flow ends. If you want to break up a long-lived flow into segments to even out spikes in your flow reports, you can use the expiration of the active timeout to generate a record before the flow ends. If a flow is open but, traffic volume is low, you can configure the inactive timeout to force the generation of a NetFlow record. The termination of flows for protocols such as UDP are not detected but, the inactive timeout will generate a record for them. Active timeout values range from 30 to 3,600 seconds. Inactive timeout values range from 10 to 600 seconds. The following commands configure the active and inactive timeout values for NetFlow on the inbound circuit.
- CBS(conf-cct-vapgroup)# netflow timeout active 60
- CBS(conf-cct-vapgroup)# netflow timeout inactive 15
- CBS(conf-cct-vapgroup)# end
- CBS#
The following commands configure the IP addresses of two external NetFlow collectors. UDP Port 2077 is configured for the first collector and accepting the default port (2055) for the second collector.
NOTE: The IP address can be an IPv6 or an IPv4 address.
The next step is to configure flow provisioning.
- CBS# configure netflow export 192.168.101.54 2077
- CBS# configure netflow export 2001:db8:2530:13cf::25
The following command displays the current NetFlow settings.
- CBS# show netflow
- NetFlow Version : 10
- NetFlow Export (port) : 192.168.101.54 (2077), 2001:db8:2530:13cf::25 (2055)
- Circuit Name : inbound
- VAP Group : fw1
- NetFlow Enabled (true/false) : t
- NetFlow Sampled Packet Interval : 2000
- NetFlow Active Timeout (seconds) : 2500
- NetFlow Inactive Timeout (seconds) : 30
- SNMP Interface Index (fw1_1) : 2073
NOTE: The output of the show netflow command contains a block of information, similar to the one for the inbound circuit above, for each circuit on which NetFlow has been configured.
If after configuring the above you have any problems get this to work with our NetFlow analyzer, reach out to our team. We’ll get you up and running in no time.