Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

Table of Contents

Netflow Daemon Listening UDP Port

Since version 3 of opFlow the default listening port is the more-or-less standard port 9995; for . For instructing nfdump/nfcapd to use a different port see the opFlow 3 Installation Guide or opFlow 4 Installation Guide.
(In legacy version 2.x, a different flow collector was used, and the default port was 12345; instructions . Instructions for changing that can be found in the opFlow 2.x Installation Guide.

...

The following is a basic Cisco Router configuration for telling the router to send Netflow NetFlow data to the opFlow.

Code Block
themeEmacs
! this command is optional, this will flow data about in-progress flows, very handy for large file transfers.
ip flow-cache timeout active 1
! version can be 5 or 9 with 9 add IPV4IPv4 template
ip flow-export version 5 
ip flow-export destination <opflow_server> 123459995
!
interface FastEthernet0/0
 !only if you want output traffic
 ip flow ingress
 !only if you want input traffic
 ip flow egress

 

...

Sample Juniper J-Flow Configuration for SRX

J-

...

Flow version 5 example (

...

IPv4 only)

To keep things simple if you are only looking at IPV4 IPv4 traffic then use Version 5 J-Flow example below.  As shown

Code Block
interfaces {                            
    ge-0/0/0 {                          
        unit 0 {                        
            family inet {               
                sampling {              
                    input;              
                    output;  
                    
forwarding-options {                    
    sampling {                          
        input {                         
            rate 100;     
####   This means 1 in every 100 packets is sampled  DO NOT reduce this to 1 unless the router is very lightly loaded.                 
        }                               
        family inet {                   
            output {                    
                flow-server 192.168.1.1 {
                    port 12345;         
                    version 5; 
###  Version 5 is simplest but only supports IPV4IPv4      
                }                       
            }                           
        }                               
    }                                   
}

...

 

J-

...

Flow version 9

J-FLow Flow version 9 supports other protocols such as IPV6 IPv6 and MPLS.  To get good results we recommend you still only use a template for IPV4 IPv4 with Version 9.  There are some subtle differences with the SRX models for the config so please refer to to J-Flow SRX version 9 Config Examples

Configuring Cisco Meraki to send NetFlow data to opFlow

To configure NetFlow data to be sent to opFlow if your network is using Cisco Meraki, you will need to navigate to your Meraki Dashboard and then complete the following:

  1. Hover over Network-wide in the left-hand panel, then click on General in the Configure section.
  2. Under the NetFlow section, set NetFlow collector to Enabled (if not already), then provide the following:
    1. NetFlow collector IP: IP Address of your opFlow server
    2. NetFlow collector port: Port that opFlow is listening on.
  3. Click Save.

More Details on Configuring your Cisco Router

For reference: http://www.cisco.com/en/US/docs/ios/12_3t/netflow/command/reference/nfl_a1gt_ps5207_TSD_Products_Command_Reference_Chapter.html#wp1160995

...

This is a very basic configuration.

On the interface you want to collect flow traffic from, add:

...

Code Block
ip flow ingress

...


ip flow egress

 

Now that you have an interface setup to gather

...

NetFlow information you have to tell the router to send it somewhere:

...

Code Block
ip flow-

...

# replace the ip address in the following line with your VM's ip address

...

export version 9
# replace the ip address in the following line with your VM's ip address
ip flow-export destination 192.168.0.10 12345

 

...

NetFlow traffic should now be sent to your

...

virtual machine.

By default

...

NetFlow will send information about flows after they are finished, if you would like to see information more often you can set the flow-cache timeout, in minutes, so this will send flow info every minute (see the docs for more details):


 
Code Block
ip flow-cache timeout active
1

 

opFlow will now be displaying your data!  Visit http://<vm_ip_address>/cgi-omk/opFlow.pl and take a look! (also make sure you have a license)

ps. Authentication info for Opmantek modules is the same as it is for NMIS, the default is:
username: nmis
password: nm1888 

...

 1