Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Understanding IPFIX formatting for SRX J-Flow functionality

 

IPFIX format is a J-Flow Version9 format used for exporting IP Flow packets out of sampling and monitoring functionality of a given system. IPFIX is also known as version 10 format of export IP Flow sampling information.

Use of IPFIX allows you to define a flow record template suitable for IPv4 traffic or IPv6 traffic. Templates are transmitted to the collector periodically, and the collector does not affect the router configuration. You can define template refresh rate, flow active timeout, and inactive timeout.

If flow records are being sent for multiple protocol families (for example, for IPv4 and IPv6), each protocol family flow has a unique Observation Domain ID. The following sections contain additional information.

Starting in Junos OS Release 19.4R1, IPFIX formatting is supported in existing SRX J-Flow functionality to export J-Flow records. Existing J-Flow V9 supports two types of templates for IPv4 and IPv6 Flow data exports. IPFIX supports the same template data for IPv4 and IPv6.

Currently, SRX supports to configure one template at a time for a given inet family (inet and inet6) because there is only one template per J-Flow service instance to select base on type (IPv4 or IPv6) and there is only one service instance supported on SRX. Due to this, the same thing holds true for IPFIX format version. Therefore, while configuring IPFIX formatting, use one template per family.

IPFIX Protocol: An IPFIX Message consists of a Message Header, followed by zero or more Sets. The Sets can be of three possible types: Template Set, Options Template Set, and Data Set.

Set: A Set is a collection of records that have a similar structure, prefixed by a header. In an IPFIX Message, zero or more Sets follow the Message Header. There are three different types of Sets: Template Sets, Options Template Sets, and Data Sets.

  • Template Set: A Template Set is a collection of one or more Template Records that have been grouped together in an IPFIX Message.

  • Options Template Set: An Options Template Set is a collection of one or more Options Template Records that have been grouped together in an IPFIX Message.

  • Data Set: A Data Set is one or more Data Records, of the same type, that are grouped together in an IPFIX Message. Each Data Record is previously defined by a Template Record or an Options Template Record.

IPv4/IPv6 Template Fields: IPv4/IPv6 IPFIX templates are being populated with the following fields. Note that there are no changes in type and number of fields exported compared with V9 for these templates. Flow selector fields identify specific Flow (which is same as V9) that is unique to create a Flow in Flow database. This Flow information will be key to identify a particular Flow record in SRX and is used to for reporting purposes at data collector.

Table 1: IPFIX Flow Fields for Flow identification

Template Field

IPv4 Template

IPv6 Template

Name

Length (bytes)

E-bit

RFC ID

Length (bytes)

E-bit

RFC ID

Source IP

4

0

8

16

0

27

Destination IP

4

0

12

16

0

28

Source Port

2

0

7

2

0

7

Destination Port

2

0

11

2

0

11

Protocol

1

0

4

1

0

4

TOS

1

0

5

1

0

5

IIF

4

0

10

4

0

10

ICMP type and code

2

0

32

2

0

32