IPFIX formatting for SRX J-Flow
Understanding IPFIX formatting for SRX J-Flow functionality
IPFIX format is a J-Flow Version9 format used for exporting IP Flow packets out of sampling and monitoring functionality of a given system. IPFIX is also known as version 10 format of export IP Flow sampling information.
Use of IPFIX allows you to define a flow record template suitable for IPv4 traffic or IPv6 traffic. Templates are transmitted to the collector periodically, and the collector does not affect the router configuration. You can define template refresh rate, flow active timeout, and inactive timeout.
If flow records are being sent for multiple protocol families (for example, for IPv4 and IPv6), each protocol family flow has a unique Observation Domain ID. The following sections contain additional information.
Starting in Junos OS Release 19.4R1, IPFIX formatting is supported in existing SRX J-Flow functionality to export J-Flow records. Existing J-Flow V9 supports two types of templates for IPv4 and IPv6 Flow data exports. IPFIX supports the same template data for IPv4 and IPv6.
Currently, SRX supports to configure one template at a time for a given inet family (inet and inet6) because there is only one template per J-Flow service instance to select base on type (IPv4 or IPv6) and there is only one service instance supported on SRX. Due to this, the same thing holds true for IPFIX format version. Therefore, while configuring IPFIX formatting, use one template per family.
IPFIX Protocol: An IPFIX Message consists of a Message Header, followed by zero or more Sets. The Sets can be of three possible types: Template Set, Options Template Set, and Data Set.
Set: A Set is a collection of records that have a similar structure, prefixed by a header. In an IPFIX Message, zero or more Sets follow the Message Header. There are three different types of Sets: Template Sets, Options Template Sets, and Data Sets.
Template Set: A Template Set is a collection of one or more Template Records that have been grouped together in an IPFIX Message.
Options Template Set: An Options Template Set is a collection of one or more Options Template Records that have been grouped together in an IPFIX Message.
Data Set: A Data Set is one or more Data Records, of the same type, that are grouped together in an IPFIX Message. Each Data Record is previously defined by a Template Record or an Options Template Record.
IPv4/IPv6 Template Fields: IPv4/IPv6 IPFIX templates are being populated with the following fields. Note that there are no changes in type and number of fields exported compared with V9 for these templates. Flow selector fields identify specific Flow (which is same as V9) that is unique to create a Flow in Flow database. This Flow information will be key to identify a particular Flow record in SRX and is used to for reporting purposes at data collector.
Table 1: IPFIX Flow Fields for Flow identification
Template Field | IPv4 Template | IPv6 Template | ||||
Name | Length (bytes) | E-bit | RFC ID | Length (bytes) | E-bit | RFC ID |
Source IP | 4 | 0 | 8 | 16 | 0 | 27 |
Destination IP | 4 | 0 | 12 | 16 | 0 | 28 |
Source Port | 2 | 0 | 7 | 2 | 0 | 7 |
Destination Port | 2 | 0 | 11 | 2 | 0 | 11 |
Protocol | 1 | 0 | 4 | 1 | 0 | 4 |
TOS | 1 | 0 | 5 | 1 | 0 | 5 |
IIF | 4 | 0 | 10 | 4 | 0 | 10 |
ICMP type and code | 2 | 0 | 32 | 2 | 0 | 32 |
Example: Configuring IPFIX Flow Templates and Flow Sampling
This example shows the IPFIX template configuration and flow sampling.
Requirements
This example uses the following hardware and software components:
Any SRX Series high-end device and SRX4100, SRX4200, SRX4600, vSRX2.0, and vSRX3.0.
Junos OS Release 19.4R1
Before you begin:
Read ”Understanding IPFIX formatting for existing SRX J-Flow functionality”
Overview
In this example, you configure the IPFIX Templates and IPFIX Flow Server.
Configuration
Configuring IPFIX Templates
CLI Quick Configuration
To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure interface, static route, security zone, and address book information:
- Configure flow-monitoring services.[edit]set services flow-monitoring version-ipfix template ipfix-ipv4 flow-active-timeout 60set services flow-monitoring version-ipfix template ipfix-ipv4 flow-inactive-timeout 60set services flow-monitoring version-ipfix template ipfix-ipv4 template-refresh-rate packets 1000set services flow-monitoring version-ipfix template ipfix-ipv4 template-refresh-rate seconds 30set services flow-monitoring version-ipfix template ipfix-ipv4 option-refresh-rate packets 500set services flow-monitoring version-ipfix template ipfix-ipv4 option-refresh-rate seconds 60
- Configure IPFIX template instances.[edit]set services flow-monitoring version-ipfix template ipfix-ipv4 ipv4-template
Results
From configuration mode, confirm your configuration by entering the show services command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
If you are done configuring the device, enter commit from configuration mode.
The IPv6 IPFIX configuration is exactly similar. For IPv6, specify ‘ipv6-template’ keyword.
Configuring IPFIX Flow Server
CLI Quick Configuration
To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
- Configure sampling under forwarding options.[edit]set forwarding-options sampling instance instance1 input rate 2set forwarding-options sampling instance instance1 input run-length 5set forwarding-options sampling instance instance1 family inet output flow-server 2.2.2.2 port 2223set forwarding-options sampling instance instance1 family inet output flow-server 2.2.2.2 version-ipfix template ipfix-ipv4
- Configure inline-jflow source-address.[edit]set forwarding-options sampling instance instance1 family inet output inline-jflow source-address 1.1.1.2
- Configure flow server.[edit]set forwarding-options sampling instance instance1 family inet output inline-jflow flow-export-rate <flow-export-rate>
Results
From configuration mode, confirm your configuration by entering the show forwarding-options command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
If you are done configuring the device, enter commit from configuration mode.
The IPv6 IPFIX configuration is exactly similar. For IPv6, specify ‘ipv6-template’ keyword.
Verification
To confirm that the configuration is working properly, perform these tasks:
Verifying inline-jflow status
Purpose
Verify the inline-jflow status.
Action
From operational mode, enter the show services accounting status inline-jflow [fpc <slot>] command
user@host> show services accounting status inline-jflow
[fpc <slot>]Status information FPC Slot: 0 IPV4 export format: Version-IPFIX, IPV6 export format: Version-IPFIX BRIDGE export format: Not set, MPLS export format: Not set IPv4 Route Record Count: 16, IPv6 Route Record Count: 3, MPLS Route Record Count: 0 Route Record Count: 19, AS Record Count: 1 Route-Records Set: Yes, Config Set: Yes Service Status: PFE-0: Steady Using Extended Flow Memory?: PFE-0: No Flex Flow Sizing ENABLED?: PFE-0: No IPv4 MAX FLOW Count: 0, IPv6 MAX FLOW Count: 0 BRIDGE MAX FLOW Count: 0, MPLS MAX FLOW Count: 0
Meaning
Displays status information of IPv4 and IPv6 format.
Verifying inline-jflow error information
Purpose
Verify the inline-jflow error information.
Action
From operational mode, enter the show services accounting errors inline-jflow [fpc <slot>] command
user@host> show services accounting errors inline-jflow
[fpc <slot>]Error information FPC Slot: 0 Flow Creation Failures: 0 Route Record Lookup Failures: 0, AS Lookup Failures: 0 Export Packet Failures: 0 Memory Overload: No, Memory Alloc Fail Count: 0 IPv4: IPv4 Flow Creation Failures: 0 IPv4 Route Record Lookup Failures: 0, IPv4 AS Lookup Failures: 0 IPv4 Export Packet Failures: 0
Meaning
Displays the error information.
Verifying inline-jflow statistics
Purpose
Verify the inline-jflow statistics.
Action
From operational mode, enter the show services accounting flow inline-jflow [fpc <slot>] command
user@host> show services accounting flow inline-jflow
[fpc <slot>]Flow information FPC Slot: 0 Flow Packets: 0, Flow Bytes: 0 Active Flows: 0, Total Flows: 0 Flows Exported: 0, Flow Packets Exported: 2139 Flows Inactive Timed Out: 0, Flows Active Timed Out: 0 Total Flow Insert Count: 0 IPv4 Flows: IPv4 Flow Packets: 0, IPv4 Flow Bytes: 0 IPv4 Active Flows: 0, IPv4 Total Flows: 0 IPv4 Flows Exported: 0, IPv4 Flow Packets exported: 1921 IPv4 Flows Inactive Timed Out: 0, IPv4 Flows Active Timed Out: 0 IPv4 Flow Insert Count: 0 IPv6 Flows: IPv6 Flow Packets: 0, IPv6 Flow Bytes: 0 IPv6 Active Flows: 0, IPv6 Total Flows: 0 IPv6 Flows Exported: 0, IPv6 Flow Packets Exported: 218 IPv6 Flows Inactive Timed Out: 0, IPv6 Flows Active Timed Out: 0 IPv6 Flow Insert Count: 0
Meaning
Displays the flow information of IPv4 and IPv6.