IPFIX
The IP Flow Information Export (IPFIX) protocol is a vendor-neutral standard for transmitting traffic flow information. See Flow Support for details on flow support in Meridian.
IPFIX UDP Parser
The IPFIX UDP parser accepts packets received by a UDP listener and must forward them to an IPFIX adapter.
The IPFIX UDP parser supports protocol detection.
Configuration and use
Parameter | Description | Default |
---|---|---|
templateTimeout |
Templates must be redeclared in the given duration or they will be dropped. |
30 minutes |
maxClockSkew |
The maximum delta in seconds between exporter and Minion timestamps. |
0 |
clockSkewEventRate |
Used to rate-limit clock skew events in seconds. |
3600 |
dnsLookupsEnabled |
Used to enable or disable DNS resolution for flows. |
true |
sequenceNumberPatience |
A value > 1 enables checking for sequence number completeness. The value gives the size of the history buffer allowing flows to be processed out of order. |
32 |
flowActiveTimeoutFallback |
Fallback value for active flow timeout, if value is not included in exported flows. |
none |
flowInactiveTimeoutFallback |
Fallback value for inactive flow timeout, if value is not included in exported flows. |
none |
flowSamplingIntervalFallback |
Fallback value for sampling interval, if value is not included in exported flows. |
none |
IPFIX TCP Parser
The IPFIX TCP parser accepts packets received by a TCP Listener and must forward them to an IPFIX adapter.
Configure IPFIX listener on a Minion
To enable and configure a TCP Listener for IPFIX on Minion, connect to the Karaf Console and set the following properties:
$ ssh -p 8201 admin@localhost
...
admin@minion()> config:edit --alias tcp-50000 --factory org.opennms.features.telemetry.listeners
admin@minion()> config:property-set name IPFIX
admin@minion()> config:property-set class-name org.opennms.netmgt.telemetry.listeners.TcpListener
admin@minion()> config:property-set parameters.port 50000
admin@minion()> config:property-set parsers.0.name IPFIX
admin@minion()> config:property-set parsers.0.class-name org.opennms.netmgt.telemetry.protocols.netflow.parser.IpfixParser
admin@minion()> config:update
The protocol must also be enabled on Meridian for the messages to be processed. If you do not specify the queue name, the fallback is the name of the parser. |
IPFIX adapter
The IPFIX adapter handles IPFIX telemetry data received and parsed by either the IPFIX UDP parser or IPFIX TCP parser. Received flows are decoded from the messages into the canonical flow format and published to the flow repository.
Configuration and use
Parameter | Description | Default |
---|---|---|
templateTimeout |
Templates must be redeclared in the given duration or they will be dropped. |
30 minutes |
maxClockSkew |
The maximum delta in seconds between exporter and Minion timestamps. |
0 |
clockSkewEventRate |
Rate-limit clock skew events in seconds. |
3600 |
dnsLookupsEnabled |
Enable or disable DNS resolution for flows. |
true |
The parameter maxClockSkew in your parser definition enables clock skew detection for exporters.
It specifies the maximum delta in seconds between exporter and Minion timestamps.
If exceeded, an alarm will be generated for the exporting device.
The default value is 0, so clock skew detection is disabled.
Furthermore, you can use a parameter clockSkewEventRate to rate limit clock skew events.
The default is 3600 seconds, so every hour an event will be sent.
|