EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Configuring Cflowd Traffic Monitoring

Configuring Cflowd Traffic Monitoring

Posted on Jan 27, 2020 (0)

Configuring Cflowd Traffic Monitoring

By using basic component of Centralized data policy, Cflowd traffic flow monitoring can be configured. By using Cflowd template option, including location of Cflowd collector and actions in data policy Cflowd monitoring can be enabled.

Cflowd Routing Policy CLI Configuration Procedure

Create the list of Network Sites to which Cflowd policy is to be applied.

vSmart(config)# policy
vSmart(config-policy)# lists site-list list-name
vSmart(config-lists-list-name)#& site-id site-id

Create the List of VPN, for which Cflowd policy is to be configured.

vSmart(config)# policy lists
vSmart(config-lists)# vpn-list list-name
vSmart(config-lists-list-name)# vpn vpn-id

Create lists of IP prefixes

vSmart(config)# policy lists
vSmart(config-lists)# prefix-list list-name
vSmart(config-lists-list-name)# ip-prefix prefix/length

Configure Cflowd template, its parameters, collector location , flow export timers, and sampling intervals.

vSmart(config)# policy cflowd-template template-name
vSmart(config-cflowd-template-template-name)# collector vpn vpn-id address ip-address port port-number transport-type (transport_tcp | transport_udp) source-interface interface-name
vSmart(config-cflowd-template-template-name)# flow-active-timeout seconds
vSmart(config-cflowd-template-template-name)# flow-inactive-timeout seconds
vSmart(config-cflowd-template-template-name)# flow-sampling-interval number
vSmart(config-cflowd-template-template-name)# template-refresh seconds

  • By default active flow data is exported to collector every 600 sec.
  • A data set for a flow to which no traffic is flowing is sent every 60 sec.

If you configure a logging action, configure how often to log packets to the syslog files:

vEdge(config)# policy log-frequency number

Create a data policy instance and associate it with a list of VPNs:

vSmart(config)# policy data-policy policy-name
vSmart(config-data-policy-policy-name)# vpn-list list-name

Create a sequence to contain a single match–action pair:

vSmart(config-vpn-list-list-name)# sequence number
vSmart(config-sequence-number)#

Define match parameters for the data packets:

vSmart(config-sequence-number)# match parameters

In the action, enable cflowd:

vSmart(config-sequence-number)# action Cflowd

In the action, count or log data packets:

vSmart(config-sequence-number)# action count counter-name
vSmart(config-sequence-number)# action log

if a route has no match in any sequence that it is rejected and but for nonmatching prefixes to be accepted , configure default action policy

vSmart(config-policy-name)# default-action accept

Apply the policy and the cflowd template to one or more sites in the overlay network:

vSmart(config)# apply-policy site-list list-name data-policy policy-name
vSmart(config)# apply-policy site-list list-name cflowd-template template-name

Enable Cflowd Visibility on vEdge Routers

It is also possible to enable Cflowd visibility directly on vEdge router , without configuring data policy. With this option traffic monitoring can be done from all VPN to in the LAN.

vEdge(config)# policy flow-visibility

Cflowd Traffic Flow Monitoring Example:

Let configure a data policy to monitor all TCP traffic sending to single collector, on vSmart Controller.

Create a cflowd template to define the location of the collector and to modify cflowd timers:

vSmart(config)# policy cflowd-template dclessons-cflowd-template
vSmart(config-cflowd-template-test-cflowd-template)# collector vpn 1 address
10.10.10.10 port 13322 transport transport_udp
vSmart(config-cflowd-template-test-cflowd-template)# flow-inactive-timeout 60
vSmart(config-cflowd-template-test-cflowd-template)# template-refresh 90

Create a list of VPNs whose traffic you want to monitor:

vSmart(config)# policy lists vpn-list dclessons_vpn_1 vpn 1

Create a list of sites to apply the data policy to:

vSmart(config)# policy lists site-list dclessons-cflowd-sites site-id 10,20,30

Configure the data policy itself:

vSmart(config)# policy data-policy dclessons-cflowd-policy
vSmart(config-data-policy-test-cflowd-policy)# vpn-list dclessons_vpn_1
vSmart(config-vpn-list-vpn_1)# sequence 1
vSmart(config-sequence-1)# match protocol 6
vSmart(config-match)# exit
vSmart(config-sequence-1)# action accept cflowd
vSmart(config-action)# exit
vSmart(config-sequence-1)# exit
vSmart(config-vpn-list-vpn_1)# default-action accept

Apply the policy and the cflowd template to sites in the overlay network:

vSmart(config)# apply-policy site-list dclessons-cflowd-sites data-policy dclessons-cflowd-policy
vSmart(config-site-list-cflowd-sites)# cflowd-template dclessons-cflowd-template

Activate the data policy:

vSmart(config-site-list-cflowd-sites)# validate
Validation complete
vSmart(config-site-list-cflowd-sites)# commit
Commit complete.
vSmart(config-site-list-cflowd-sites)# exit configuration-mode
vSmart#

Full Configuration:

vSmart(config)# show configuration
apply-policy
site-list dclessons-cflowd-sites
data-policy dclessons--cflowd-policy
cflowd-template dclessons-cflowd-template
!
!
policy
data-policy dclessons-cflowd-policy
vpn-list dclessons_vpn_1
sequence 1
match
protocol 6
!
action accept
cflowd
!
!
default-action accept
!
!
cflowd-template dclessons-cflowd-template
flow-inactive-timeout 60
template-refresh 90
collector vpn 1 address 10.10.10.10 port 13322 transport transport_udp
!
lists
vpn-list dclessons_vpn_1
vpn 1
!
site-list dclessons-cflowd-sites
site-id 10,20,30
!
!
!

Verification:

To see the Cflowd policy template vEdge that vSmart controller has pushed once policy is activated.

To quickly get a count of the number of flows:

To display the flow statistics:

Below command will show information about Cflowd collector and its template information sent to collector.


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.