Internet Protocol Flow Information eXport (IPFIX) is an Internet Engineering Task Force (IETF) standard of export for Internet Protocol flow information.
IPFIX monitors flows that pass an observation point. The switch organizes flows into a flow group, which is contained in an observation domain.
Source IP address
Destination IP address
IP protocol
L4 source port
L4 destination port
A packet belongs to a flow if it completely satisfies all defined properties of the flow.
The switch logically organizes flows into a flow group, which corresponds to a single observation point. A flow can belong to only 1 flow group. A flow group is a collection of packet flows that meet match criteria. Examples of flow groups are packets ingressing a specific physical port, or packets with a destination IP address belonging to a specific subnet.
A flow group is contained in an observation domain. The switch assigns the flow group to an observation domain. The observation domain has a unique observation domain ID that you can configure. You can configure only 1 observation domain.
The IPFIX solution consists of the following processes:
Filtering Rules process: The Filtering Rules process gathers information about flows through different ports, or the observation point. Flow information includes the following:
The IPv4 source address.
The IPv4 destination address.
The L4 source port.
The L4 destination port.
The transport protocol.
The total number of incoming packets for this flow at the observation point since the metering process (re-)initialization for this observation point.
The total number of octets in incoming packets for this flow at the observation point since the metering process (re-)initialization for this observation point.
The absolute timestamp of the first packet of this flow.
The absolute timestamp of the last packet of this flow.
The Filtering Rules process runs on the switch.
Exporting process: The Filtering Rules process sends information to the Exporting process. The Exporting process uses the UDP transport protocol for network communication with the Collecting process.
The Exporting process runs on the switch.
Collecting process: You can view flows and export flow information periodically to a collector. A collector can store a large number of flow records from several devices in the network. The IPFIX standard specifies the protocol for exporting the flows to a collector, including the formatting of flow records and the underlying UDP transport protocol.
Use the collected information for network planning, troubleshooting a live network, and monitoring security threats.
The best practice is to use the ExtremeAnalytics™ solution as the collector. The ExtremeAnalytics™ solution provides an enhanced method of collecting IPFIX flow information.
The external collector for the IPFIX solution must support our IPFIX template, which contains the following element IDs defined by Internet Assigned Numbers Authority (IANA) IPFIX assignments.
Element ID |
Name |
Description |
---|---|---|
0 |
unknown |
Reserved |
4 |
protocolIdentifier |
The value of the protocol number in the IP packet header. |
7 |
sourceTransportPort​ |
The source port identifier in the transport header. |
8 |
sourceIPv4Address |
The IPv4 source address in the IP packet header. |
11 |
destinationTransportPort​ |
The destination port identifier in the transport header. |
12 |
destinationIPv4Address |
The IPv4 destination address in the IP packet header. |
85 |
octetTotalCount |
The total number of octets in incoming packets for this flow at the observation point since the metering process (re-)initialization for this observation point. |
86 |
packetTotalCount​ |
The total number of incoming packets for this flow at the observation point since the metering process (re-)initialization for this observation point. |
145 |
templateId |
The local template unique to the observation domain. |
156 |
flowStartNanoseconds |
The absolute timestamp of the last packet of this flow. |
157 |
flowEndNanoseconds |
The absolute timestamp of the last packet of this flow. |
192 |
ipTTL |
The value of the time-to-live (TTL) field in the IPv4 packet header. |
234 |
ingressVRFID |
The VRF name that receives packets for this flow. |
243 |
dot1qVlanId |
The VLAN ID in the Tag Control information of an Ethernet frame. |
IPFIX is a push protocol. The Filtering Rules and Exporting processes periodically send IPFIX messages to configured receivers without interaction from the Collecting process.
IPFIX collects IPv4 flow information on the switch and conforms with the following:
IPFIX supports only 1 collector.
IPFIX learns only IPv4 flows.
IPFIX sends and receives only TCP/UDP flows.
IPFIX uses only UDP to export packets.
You can configure only the template exporting timer.
The Out-of-Band (OOB) port does not support IPFIX.
IPFIX exports TCP/UDP IPv4 flows on IS-IS interfaces that are members of a VLAN. IPFIX does not capture Mac-In-Mac encapsulated flows on IS-IS interfaces.
IPFIX processes IPv4 UDP or TCP Mac-in-Mac packet flows that are terminated by the switch. IPFIX does not process Mac-in-Mac packet flows that are only traversing the switch (Layer 2 switching).
Layer 3 Virtual Services Network (L3 VSN) flow packets on NNI ports are not learned by IPFIX.
The switch supports only ingress sampling. The switch does not support egress sampling.
IPFIX is supported on Segmented Management Instance interfaces VLAN and CLIP. Segmented Management Instance interface OOB is not supported.
When you use Segmented Management Instance VLAN interface IP address as the source IP, IPFIX can function in Layer 2 only environments.
You must use Segmented Management Instance CLIP to access VRFs and Layer 3 VSNs.
IPFIX supports user created VRFs when you configure a Segmented Management Instance CLIP interface as the source IP.
You can use the onboarding VLAN to manage the switch and enable IPFIX without any additional management or routing interface configuration.