Flow keys define what data in the packet header identifies a unique flow to the hardware. On each port, there is a flow key for IPv4, IPv6, and non-IP traffic type data. Following are the flow keys together with the size of the field:
By default, IPFIX uses all the above listed flow keys and all bits. You can override this on a global basis and specify exactly which keys to use. The template that specifies the structure of the information that is communicated from the exporter to the collector will then contain only those specified keys.
To specify the flow keys to use for each of the three traffic types, use the following commands:
configure ip-fix flow-key ipv4 {src-ip} {src-port} {dest-ip} {dest-port} {protocol} {tos}
configure ip-fix flow-key ipv6 {src-ip} {src-port} {dest-ip} {dest-port} {next-hdr} {tos} {flow-label}
configure ip-fix flow-key nonip {src-mac} {dest-mac} {ethertype} {vlan-id} {priority} {tagged}
To reset to the all keys default, use the following command:
unconfigure ip-fix flow-key
You can then define masks for the IPv4 and IPv6 source and destination address fields on a per port basis.
Use the following commands: configure ip-fix ports port_list flow-key [ipv6|ipv4] mask [source | destination] ipaddress value
You can use the flow keys and masks to minimize the information sent to the collector and aggregate certain types of flows.
A common use of the non-default values may be to see all traffic from a user only instead of each individual flow. For example, in the case of IPv4:
configure ip-fix flow-key ipv4 src-ip dest-ip
Then, by configuring the mask on a port, the aggregation could be further restricted to meter only individual subnets.
For example, with a 255.255.255.0 mask:
configure ip-fix ports 3:1 flow-key ipv4 mask source ipaddress 255.255.255.0
configure ip-fix ports 3:1 flow-key ipv4 mask destination ipaddress 255.255.255.0
To unconfigure the masks, use the following command:
unconfigure ip-fix ports port_list flow-key mask