Configuring IPFIX

  • Published on May 19, 2025
  • 3 minute(s) read
  • K
  • KD
 Prev Next

What is IPFIX?

IPFIX is a protocol used to export IP flow information from a router.  The flow records provide information about traffic flowing through the router, such as the source and destination of the traffic as well the amount of traffic sent and received by that flow.

This data is exported from routers to IPFIX collectors which store this data for further network and security analysis.

IPFIX in the Graphiant Portal

From within the Graphiant Portal, you will be able to configure IPFIX collectors.  The Graphiant Edge will then export IPFIX records for the chosen LAN segments to the configured collectors.  The Edge supports exporting to multiple collectors allowing you to send multiple copies of the IPFIX records, for redundancy, or distributing the load across different collectors.

Step 1: Locating IPFIX in the Graphiant Portal

From the Home screen, navigate to the Edge Configuration screen by one of the following:

  • Locate the "Configurations" section within the top left of the screen;  select 'Configure Edges'.

or

  • Click 'Configure' in the sidebar;  select 'Edge Devices'.

This will take you to the ‘Configuration’ page of the Graphiant Portal where you can view all active, staged, and deactivated Edges.  From here you will be able to select among the active Edges which Edge(s) you would like to configure.

On the right hand side, select and click ‘Configure’ in tandem with the Edge you wish to manage.

This will take you onto a Configuration page with a focus on the Edge you have just chosen.

Here you will see a list of headers along the lefthand side of the page, such as ‘Configure Network’, ‘Configure Services’, ‘Configure Policies’, etc.

From here, select and click ‘Configure Services’, and from the dropdown menu select and click ‘Edge Services’.

This will bring you to the 'Syslog' page in the Edge Services section.  On this page click on the ‘IPFIX’ tab

Step 2: Setting Up IPFIX in the Graphiant Portal

Select and click the (+) plus icon on the righthand side of the page.

The page will propagate various fields of required information for configuring an IPFIX Collector.

Below are descriptors for each of the fields required in order to configure an IPFIX collector:

(An * indicates a required field.)

  • Name*:  User defined name to use for the IPFIX collector

  • LAN Segment*:  The LAN Segment in which the IPFIX collector is reachable

  • Host/IP Address*:  The IP address of the IPFIX collector

  • Port*:  The port that the collector is listening on;  defaults to 4739

  • Monitored LAN Segments*:  LAN segments for which IPFIX records should be sent to the collector;  these segments do not need to match the LAN Segment specified above.

  • Interface*:  The interface which should be used to connect to the IPFIX collector

Sampling Mode:

  • "Off":  If no sampling is desired;  this is the default setting.

  • "Random": Enter the size of the desired sampling window;  1 packet will be sampled in each sampling window, in varying positions each instance.

In this example, 1 packet in every window of 1,000 packets will be sampled.  The packet sampled will be in a different position each time.

  • "Deterministic": Enter the desired value "X" for a set sampling:  every Xth packet will be sampled.

In this example, every 1,000th packet will be sampled.

Warning:

Any IPFIX Collector attached to an Edge must match the sampling configuration of any other IPFIX Collector attached to that Edge.

Step 3: Review & Apply

Once all required fields are filled in, the selected Edge will be ready to begin exporting IPFIX records, however you will first need to review and apply all changes made.

On the top right hand corner, choose from the following options:

  • Discard’ to discard changes made

  • Save as Draft’ to save changes made to be implemented at a later time

  • Review’ to review and apply changes made for immediate deployment

Related articles