What is IPFIX?
IPFIX is a protocol used to export IP flow information from a router. The flow records provides detailed information about traffic flowing through the router, such as the source and destination of the traffic as well the amount of traffic sent and received by that flow. This data is exported from routers to IPFIX collectors which store this data for further network and security analysis.
The collection and analysis of the flow data assists in a wide range of uses, i.e.: monitoring bandwidth, tracking threats to network security, and logging usage amounts.
Note:
A Graphiant Edge can have up to two IPFIX collectors attached.
Locating System Objects IPFIX Collector in the Graphiant Portal
From the Home screen, navigate to the System Objects screen by one of the following:
Locate the "Configurations" section within the top left of the screen; select 'Create System Object'.
or
Click 'Configure' in the sidebar; select 'System Objects'.
This will bring up the IPFIX table, with the following fields:
Object Name: The assigned name of the IPFIX Collector
Sites: Number of Sites to which the IPFIX Collector is attached
Attached Devices: Number of Edges to which the IPFIX Collector is attached
In Sync: Number of Edges which are successfully pulling down their SIPFIX Collector configuration from the Site.
Override: Number of Edges in Override Status (see here for details on Override status)
Failures: Number of Edges in Failure Status (see here for details on Failure status)
Creating an IPFIX Collector in System Objects
To create a System Objects IPFIX Collector, navigate to the IPFIX table from within System Objects.
Click 'Create IPFIX Collector' in the upper right corner.
Complete the following fields (an * denotes a required field):
Name*: User defined name to use for the IPFIX collector.
LAN Segment*: The LAN Segment in which the IPFIX collector is reachable
Interface*: The interface which should be used to connect to the IPFIX collector
Host/IP Address*: The IP address of the IPFIX collector
Port*: The port that the collector is listening on; defaults to 4739
Monitored LAN Segment*: LAN segment for which IPFIX records should be sent to the collector; this segments does not need to match the LAN Segment specified above.
Sampling Mode:
"Off": If no sampling is desired; this is the default setting.
"Random": Enter the size of the desired sampling window; 1 packet will be sampled in each sampling window, in varying positions each instance.
In this example, 1 packet in every window of 1,000 packets will be sampled. The packet sampled will be in a different position each time.
"Deterministic": Enter the desired value "X" for a set sampling: every Xth packet will be sampled.
In this example, every 1,000th packet will be sampled.
Note:
Any IPFIX Collector attached to a Site must match the sampling configuration of any other IPFIX Collector attached to that Site.
The same is true for an Edge: any IPFIX Collector attached to an Edge must match the sampling configuration of any other IPFIX Collector attached to that Edge.
Click 'Create'.
The new IPFIX Collector will now appear in the IPFIX table.
Attaching an IPFIX Collector to a Site
For a System Object IPFIX Collector to be utilized by any Edges, it must be attached to a Site.
To attach an IPFIX Collector to a Site, click 'Configure' from the left sidebar from anywhere in the Portal; select 'Site Management'.
Click the 3 dots to the right of the Site to which the IPFIX Collector will be attached; select 'Edit'.
Click 'Site Services' under 'Summary'; select 'System Services'.
Click the 'IPFIX' tab at the top.
Click the (+) in 'System Objects'.
Select the desired IPFIX Collector from the drop-down.
The configuration of the IPFIX Collector will be displayed.
Review & Apply.
This will bring up the "Configuration Versions" screen for the Edge.
To see the exact changes that will be made in the configuration, click the 'IPFIX Collector' drop-down.
The configuration changes to be made once applied are shown here.
Click 'Apply'.
A 'Device Config Table' table will appear with the status of the Edge(s) on that Site being "Config Push Queued".
When the configuration from the Site to the Edge(s) is complete, the status of the Edge(s) will be "In Sync".
Note:
If any other System Service (Syslog, SNMP) is in override for that Edge, the status will read as "Override". (Click here for Configuration Status information.)
From the 'Site Services'; 'System Services' menu under the Summary on the left, then navigating to the 'IPFIX' tab, the IPFIX Collector will appear in the Site and its configuration will be visible.
Configuration Status from the Site to the Graphiant Edge
The 'Status' field of each Edge in a Site can be reported in the following terms:
"In Sync": The Edge configuration is synced with the Site configuration; the Edge is doing exactly what the Site is telling it to do.
"Override": The Edge configuration is not synced with the Site configuration; this will be the status if you are overriding the Site to perform necessary changes directly on the Edge.
"Failure": The Site configuration failed when it attempted to push its configuration to the Edge.
If an IPFIX Collector attachment results in "Failure" Status
Locating the Failure Status Error Message
The failure status error message can be found in 3 locations within the Graphiant Portal, for ease of discovery wherever you are within the Portal.
#1: Site Management Summary Screen
Should a Site attachment attempt result in a status of "Failure", the reason for the failure can be immediately seen under the “Device Config Status” by clicking the 3 dots to the right of the Edge, and selecting 'View Details'.
This will bring up a modal of details for the Edge.
The "Error Message" under the Failure Status will explain the reason for the failure.
'View Configuration' will bring up the Edge configuration, if desired.
#2: Site Management IPFIX Screen
Within the Site Management area of the Portal, click 'Site Services'; select 'System Services'; choose the 'IPFIX' tab at the top.
Click 'View Details' to the right of the "Failure" status.
This will bring up a modal of details for the Edge.
The "Error Message" under the Failure Status will explain the reason for the failure.
'View Configuration' will bring up the Edge configuration, if desired.
#3: Edge Configuration IPFIX Screen
Within the Edge Configuration area of the Portal, click 'Configure Services; select 'Edge Services'; choose the 'IPFIX' tab at the top.
Click 'View Failure Details' within the warning message; the same modal will appear as above.
This will bring up a modal of details for the Edge.
The "Error Message" under the Failure Status will explain the reason for the failure.
'View Configuration' will bring up the Edge configuration, if desired.
Correcting the IPFIX Attachment Failure
To correct the error that resulted in the IPFIX attachment error, navigate to the Site Management Summary screen for IPFIX.
Correcting an IPFIX Attachment Failure via Selecting a New IPFIX Collector
In the System Objects IPFIX screen, select a different IPFIX Collector from the dropdown of previously created IPFIX Collectors.
Note:
Take care to select an IPFIX Collector that will meet the requirements and eliminate the error message.
When the different IPFIX Collector is selected, click 'Review' and 'Apply.
Correcting an IPFIX Attachment Failure via Creating a New IPFIX Collector
If no previously created IPFIX Collectors will have the desired configuration, a new IPFIX Collector can be created.
To create a new IPFIX Collector, navigate to the IPFIX table from within System Objects.
Click 'Create IPFIX Collector' in the upper right corner.
Create the new IPFIX Collector as previously described here.
Note:
Take care to create an IPFIX Collector that will meet the requirements and eliminate the error message.
Overriding the Site IPFIX Configuration for an Edge
If there is a need to change the IPFIX configuration directly on an Edge (i.e. for troubleshooting purposes), the subscription to the Site's configuration must be paused. This effectively breaks the connection between the Edge and the IPFIX Collector, as all System Objects flow through the Site configuration to the Edge.
In Override status, the Edge is out of "read-only" mode for System Objects, and all fields are then able to be edited. Any desired changes are now able to be made to the Edge locally.
Locating the Override Switch
To override the configuration, go to 'Configuring Edges' either by clicking the button in the top center, or by clicking 'Configure' in the left side menu, then selecting 'Edge Devices'.
Select the checkbox for the Edge to configure; click the 'Configure' button to the right of that Edge.
Click 'Configure Services' on the left; select 'Edge Services'.
Select the 'IPFIX' tab from across the top.
The IPFIX Collector will be shown here under "System Object".
The Override Switch will be at the top right of the System Object section.
Overriding the Site IPFIX Configuration for an Edge
To override the Edge IPFIX Configuration, from the Edge Services screen, click the 'Override' switch located at the top right of the System Object.
The 'Override' switch will show activated, and all of the fields will now be able to be edited.
Make the desired configuration changes; click 'Review'.
This will bring up the "Configuration Versions" screen for the Edge.
Next to “Edge Services” on the left will be warnings. One will indicate that the IPFIX Collector has been selected for Override, and any others will reflect the number of changes made within the configuration.
To see the exact changes that will be made in the configuration, click the 'IPFIX' drop-down.
The configuration changes to be made once applied are shown here.
Click 'Apply'.
The new configuration will be highlighted in gray, and show listed below as live.
Override Details and Status
On returning to the IPFIX Collector table, it will now show an alert under the 'Override' column, with the quantity of Edges that are in Override status for IPFIX.
The Site is no longer tracking if the Edge configuration is "In Sync" with the Site's configuration.
To see the Override details, click on the 3 dots to the right of the IPFIX Collector with the override; select 'View Details'.
This will bring up the Status screen for the Edges. The Edge that has been configured while in Override will read the Status of "Override".
Restoring an Edge from Override Configuration to Site Configuration
When the Edge is ready to go back under the Site configuration and out of Override Status, return to the IPFIX Configure Screen for the Edge, where the Override switch is located. (For help finding this screen, click here).
Click the 'Override' switch; hit 'Review'.
Note:
When Override is deselected, all fields edited in the Override are cleared, and automatically put back to Site configuration selections.
This will bring up the "Configuration Versions" screen for the Edge.
Next to 'Edge Services' on the left will be warnings. One will indicate that the IPFIX Collector has been deselected for Override, and any others will reflect the number of changes that will be automatically reverted within the configuration when it again pulls down from the Site configuration.
To see the exact changes that will be made in the configuration, click the 'IPFIX' drop-down.
The configuration changes to be made once applied are shown here.
Click 'Apply'.
The new configuration will be highlighted in gray, and show listed below as live.
On returning to the IPFIX Collector table, it will now show that the Edge is no longer included in "Override".
Note:
Any other Edges in that IPFIX Collector that are in Override will still be included in this column.
The IPFIX table will now show that Edge as "In Sync", as it is again getting it's configuration from the Site.
Cloning a System Objects IPFIX Collector
An IPFIX Collector can be cloned, for ease of creating a new IPFIX Collector that is mostly identical to a previously created IPFIX Collector, with just a few changes.
To clone an IPFIX Collector, navigate to the IPFIX Collector table.
Click the 3 dots to the right of the IPFIX Collector to be cloned; select 'Clone'.
This will open a Configure screen for a copy of the IPFIX Collector that was cloned.
'
Name: Edit this field so as to have distinction from the original IPFIX Collector.
Edit any desired fields that will differ from the original.
Click 'Create'.
The cloned IPFIX Collector will now appear in the IPFIX Collector table.
Detaching a System Objects IPFIX Collector from a Site
To detach an IPFIX Collector from a Site so that the Edges attached to that Site will no longer receive that IPFIX Collector configuration, navigate to the Site Management Summary screen for IPFIX.
Click 'Configure' from the left side menu from anywhere in the Portal; select 'Site Management'.
Click the 3 dots to the right of the Site from which the IPFIX Collector will be detached; select 'Edit'.
Click 'Site Services' under 'Summary'; select 'System Services'.
Click the 'IPFIX' tab at the top.
This page will show all of the IPFIX Collectors for the Site.
Locate the IPFIX Collector to be detached.
Locate the trash can icon at the bottom of the section of the IPFIX Collector to be detached.
Click the trash can icon.
The IPFIX Collector will now longer be listed under the System Objects in IPFIX.
'Review' & 'Apply'.
The IPFIX Collector will now be detached from the Site.
Any Edges attached to the Site will no longer show that IPFIX Collector in their configuration.
Deleting a System Objects IPFIX Collector
To delete an IPFIX Collector, navigate to the IPFIX Collector table.
Note:
An IPFIX Collector can only be deleted if it is has no mappings; it cannot be attached to any Sites, Edges, or have any other references to it within the network.
Click the 3 dots to the right of the IPFIX Collector to be deleted; select 'Delete'.
An IPFIX Collector with no Sites or Edges attached and not referenced anywhere in the network will have a successful 'Delete' action permitted.
If an IPFIX Collector still has Sites or Edges attached to it or is referenced elsewhere in the network, the 'Delete' selection will be grayed out and the Delete action will not be permitted.
A modal will appear with a confirmation to proceed with the IPFIX Collector deletion.
If the IPFIX Collector is confirmed to be deleted, click 'Confirm'.
The IPFIX Collector will be removed and no longer present in the IPFIX Collector Table.
