BradReese.Com Instant Quotes

Home About Repair Power Supplies Refurbished Blog Quick Links Site Map Contact Us

 
Brad Reese how to
Archive
  Help

Aironet

Power Supplies

VoIP Gateways

Cisco Repair

Refurbished Cisco

Cisco CPQRGs

New Cisco

New HP ProCurve

Cisco Tools

Competitive Lab Tests

Tech Forums

How-to Tutorials

CCIE Gossip

Blogroll

 
Archive of Brad's how to

Subscribe to Brad's how to

How-to configure a free NetFlow forwarder or NetFlow duplicator

Fri, 05/21/10 - 8:50pm    View how to tips and comments

Plixer InternationalMichael PattersonMichael Patterson - President and CEO of network performance measurement vendor - Plixer International, sent to me the following "how-to email" earlier this week:

Hi Brad,

I had a customer with some Enterasys switches contact me the other day with a problem. It seems that Enterasys N series switches will only forward NetFlow to one collector. This is a problem because the customer needed to get the NetFlow to two destinations.

What this customer needed was a NetFlow Forwarder or NetFlow Duplicator. Some even call it a NetFlow replicator.

The diagram below explains what he needed to configure:

Diagram

We installed a program called the Samplicator, below is a description of this program:

"This simple program listens for UDP datagrams on a network port, and sends copies of these datagrams on to a set of destinations. Optionally, it can perform sampling, i.e. rather than forwarding every packet, forward only 1 in N. Another option is that it can 'spoof' the IP source address, so that the copies appear to come from the original source, rather than the relay. Currently only supports IPv4."

Here is the process we went through to set it up.

Most Linux people are used to building from source. First perform the following:

Download the samplicator-1.3.6.tar.gz file from the site.

Download file

At this point the binary is in the system path and can be run from any directory.

Sudo

Learn more about sudo...

The options are as follows:

Samplicator

Specifying receivers:

A.B.C.D[%cport[%cfreq][%cttl]]...
where:

Samplicator

Config file format:

a.b.c.d[/e.f.g.h]: receiver...
where:

Samplicator

Note: Receivers specified on the command line will get all packets, those specified in the config-file will get only packets with a matching source.

I setup the Enterasys switch (10.1.1.253) to send Netflow to the Samplicator on port 2000. The Samplicator on my PC was configured to listen on port 2000 (which is the default) and to export to three NetFlow collectors (10.1.37.20, 10.1.15.211 and 10.1.7.18) which are all listening on port 2055. When a packet comes into 10.1.1.5 from 10.1.1.253, it spits out 3 packets, one for each collector (10.1.37.20, 10.1.15.211 and 10.1.7.18).

In summary, on the command line we typed in:

Samplicator

Remember, the "-f" runs the program in the background and it is optional. Anyway, we performed a Wireshark capture on port 2055 and saw that it was indeed samplicating while spoofing the source. Notice below that the switch (10.1.1.253) sent the NetFlow to the Samplicator (10.1.1.5) and the Samplicator forwarded the same packet onto 3 destinations without modifying the source IP address:

Samplicator

Each of the above 3 destinations was running Plixer's Scrutinizer NetFlow and sFlow Analyzer.

Scrutinizer NetFlow and sFlow Analyzer

It actually only took a few minutes to set this up. Since this will work on all types of UDP packets, this can be useful for SNMP Traps, Syslogs or Netflow. Some of you probably have questions on its performance. I haven't stressed tested it, but the load on the CPU was about 1%.

Anyway, this should work for forwarding IPFIX or NetFlow from Cisco routers, Cisco ASA devices, sFlow switches, etc.

Hopefully, you'll stress test it and let me know, Plixer's President and CEO, if it works, you can email me at: Michael Patterson.

Visit Brad's how to archive.


Don't be shy, what tips can you provide on NetFlow forwarder or NetFlow duplicator?

Contact Brad Reese

Subscribe to Brad's how to

Brad's how to picks

  1. Archive of Brad's how to
  2. How-to setup sampled Cisco NetFlow
  3. How to configure a Cisco Nexus 7000 to export NetFlow v9
  4. How to setup Cisco's Flexible NetFlow (FNF) with LEGO Blocks
  5. How to absolutely guarantee QoS with network traffic
  6. How-to configure Cisco Flexible NetFlow for NBAR exports
  7. How to reduce the high cost of T1 service
  8. How to setup Cisco IP SLA jitter monitors
  9. How to use NAT in overlapping networks
  10. How to redistribute routing protocols
  11. How to ensure that the optimal path is taken in a redundant network setup
  12. How to configure MPLS VPN over ATM using cell mode MPLS with BGP or RIPv2 on the customer site
  13. How to configure NAT
  14. How to configure HSRP on a Cisco router
  15. How to avoid fragmentation of MPLS packets over Fast Ethernet interfaces
  16. How to configure EIGRP variance to load balance traffic across unequal cost links
  17. How to configure MD5 authentication for BGP
  18. How to configure floating static routes for redundancy
  19. How to configure a GRE tunnel
  20. How to configure OSPF over a point-to-point link
 
blog comments powered by Disqus

Brad Reese music work ambience

Supplement Cisco SMARTnet Contracts

 

©2013 BradReese.Com - Home - About - Repair - Power Supplies - Refurbished - Blog - Quick Links - Site Map - Contact Us