How to configure Netsight as IPfix collector?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
Hello everyone,

I have a question concearning IPfix configuration on theNetsight. I'm currently working for a customer, who is using Netsight(ver. 7.0.6.27) to collect Netflow Traffic from Enterasys Switches, but is now planning to use Extremes Summit x460-G2 switcheswith out-of-band management. Since these switches can not use Netflow I decidedto configure IPfix instead. According to the following GTAC-Article Netsight should beable to handle IPfix:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-receive-Netflow-information-in-OneV...


After I have configured the switch I noticed that there isno flow traffic displayed in OneView (Analytics>Flows). With the "show port ipfix" command I verified,that flow data is actually collected on the Switch. On the Netsight I checked with the netstat- andtcpdump-command that udp port 2075 is open and that the Netsight receives theIPfix traffic from the switch.

Since this seems to be okay I think that I either have toconfigure Netsight as an IPfix collector or that I have to adjust thedashboard.

Can someone please help?

 

This would be my switches ipfix configuration:

#

# Module ipfix configuration.

#

enable ip-fix

configure ip-fix domain 1

configure ip-fix ip-address 10.233.23.250 protocol udpL4-port 2075 vr "VR-Mgmt"

configure ip-fix source ip-address 10.233.26.14 vr"VR-Mgmt"

configure ip-fix ports 1-47 ingress-and-egress

enable ip-fix ports 1-47 all_traffic



Thanks in advance.

Kind regards,

Michael Eisenschmid
Photo of Michael Eisenschmid

Michael Eisenschmid

  • 132 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,216 Points 2k badge 2x thumb
Hi Michael, you need to install the Extreme Analytics Application appliance and you nedd to send the ipfix traffic to this appliance.
Then you add the purview collector in the OneView configuration
(Edited)
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,036 Points 5k badge 2x thumb
Michael, 

There are two ways you can handle this.  The X460-G2 can generate IP-FIX flows and technically they are Netflow V.10 - with the ability to provide specific information that vendors can add up and above that of Netflow V9.  Netsight can take direct flows as a collector and you can also feed a Purview engine as was suggested (and as I have outlined in previous posts on the hub - search for IPFIX and purview)

I assume you have the front side of the switch configured to Netsight, not the management port?  If so the default output of IP-Fix is to the vr vr-mgmt.  You have the port 2075 correct but you need to specify the vr -  the command should be like this - "configure ip-fix ip-address 10.233.23.250 protocol udp L4-port 2075 vr vr-default"  --  This will send flows directly to Netsight and you will see then as top talkers/top apps, etc in the dashboard almost immediately.  

Give it a shot and let me know...

Bill
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,036 Points 5k badge 2x thumb
Photo of Michael Eisenschmid

Michael Eisenschmid

  • 132 Points 100 badge 2x thumb
Hi,

Thank you all for your fast replies.
Sadly my customer does not own a purview at the moment.

@Bill:
Actually the management port is configured to the netsight. The IP-address of the Switch is configured on the management VLAN for out-of-band Management. So i think the "vr-mgmt" statement should be correct?

The switches IP-address appears in the Netsight under Analytics>Flows as server but not as flow source.

I will be at the customers site on Tuesday and will check the netflow collector settings then.

Kind regards
Michael
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,216 Points 2k badge 2x thumb
Hi Bill, in case the ExtremeManagement server do the role of netflow collector, I suppose it will have a flow cache (as the engine) for the real-time traffic, but regarding the netflow database for the long time store? Will ExtremeManagement use it's mysql db for this or is not implemented?
Photo of Michael Eisenschmid

Michael Eisenschmid

  • 132 Points 100 badge 2x thumb

Hello Bill,

as suggested I tried changing the VR to VR-Default. Sadly it did not help.

After entering the command "tcpdump -i eth0 s0 port 2075" on the Netsight I noticed that i dont recieve packets anymore.

So I think that VR-Mgmt was correct.


Kind regards,

Michael