IPFIX and Netflow

Some days before,  I was reading IPFIX. But I was searching something which can help me to understand difference between IPFIX and Netlfow. As we all know Netflow is from Cisco. Many of Engineers are not aware that IPFIX is also flow export like Netflow. But it is 

industry standard. Here let’s see difference between Netflow and IPFIX.

Netflow -

When Cisco first introduced NetFlow a while ago, it was a caching technique based on "flows". It still is, but the emphasis is now on statistics collection.

A network flow is a unidirectional stream of packets, identified by source and destination IP addresses, IP protocol, source and destination ports , and Type of Service  byte. Inbound interface and other information can be tracked per flow. The crucial statistics tracked by NetFlow are packet and byte counts source to destination.

When you enable NetFlow on a router or switch, statistics are collected on the IP traffic passing through that device. The flow data can then be exported to a collection system aka Netflow server for post-processing and storage. Netflow analyzer software provides interactive reports to us as per our requirement.

NetFlow data export allows you to gather data from across a network about the traffic passing through that network. 

For more information about Cisco Netflow Technical and configuration – Plz visit –

http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/fnetflow_overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html

IPFIX - 

The IETF has been working to standardize NetFlow for all vendors. The effort is named IPFIX, which stands for IP Flow Information eXport.

The IETF considered working implementations as a starting point, and elected to work from Cisco NetFlow version 9. Version 9 extends classic NetFlow by using templates to describe the flow records. This provides extensibility. The charter for the working group also lead them to allow securing the flow information -- SCTP secure stream transport can be used instead of TCP or UDP for transport. IPsec or TLS can also be used. 

The IPFIX standard also allows for sampled data, which reduces the burden on devices of classifying and reporting on each and every packet. Cisco is recommending random sampling  to ensure you don't miss flows.

Here have a look for IPFIX configuration for Maipu Router –

Maipu Router configuration:

Command	Description
router(config)# int fastethernet1	Enter the interface; the interface is connected to the internal management network.
router(config-if-fastethernet1)#ip address 50.1.1.1 255.255.255.0	Configure the IP address.
router(config-if-fastethernet1)#exit	Exit the interface.
router(config)#ip flow enable	Enable the flow forwarding
router(config)#int fastethernet0	Enter the interface; the interface is the IPFIX traffic monitoring point.
router(config-if-fastethernet0)#ip address 128.255.42.172 255.255.252.0	Configure the IP address.
router(config-if-fastethernet0)#ip route-cache flow	Enable the flow forwarding on the interface.
router(config-if-fastethernet0)#ipfix ingress	Enable IPFIX on the interface and monitor the ingress traffic.
router(config-if-fastethernet0)#exit	Exit the interface
router(config)#ipfix destination 50.1.1.2 8888	Configure the destination address of the IPfix packet and UDP destination port number

You can enable IPFIX for egress also. Its as per your requirement.

Monitoring Commands

Command	Description
show ipfix statistics	To display the IPFIX statistics data
show ipfix flow interface-name {ingress | egress} [top top-N]	To display the current ingress/egress flow information o of the specified interface
clear ipfix statistics	To clear up the statistics data of the IPFIX

Here is example output, not same with above configuration.

router#show ipfix flow g0 ingress

Displayed Result：

PRO SRC           DST        IF                  TOS SP    DP    PKTS    BYTES

17  128.255.41.200  128.255.41.255  gigaethernet0        0   138   138   1          229

17  128.255.42.17   128.255.43.255  gigaethernet0        0   138   138   1          208

17  128.255.42.190  128.255.43.255  gigaethernet0        0   137   137   3          234

17  128.255.40.68   128.255.43.255  gigaethernet0        0   138   138   2          436

17  128.255.42.190  128.255.43.255  gigaethernet0        0   138   138   2          404

Description and analysis:

PRO: IP protocol number of the monitoring flow;

SRC: The IP source address of the monitoring flow;

DST: The IP destination address of the monitoring flow;

TOS: The TOS of the monitoring flow;

SP: The source port number of the monitoring flow;

DP: The destination port number of the monitoring flow;

PKTS: The packet statistics of the monitoring flow;

BYTES: The byte statistics of the monitoring flow;

The above information displays the current statistics information of all IP flows entering from g0.

Hope the above information is informative for you..

For feedback and queries, Plz comment with your mail id…

NTP – Configuration Example

As we discussed about NTP in last post, here I want to show you NTP basic commands and configuration examples for Maipu routers.

Basic NTP Commands

Command	Description	Configuration Mode
ntp master [stratum-number]	*To configure the NTP server and specify the stratum number	config
ntp server [vrf vrf-name] ip-address | domain-name [version version][key key-number] [source interface-name]	*To configure the NTP client and specify the server address, version, key and source interface.	config
ntp authenticate	*To authenticate the NTP clock source	config
ntp authentication-key key-number md5 key	*To configure the NTP authentication key	config
ntp trusted-key key-number	*To configure the trusted key of the NTP client	config
ntp access-group peer access-list-number	To configure the NTP access control list	config
ntp source interface-name	To specify the NTP source interface	config
ntp enable	To enable the NTP function	config
no ntp	To disable the NTP and clear the configuration	config

Configuration example -

 Description: The interface (3.3.3.1) of the local router (router-1) is connected to the interface (3.3.3.2) of the peer router (router-2). The router-1 serves as the server and the router-2 serves as the client.

Router-1 configuration:

Command	Description
router(config)#ntp master	To enable the NTP server
router(config)#ntp authentication-key 1 md5 maipu	To configure the authentication key as 1 and key content as maipu

Router-2 configuration:

Command	Description
router(config)#ntp authentication-key 1 md5 maipu	To configure the authentication key as 1 and key content as maipu
router(config)#ntp trusted-key 1	To configure the trusted key as 1
router(config)#ntp authenticate	To enable the NTP authentication function
router(config)#ntp server 3.3.3.1 key 1	To configure the server address as 3.3.3.1 and the key as 1

This above example is with MD5 authentication. We can do simple configuration also with MD5. Just configure ntp master in server router and ntp server x.x.x.x (NTP server IP)  in client Router.

Monitoring Commands

Command	Description
show ntp status	To display the current NTP status, including stratum and reference time
show clock	To display the current system time and check whether the time is synchronized correctly

Monitoring Command Example

show ntp status

Displayed Result	Description and Analysis
Current NTP status information Clock is synchronized, stratum 3, reference is 128.255.40.145 reference time is BC17C9CE.E22220B3 (00:33:18.883 Sat Jan 01 2011)	The clock is synchronized. The reference source address is 128.255.40.145. The time is 00:33: 18, Jan. 1, 2011.

show clock 

Displayed Result	Description and Analysis
UTC SAT JAN 01 00:37:07 2011	The system time is 00:37:07, Jan 1, 2011.

Debugging Commands

Command	Description
(no) debug ntp events | packet	To enable/disable the NTP event and packet debugging switch

Hope this example will help you for NTP configuration reference.

For any feedback, Plz put comment with your mail id…