I have checked the export with tcpdump, but there was no communication on port 4002. Netflow on port 4001 is working fine. (some output is in attached file)
I am using FlowMon collector which supports NetFlow v5/v9, IPFIX, sFlow,
NetStream and jFlow.
IPFIX configuration:
~# ovs-vsctl -- set Bridge br0 ipfix=@i -- --id=@i create IPFIX
target=\"10.10.10.5:4002\" obs_domain_id=123 obs_point_id=456
cache_active_timeout=20
~# ovs-vsctl list IPFIX
_uuid : fc9e8f46-d733-4a37-8dd1-669d7a5e6466
cache_active_timeout: 20
cache_max_flows : []
external_ids : {}
obs_domain_id : 123
obs_point_id : 456
sampling : []
targets : ["10.10.10.5:4002"]
Martin
On 10/29/2014 10:18 PM, Romain Lenglet wrote:
> Is your problem that OVS doesn’t send any IPFIX message out?
> Or is it that your IPFIX collector doesn’t do anything with the data it
> received from OVS?
>
> Please give me the command(s) you’ve used to setup IPFIX export for your
> bridge.
> That should be a straightforward one-liner.
> Is there anything interesting in ovs-vswitchd's logs?
>
> Also, please check with tcpdump or wireshark whether OVS actually sends
> IPFIX messages out.
>
> OVS’s IPFIX templates are quite special, so I wouldn’t be surprised if
> your IPFIX collector didn’t support them.
> --
> Romain Lenglet
>
> On October 29, 2014 at 12:33:25 PM, Martin Vizvary (vizv...@ics.muni.cz
> <mailto:vizv...@ics.muni.cz>) wrote:
>
>> Hi Romain,
>>
>> well currently I am trying to export NetFlow and IPFIX. I have NetFlow
>> data but I can't start export IPFIX. So, I was looking for some more
>> docs than man pages...
>>
>> And also I am curious about what is OVS supposed to do with flows when
>> is overloaded...
>>
>> Martin
>>
>> Dne 10/29/2014 06:35 PM, Romain Lenglet napsal(a):
>> > On October 29, 2014 at 1:02:39 AM, Martin Vizvary
>> > (vizv...@ics.muni.cz(mailto:vizv...@ics.muni.cz)) wrote:
>> >> Hi,
>> >>
>> >> does anybody have any idea where can I find documentation about
>> >> implementation of NetFlow/IPFIX measurement in OVS?
>> >
>> > Hi Martin,
>> > We don’t have any formal docs AFAIK.
>> > The NetFlow and IPFIX exporters are implemented quite differently in OVS.
>> > What do you want to know?
>> > --
>> > Romain Lenglet
>> >
>>
>> --
>> Martin Vizvary vizv...@ics.muni.cz
>> Network Security Department http://ics.muni.cz/
>> Institute of Computer Science, Masaryk University, Brno, Czech Republic
>> PGP Key ID: 0x981AF964
--
Mgr. Martin Vizvary vizv...@ics.muni.cz
Security Department, CSIRT-MU group http://csirt.muni.cz
Institute of Computer Science, Masaryk University, Brno, Czech Republic
PGP Key ID: 0xF2D9925F
root@lmn:~/plugins# ovs-vsctl --version ovs-vsctl (Open vSwitch) 2.3.0 Compiled Oct 27 2014 09:35:57 DB Schema 7.6.0 root@lmn:~/plugins# ovs-vsctl -- set Bridge br0 ipfix=@i -- --id=@i create IPFIX target=\"10.10.10.5:4002\" obs_domain_id=123 obs_point_id=456 cache_active_timeout=20 460e7576-5ac8-4c08-a813-dfc0430b3302 root@lmn:~/plugins# tcpdump -i eth0 'port 4002' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel root@lmn:~/plugins# ovs-vsctl set Bridge br0 netflow=@nf0 -- --id=@nf0 create NetFlow target=\"10.10.10.5:4001\" active_timeout=20 dba2b1ed-56c2-4e62-a6f2-1be523134565 root@lmn:~/plugins# tcpdump -i eth0 'port 4002 or port 4001' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 12:38:26.151666 IP 10.0.2.15.60358 > 10.10.10.5.4001: UDP, length 120 12:38:46.164770 IP 10.0.2.15.60358 > 10.10.10.5.4001: UDP, length 120 12:39:05.218700 IP 10.0.2.15.60358 > 10.10.10.5.4001: UDP, length 72 12:39:06.175847 IP 10.0.2.15.60358 > 10.10.10.5.4001: UDP, length 120
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
