The NetFlow platform is supported starting with the release of UNMS 0.13.0, bringing useful features such as IP data flow recording. This article explains how to configure this feature on UNMS.
Table of Contents
Since the 0.13.0 release, UNMS supports recording IP data flows thanks to NetFlow protocol. NetFlow versions 5 and 9 are supported. Any router that supports NetFlow data analysis may be used for this, but it is recommended to use the router that is functioning as the gateway from your network to the Internet. The plan is to gradually increment the use of data collected from NetFlow in a whole range of UNMS features.
- On the router where NetFlow data are coming from, check at what IP address and port you pointed NetFlow service.
- Go back to UNMS server and find out what is the IP of your UNMS instance. Run '
sudo route' and look for default interface. Then use the command '
sudo ifconfig INTERFACE' to get the IP address.
- Find out what port is the NetFlow service using. The command is '
sudo docker ps'. Compare the value from step 1 to the values you acquired in steps 2 and 3.
- Return to the router and run tcpdump to find out if NetFlow data are being sent '
sudo tcpdump -i any -n port NFport' the value of NFport should match the port on which the NetFlow service runs.
- Run the same test on the UNMS server to make sure NetFlow data are received there.
- Check the configuration of your router and make sure that NetFlow is configured for a single (WAN) interface.
If all of those points are OK, then please start a thread on our community forum for additional support.
ATTENTION: In the 0.13.0 version it is necessary to manually enable NetFlow on the device. The example configuration tailored specifically for your UNMS can be found in SETTINGS >UNMS >NETFLOW. Pay close attention to the PORT and IP address of UNMS; for example, FQDN cannot be used.
In the same place, you can also check if UNMS is receiving any data. If the data flow is active it will be reflected in the NetFlow status. The Data Sources value has IP addresses of all routers which are contributing in sending NetFlow statistics. The IP ranges value is used to filter the IP address range of devices for which the dataflow is recorded. If either source or target IP is included in this range, the flow will be recorded.
This is a sample configuration for a Ubiquiti EdgeRouter:
configure set system flow-accounting interface eth0 set system flow-accounting ingress-capture post-dnat set system flow-accounting disable-memory-table set system flow-accounting netflow server 192.168.25.1 port 2055 set system flow-accounting netflow version 9 set system flow-accounting netflow engine-id 0 set system flow-accounting netflow enable-egress engine-id 1 set system flow-accounting netflow timeout expiry-interval 60 set system flow-accounting netflow timeout flow-generic 60 set system flow-accounting netflow timeout icmp 60 set system flow-accounting netflow timeout max-active-life 60 set system flow-accounting netflow timeout tcp-fin 10 set system flow-accounting netflow timeout tcp-generic 60 set system flow-accounting netflow timeout tcp-rst 10 set system flow-accounting netflow timeout udp 60 commit
IP Address Screen
The first NetFlow related feature is the Unknown IP addresses Screen. Any flow where one IP address is in the monitored range, and at the same time it is not part of any interface monitored by UNMS, will appear on this screen. A row will be shown on this screen with information about the volume of transferred data during the last month. You can use the ‘ADD AS DEVICE’ button to connect this device to UNMS or create a 3rd party device entry from it.
Transferred Data is a feature available in UNMS 0.13.0+. It is the volume of transferred data for a specific client (remember we are using the term client in a network topology meaning, not as a business term for a customer). You can see it as the User item at the upper left corner of the graph. The value is updated every 5 minutes and it shows the amount of data transferred during the last hour. Alternatively, it can show the amount of data transferred during the last day or month, in which case it is being updated each hour.
Additionally, the NetFlow data will be a very important element in the future integration of UNMS with UCRM. The information provided will be used to calculate the volume of transferred data per customer.