The NetFlow platform is supported starting with the release of UNMS 0.13.0, bringing useful features such as IP data flow recording. This article explains how to configure this feature on UNMS.
Table of Contents
- Configuration 0.14.x+
- Configuration 0.13.x
- Difference between NMS and CRM NetFlow
- IP Address Screen
- Transferred Data
- Related Articles
Since the 0.13.0 release, UNMS supports recording IP data flows thanks to NetFlow protocol. NetFlow versions 5 and 9 are supported. Any router that supports NetFlow data analysis may be used for this, but it is recommended to use the router that is functioning as the gateway from your network to the Internet. The plan is to gradually increment the use of data collected from NetFlow in a whole range of UNMS features.
In release 0.14.0 it is possible to enable NetFlow on EdgeRouter devices with one click, in order to provide data for CRM plugin.
In version 0.14.0, UNMS introduced a concept of Gateways. Those are devices on the edge of a network and therefore well suited for measurement of data throughput. It is preferable to use Ubiquiti EdgeRouter devices in order to fully utilize UNMS capabilities in this regard. To add a Gateway, go to Settings -> Network and press the button "+ Add new gateway".
After that, a pop up will appear where a specific device has to be selected. Once the selection is made a WAN interface needs to be selected from a list of all interfaces found on that device.
Make sure the "Allow NetFlow" is turned ON in order to enable it.
ATTENTION: In the 0.13.0 version it is necessary to manually enable NetFlow on the device. The example configuration tailored specifically for your UNMS can be found in SETTINGS >UNMS >NETFLOW. Pay close attention to the PORT and IP address of UNMS; for example, FQDN cannot be used.
In the same place, you can also check if UNMS is receiving any data. If the data flow is active it will be reflected in the NetFlow status. The Data Sources value has IP addresses of all routers which are contributing in sending NetFlow statistics. The IP ranges value is used to filter the IP address range of devices for which the dataflow is recorded. If either source or target IP is included in this range, the flow will be recorded.
This is a sample configuration for a Ubiquiti EdgeRouter:
configure set system flow-accounting interface eth0 set system flow-accounting ingress-capture post-dnat set system flow-accounting disable-memory-table set system flow-accounting netflow server 192.168.25.1 port 2055 set system flow-accounting netflow version 9 set system flow-accounting netflow engine-id 0 set system flow-accounting netflow enable-egress engine-id 1 set system flow-accounting netflow timeout expiry-interval 60 set system flow-accounting netflow timeout flow-generic 60 set system flow-accounting netflow timeout icmp 60 set system flow-accounting netflow timeout max-active-life 60 set system flow-accounting netflow timeout tcp-fin 10 set system flow-accounting netflow timeout tcp-generic 60 set system flow-accounting netflow timeout tcp-rst 10 set system flow-accounting netflow timeout udp 60 commit
Difference between UNMS and CRM NetFlow
- UNMS doesn't count the service traffic between UNMS server and devices into the total amount of transferred data. This can lead to some differences from UCRM measurement depending on, where the UNMS server is placed in the network topology.
- UNMS newly doesn't count any broadcast communication since it can lead to a discovery of non-existent unknown IP addresses. Also, different discovery protocols can distort transferred data.
- Before the integration of UCRM with UNMS, it was important where are both servers placed in the network topology as the data are measured on the router and periodically send to the server. If the server is inside the measured range the process of sending the data itself is increasing the data flow in the network. On the other hand, if the server is outside the network then this doesn't happen.
- NetFlow is using the UDP protocol to send the data and if UNMS server was behind the Internet, then a packet loss could occur. Please note that we are working on a better solution where data will be safely transferred via already opened WebSocket, making it secure and more reliable even in the cloud.
- There can be a noticeable difference if the range of monitored IP in UNMS doesn't cover the addresses of all devices that are to be measured.
- When a duplicate NetFlow packet arrives in UNMS within 30 sec, it is not counted in. In UCRM those packets do count.
- It is critical to make sure all devices are correctly attached to a Client Site and that all of their IP addresses are known to UNMS.
User Tip: There should be minimum IP addresses in the section Unknown Devices as those are addresses of devices in the network which UNMS is not able to pair with any device. If there are some values in this section, it is possible that NetFlow data would not be accurate.
IP Address Screen
The first NetFlow related feature is the Unknown IP addresses Screen. Any flow where one IP address is in the monitored range, and at the same time it is not part of any interface monitored by UNMS, will appear on this screen. A row will be shown on this screen with information about the volume of transferred data during the last month. You can use the ‘ADD AS DEVICE’ button to connect this device to UNMS or create a 3rd party device entry from it.
Transferred Data is a feature available in UNMS 0.13.0+. It is the volume of transferred data for a specific client (remember we are using the term client in a network topology meaning, not as a business term for a customer). You can see it as the 'Usage' item at the upper left corner of the graph. The value is updated every 5 minutes and it shows the amount of data transferred during the last hour. Alternatively, it can show the amount of data transferred during the last day or month, in which case it is being updated each hour.
Additionally, the NetFlow data will be a very important element in the future integration of UNMS with UCRM. The information provided will be used to calculate the volume of transferred data per customer.
- On the router where NetFlow data are coming from, check at what IP address and port you pointed NetFlow service.
- Go back to UNMS server and find out what is the IP of your UNMS instance. Run '
sudo route' and look for default interface. Then use the command '
sudo ifconfig INTERFACE' to get the IP address.
- Find out what port is the NetFlow service using. The command is '
sudo docker ps'. Compare the value from step 1 to the values you acquired in steps 2 and 3.
- Return to the router and run tcpdump to find out if NetFlow data are being sent '
sudo tcpdump -i any -n port NFport' the value of NFport should match the port on which the NetFlow service runs.
- Run the same test on the UNMS server to make sure NetFlow data are received there.
- Check the configuration of your router and make sure that NetFlow is configured for a single (WAN) interface.
If all of those points are OK, then please start a thread on our community forum for additional support.
NOTE: UNMS will read the value of Settings->UNMS->UNMS Hostname/IP resolves it to IP address and write it to the gateway. When that IP is changed, UNMS can recognize it and rewrite the value on the gateway accordingly. If the gateway sees UNMS under a different address than the one mentioned above, the NetFlow configuration will not work.