Anuket Project

 

1.1.  OVS Configuration

IPFix monitoring system consists of IPFix exporter (one or many embedded in OVS) and IPFix Collector which is external application to gather all data. IPFix uses data sampling to gather data according to few possible configurations. New counters implementation was done according to: https://tools.ietf.org/html/rfc5102 .

1.1.1.     Per Bridge sampling

Sudo ovsctl -- set Bridge br0 ipfix=@i \
-- --id=@i create IPFIX targets=\"${COLLECTOR_IP}:${COLLECTOR_PORT}\" \
obs_domain_id=${OBS_DOMAIN_ID} obs_point_id=${OBS_POINT_ID} cache_active_timeout=10 \
cache_max_flows=13 other_config:enable-tunnel-sampling=false sampling=${SAMPLING_N} \
other_config:enable-input-sampling=true \
other_config:enable-output-sampling=false


Above command will engage sampling on each configured port under br0. We can also define where sampling will take place for particular port using “enable-output-sampling” and “enable-input-sampling” arguments. This additional configuration gives us possibility to enable sampling (per given bridge) at ingress or egress. Data will be sent to collector based on following arguments:

COLLECTOR_IP – collector’s IP address

COLLECTOR_PORT – collector’s port

OBS_DOMAIN_ID - When sending samples to IPFIX collectors, the unsigned 32-bit integer Observation Domain ID sent in every IPFIX flow record.  Defaults to 0. “Observation Domain” Id uniquely identifies “Collecting Process”, in practice it allows collector to properly aggregate incoming data.

OBS_POINT_ID - When sending samples to IPFIX collectors, the unsigned 32-bit integer Observation Point ID sent in every IPFIX flow record.  Defaults to 0. An “Observation Point” is a location in the network where packets are observed, it could be a single port of a router, or ingress port of OVS bridge, it allows collector to properly aggregate data for different entities.

SAMPLING_N – formula which describes number of packets to be sampled – e.g. sampling=10 means that every 10th packet will be sampled, sampling=1 means that all packages will be sampled through upcall mechanism in OVS.

1.1.2.      Per Flow Sampling

For per-flow sampling method we can configure exactly the spot where sampling takes place, as we create sampling actions ourselves.

#Create ipfix measurement process:

sudo ovsctl -- --id=@br0 get Bridge br0 \
-- --id=@cs create Flow_Sample_Collector_Set id=${COLLECTOR_SET_ID} bridge=@br0 ipfix=@i \
-- --id=@i create IPFIX targets=\"${COLLECTOR_IP}:${COLLECTOR_PORT}\"  \
obs_domain_id=${OBS_DOMAIN_ID} obs_point_id=${OBS_POINT_ID}

#Create sampling action (in per flow sampling we need to create sampling action ourselves):

sudo ovsctl add-flow br0 \
table=0,actions=sample'('probability=$FLOW_PROB,collector_set_id=${COLLECTOR_SET_ID}, \
obs_domain_id=${OBS_DOMAIN_ID},obs_point_id=${OBS_POINT_ID}, \
sampling_port=${SAMPL_PORT}')', output:LOCAL


COLLECTOR_IP – collector’s IP address

COLLECTOR_PORT – collector’s port

FLOW_PROB – The number of sampled packets out of 65535.  Must be greater or equal to 1.

COLLECTOR_SET_ID - The unsigned 32-bit integer identifier of the set of sample collectors to send sampled packets to. Defaults to 0.

OBS_DOMAIN_ID - When sending samples to IPFIX collectors, the unsigned 32-bit integer Observation Domain ID sent in every IPFIX flow record.  Defaults to 0. “Observation Domain” Id uniquely identifies “Collecting Process”, in practice it allows collector to properly aggregate incoming data.

OBS_POINT_ID - When sending samples to IPFIX collectors, the unsigned 32-bit integer Observation Point ID sent in every IPFIX flow record.  Defaults to 0. An “Observation Point” is a location in the network where packets are observed, it could be a single port of a router, or ingress port of OVS bridge, it allows collector to properly aggregate data for different entities.

SAMPL_PORT - Sample packets on port, which should be the ingress or egress port. This option, which was added in Open vSwitch 2.5.90, allows the IPFIX implementation to export egress tunnel information.

1.2.  IPFix collector

During development we have been using libipfix: http://libipfix.sourceforge.net. To install collector it is enough to run:

./configure & make

 


To start IPFix collector it is enough to execute following command:

ipfix_collector -4tu -p 4740

 


-p 4740 – start collector on port 4740
-4u – sets collector in Ipv4 UDP configuration.

 

This is proper command line output from start up, when counters will reach collector those will be printed out on standard output each time message is received.

Note: There are some counters names which are not correctly decoded by libipfix, this problem comes from some missing implementation on the collector side.

Note 2: Traffic has to go through OVS which has configured IPFIX measurements to see coming counters.


Right after first packets will start to be pushed by upcall mechanism to measurement/exporter processes, communication with collector starts by sending message templates:

 

 

 

Next, all the counters are sent based on our sampling configuration:

 

 

  • No labels