[bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface

• Previous message: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface
• Next message: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 21/07/2014 07:36, Md. Abdul Awal wrote:
> I'm looking for measuring IPv6 traffic in a dual-stack interface. 
> Would anyone help me with some idea on how I can plot IPv6 and IPv4 
> traffic in separate graph from the same interface (i.e dual-stack)?
What kind of device are you thinking of?

One way to do it is using Netflow. Generate Netflow records for both 
IPv4 and IPv6 traffic, and then when they arrive at your collector (e.g. 
nfdump+nfsen) it can filter them out and draw different graphs. Or, you 
can send netflow packets for IPv4 and IPv6 traffic to separate UDP ports 
so that they're already separated out (but then you'd have to sum them 
if you want a graph of total traffic).

For Cisco IOS (15.x), you need to use the new "flexible netflow" CLI 
syntax to enable netflow for IPv6; the old syntax will only record IPv4 
traffic.

Here is some sample config:

rtrX# configure terminal
rtrX(config)# flow exporter EXPORTER-1
rtrX(config-flow-exporter)# description Export to collector
rtrX(config-flow-exporter)# destination x.x.x.x
rtrX(config-flow-exporter)# transport udp 9001
rtrX(config-flow-exporter)# template data timeout 300
rtrX(config-flow-exporter)# flow monitor FLOW-MONITOR-V4
rtrX(config-flow-monitor)# exporter EXPORTER-1
rtrX(config-flow-monitor)# record netflow ipv4 original-input
rtrX(config-flow-monitor)# cache timeout active 300
rtrX(config-flow-monitor)# flow monitor FLOW-MONITOR-V6
rtrX(config-flow-monitor)# exporter EXPORTER-1
rtrX(config-flow-monitor)# record netflow ipv6 original-input
rtrX(config-flow-monitor)# cache timeout active 300
rtrX(config)# interface FastEthernet 0/0
rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 input
rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 output
rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 input
rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 output
rtrX(config-if)# exit
rtrX(config)# snmp-server ifindex persist

(If you want to send the v4 and v6 netflow data to different UDP ports, 
you create another flow exporter say EXPORTER-2 to udp port 9002, and 
bind the FLOW-MONITOR-V6 to that exporter)

There's no direct equivalent to "top talkers" in this syntax, but you 
can run long aggregation commands like this:

rtrX# show flow monitor FLOW-MONITOR-V4 cache aggregate ipv4 source 
address ipv4 destination address sort counter bytes top 20

(and you can make command aliases to make this easier to type). That 
command shows the top twenty (src IP, dst IP) pairs by bytes of IPv4 
sent. You can make a few simple changes to that command to make it show 
IPv6 traffic instead.

Regards,

Brian.

• Previous message: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface
• Next message: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]