[bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface

• Previous message: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface
• Next message: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Brian and Aniruddha Bhai,

Thanks for your advice. I'll try both of the ways.

BR//Awal


On Tue, Jul 22, 2014 at 2:02 PM, Brian Candler <brian at nsrc.org> wrote:

> On 21/07/2014 07:36, Md. Abdul Awal wrote:
>
>> I'm looking for measuring IPv6 traffic in a dual-stack interface. Would
>> anyone help me with some idea on how I can plot IPv6 and IPv4 traffic in
>> separate graph from the same interface (i.e dual-stack)?
>>
> What kind of device are you thinking of?
>
> One way to do it is using Netflow. Generate Netflow records for both IPv4
> and IPv6 traffic, and then when they arrive at your collector (e.g.
> nfdump+nfsen) it can filter them out and draw different graphs. Or, you can
> send netflow packets for IPv4 and IPv6 traffic to separate UDP ports so
> that they're already separated out (but then you'd have to sum them if you
> want a graph of total traffic).
>
> For Cisco IOS (15.x), you need to use the new "flexible netflow" CLI
> syntax to enable netflow for IPv6; the old syntax will only record IPv4
> traffic.
>
> Here is some sample config:
>
> rtrX# configure terminal
> rtrX(config)# flow exporter EXPORTER-1
> rtrX(config-flow-exporter)# description Export to collector
> rtrX(config-flow-exporter)# destination x.x.x.x
> rtrX(config-flow-exporter)# transport udp 9001
> rtrX(config-flow-exporter)# template data timeout 300
> rtrX(config-flow-exporter)# flow monitor FLOW-MONITOR-V4
> rtrX(config-flow-monitor)# exporter EXPORTER-1
> rtrX(config-flow-monitor)# record netflow ipv4 original-input
> rtrX(config-flow-monitor)# cache timeout active 300
> rtrX(config-flow-monitor)# flow monitor FLOW-MONITOR-V6
> rtrX(config-flow-monitor)# exporter EXPORTER-1
> rtrX(config-flow-monitor)# record netflow ipv6 original-input
> rtrX(config-flow-monitor)# cache timeout active 300
> rtrX(config)# interface FastEthernet 0/0
> rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 input
> rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 output
> rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 input
> rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 output
> rtrX(config-if)# exit
> rtrX(config)# snmp-server ifindex persist
>
> (If you want to send the v4 and v6 netflow data to different UDP ports,
> you create another flow exporter say EXPORTER-2 to udp port 9002, and bind
> the FLOW-MONITOR-V6 to that exporter)
>
> There's no direct equivalent to "top talkers" in this syntax, but you can
> run long aggregation commands like this:
>
> rtrX# show flow monitor FLOW-MONITOR-V4 cache aggregate ipv4 source
> address ipv4 destination address sort counter bytes top 20
>
> (and you can make command aliases to make this easier to type). That
> command shows the top twenty (src IP, dst IP) pairs by bytes of IPv4 sent.
> You can make a few simple changes to that command to make it show IPv6
> traffic instead.
>
> Regards,
>
> Brian.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20140723/2832da07/attachment.html>

• Previous message: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface
• Next message: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]