[bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface

Nurul Islam Roman nurul at apnic.net
Wed Jul 23 11:28:15 BDT 2014


3rd option could be sub-interface for different address family

-R

From:  "Md. Abdul Awal" <awal.ece at gmail.com>
Date:  Wednesday, 23 July 2014 12:02 PM
To:  Brian Candler <brian at nsrc.org>, "aniruddha.barua at colbd.com"
<aniruddha.barua at colbd.com>
Cc:  "nog at bdnog.org" <nog at bdnog.org>
Subject:  Re: [bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack
interface

Dear Brian and Aniruddha Bhai,

Thanks for your advice. I'll try both of the ways.

BR//Awal


On Tue, Jul 22, 2014 at 2:02 PM, Brian Candler <brian at nsrc.org> wrote:
> On 21/07/2014 07:36, Md. Abdul Awal wrote:
>> I'm looking for measuring IPv6 traffic in a dual-stack interface. Would
>> anyone help me with some idea on how I can plot IPv6 and IPv4 traffic in
>> separate graph from the same interface (i.e dual-stack)?
> What kind of device are you thinking of?
> 
> One way to do it is using Netflow. Generate Netflow records for both IPv4 and
> IPv6 traffic, and then when they arrive at your collector (e.g. nfdump+nfsen)
> it can filter them out and draw different graphs. Or, you can send netflow
> packets for IPv4 and IPv6 traffic to separate UDP ports so that they're
> already separated out (but then you'd have to sum them if you want a graph of
> total traffic).
> 
> For Cisco IOS (15.x), you need to use the new "flexible netflow" CLI syntax to
> enable netflow for IPv6; the old syntax will only record IPv4 traffic.
> 
> Here is some sample config:
> 
> rtrX# configure terminal
> rtrX(config)# flow exporter EXPORTER-1
> rtrX(config-flow-exporter)# description Export to collector
> rtrX(config-flow-exporter)# destination x.x.x.x
> rtrX(config-flow-exporter)# transport udp 9001
> rtrX(config-flow-exporter)# template data timeout 300
> rtrX(config-flow-exporter)# flow monitor FLOW-MONITOR-V4
> rtrX(config-flow-monitor)# exporter EXPORTER-1
> rtrX(config-flow-monitor)# record netflow ipv4 original-input
> rtrX(config-flow-monitor)# cache timeout active 300
> rtrX(config-flow-monitor)# flow monitor FLOW-MONITOR-V6
> rtrX(config-flow-monitor)# exporter EXPORTER-1
> rtrX(config-flow-monitor)# record netflow ipv6 original-input
> rtrX(config-flow-monitor)# cache timeout active 300
> rtrX(config)# interface FastEthernet 0/0
> rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 input
> rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 output
> rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 input
> rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 output
> rtrX(config-if)# exit
> rtrX(config)# snmp-server ifindex persist
> 
> (If you want to send the v4 and v6 netflow data to different UDP ports, you
> create another flow exporter say EXPORTER-2 to udp port 9002, and bind the
> FLOW-MONITOR-V6 to that exporter)
> 
> There's no direct equivalent to "top talkers" in this syntax, but you can run
> long aggregation commands like this:
> 
> rtrX# show flow monitor FLOW-MONITOR-V4 cache aggregate ipv4 source address
> ipv4 destination address sort counter bytes top 20
> 
> (and you can make command aliases to make this easier to type). That command
> shows the top twenty (src IP, dst IP) pairs by bytes of IPv4 sent. You can
> make a few simple changes to that command to make it show IPv6 traffic
> instead.
> 
> Regards,
> 
> Brian.
> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20140723/3b568c12/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3571 bytes
Desc: not available
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20140723/3b568c12/attachment.bin>


More information about the nog mailing list