[bdNOG] How to separate IPv6 and IPv4 traffic in a dual-stack interface

Wed Jul 23 17:09:04 BDT 2014

The other option is to flow the traffic (snoop or use splitter) to a linux
box and do whatever you want to do (e.g. use pcap libraries to get each
packet's header fields and keep statistics about no. of IPv4/v6 packet,
total byte counts, and lot of other stats). Worth the effort if you're
serious about various statistics beyond the capabilities of netflow.

-SA

On Wed, Jul 23, 2014 at 2:28 AM, Nurul Islam Roman <nurul at apnic.net> wrote:

>
> 3rd option could be sub-interface for different address family
>
> -R
>
> From: "Md. Abdul Awal" <awal.ece at gmail.com>
> Date: Wednesday, 23 July 2014 12:02 PM
> To: Brian Candler <brian at nsrc.org>, "aniruddha.barua at colbd.com" <
> aniruddha.barua at colbd.com>
> Cc: "nog at bdnog.org" <nog at bdnog.org>
> Subject: Re: [bdNOG] How to separate IPv6 and IPv4 traffic in a
> dual-stack interface
>
> Dear Brian and Aniruddha Bhai,
>
> Thanks for your advice. I'll try both of the ways.
>
> BR//Awal
>
>
> On Tue, Jul 22, 2014 at 2:02 PM, Brian Candler <brian at nsrc.org> wrote:
>
>> On 21/07/2014 07:36, Md. Abdul Awal wrote:
>>
>>> I'm looking for measuring IPv6 traffic in a dual-stack interface. Would
>>> anyone help me with some idea on how I can plot IPv6 and IPv4 traffic in
>>> separate graph from the same interface (i.e dual-stack)?
>>>
>> What kind of device are you thinking of?
>>
>> One way to do it is using Netflow. Generate Netflow records for both IPv4
>> and IPv6 traffic, and then when they arrive at your collector (e.g.
>> nfdump+nfsen) it can filter them out and draw different graphs. Or, you can
>> send netflow packets for IPv4 and IPv6 traffic to separate UDP ports so
>> that they're already separated out (but then you'd have to sum them if you
>> want a graph of total traffic).
>>
>> For Cisco IOS (15.x), you need to use the new "flexible netflow" CLI
>> syntax to enable netflow for IPv6; the old syntax will only record IPv4
>> traffic.
>>
>> Here is some sample config:
>>
>> rtrX# configure terminal
>> rtrX(config)# flow exporter EXPORTER-1
>> rtrX(config-flow-exporter)# description Export to collector
>> rtrX(config-flow-exporter)# destination x.x.x.x
>> rtrX(config-flow-exporter)# transport udp 9001
>> rtrX(config-flow-exporter)# template data timeout 300
>> rtrX(config-flow-exporter)# flow monitor FLOW-MONITOR-V4
>> rtrX(config-flow-monitor)# exporter EXPORTER-1
>> rtrX(config-flow-monitor)# record netflow ipv4 original-input
>> rtrX(config-flow-monitor)# cache timeout active 300
>> rtrX(config-flow-monitor)# flow monitor FLOW-MONITOR-V6
>> rtrX(config-flow-monitor)# exporter EXPORTER-1
>> rtrX(config-flow-monitor)# record netflow ipv6 original-input
>> rtrX(config-flow-monitor)# cache timeout active 300
>> rtrX(config)# interface FastEthernet 0/0
>> rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 input
>> rtrX(config-if)# ip flow monitor FLOW-MONITOR-V4 output
>> rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 input
>> rtrX(config-if)# ipv6 flow monitor FLOW-MONITOR-V6 output
>> rtrX(config-if)# exit
>> rtrX(config)# snmp-server ifindex persist
>>
>> (If you want to send the v4 and v6 netflow data to different UDP ports,
>> you create another flow exporter say EXPORTER-2 to udp port 9002, and bind
>> the FLOW-MONITOR-V6 to that exporter)
>>
>> There's no direct equivalent to "top talkers" in this syntax, but you can
>> run long aggregation commands like this:
>>
>> rtrX# show flow monitor FLOW-MONITOR-V4 cache aggregate ipv4 source
>> address ipv4 destination address sort counter bytes top 20
>>
>> (and you can make command aliases to make this easier to type). That
>> command shows the top twenty (src IP, dst IP) pairs by bytes of IPv4 sent.
>> You can make a few simple changes to that command to make it show IPv6
>> traffic instead.
>>
>> Regards,
>>
>> Brian.
>>
>>
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20140723/602e40cb/attachment.html>