Netflow Daemon Listening UDP Port
Currently the default port for opFlow listening for Netflow data is UDP 12345. This can be changed in the /usr/local/etc/flowd.conf file if required.
Sample Cisco Netflow Configuration
The following is a basic Cisco Router configuration for telling the router to send Netflow data to the opFlow.
! this command is optional, this will flow data about in-progress flows, very handy for large file transfers. ip flow-cache timeout active 1 ! version can be 5 or 9 ip flow-export version 9 ip flow-export destination <opflow_server> 12345 ! interface FastEthernet0/0 !only if you want output traffic ip flow ingress !only if you want input traffic ip flow egress
Sample Juniper J-Flow Configuration for SRX
J-FLow version 5 example (IPV4 only)
To keep things simple if you are only looking at IPV4 traffic then use Version 5 J-Flow example below. As shown
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
sampling {
input;
output;
forwarding-options {
sampling {
input {
rate 100;
#### This means 1 in every 100 packets is sampled DO NOT reduce this to 1 unless the router is very lightly loaded.
}
family inet {
output {
flow-server 192.168.1.1 {
port 12345;
version 5;
### Version 5 is simplest but only supports IPV4
}
}
}
}
}
J-FLow version 9
J-FLow version 9 supports other protocols such as IPV6 and MPLS . To get good results we recommend you still only use a template for IPV4 with Version 9. There are some subtle differences with the SRX models for the config so please refer to J-Flow SRX version 9 Config Examples