[netsa-tools-discuss] Multi-protocol support in fixbuf using same listener
Poole, Ruth J.
Poole.Ruth at mayo.edu
Fri Jul 17 08:10:45 EDT 2015
Problem in our environment is we don't have a list of the ips and which
version they are sending. We are getting netflow from multiple devices.
Also looked at the --tee option, but we have an older kernel and iptables
version that doesn't support it.
Ruth Poole
Phone: 507-284-0456
Email: poole.ruth at mayo.edu
On 15/7/17/, 3:22, "John Green" <John.Green at jisc.ac.uk> wrote:
>On Tue, 2015-07-14 at 18:25 +0000, Poole, Ruth J. wrote:
>> >
>> > Unfortunately, you are correct that it is not currently possible to
>> > receive the different flow protocols on the same receiving port.
>> > You are actually the first person to request this functionality.
>>
>> Let me be the second to officially request this functionality. We
>> are receiving v9, ipfix, and v5 (though hopefully v5 only
>> temporarily), on the same port.
>
>Hi,
>
>A possible workaround, if your collector in running linux, is to use
>iptables.
>
>eg
>iptables -t nat -A PREROUTING -i eth0 -p udp --dport 11111 -s 1.2.3.4 -j
>REDIRECT --to-port 50005
>iptables -t nat -A PREROUTING -i eth0 -p udp --dport 11111 -s 2.3.4.5 -j
>REDIRECT --to-port 50009
>
>Where all netflow is arriving on udp/11111 and 1.2.3.4 is sending v5 and
>2.3.4.5 is sending v9.
>
>If you really wanted to confuse things you could use u32 to create
>generic rules for each netflow version
>
>eg to send all traffic where the 2nd payload octet is 0x0a (eg IPFIX) to
>port 50010
>iptables -t nat -A PREROUTING -i eth0 -p udp --dport 11111 -m u32 --u32
>"0>>22&0x3C at 6&0xFF=0x0a" -j REDIRECT --to-port 50010
>
>John
>
>Jisc is a registered charity (number 1149740) and a company limited by
>guarantee which is registered in England under Company No. 5747339, VAT
>No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower
>Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
>Jisc Services Limited is a wholly owned Jisc subsidiary and a company
>limited by guarantee which is registered in England under company number
>2881024, VAT number GB 197 0632 86. The registered office is: One Castle
>Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
More information about the netsa-tools-discuss
mailing list