IPFIX Setup

Configure VPP using VAT

Set interface on index 1: up + IP

Configure IPFIX export from interface 1’s IP address to collector at 192.168.1.101 port 4739

… this configures VPP’s interface with index 1 to export IPFIX statistics and send them to 192.168.1.101:4739 UDP server

Start a UDP server

… this bash UDP server will accept the IPFIX data and display on screen. A better way of reading the data is using Wireshark (you can ping 192.168.1.87 to increase the stats) Sample capture from Wireshark

Further configuration options To export IP source, IP destination, Protocol configure classifier with:

To also export ports, configure with:

IPFIX limitations as of 17.01 IPFIX has some limitations that (might) limit its usage within real use cases:

  1. Only inbound/ingress traffic is matched/exported by IPFIX
  2. When using both IPFIX and IPSEC, the traffic is always going through IPFIX node before IPSEC decrypt, making IPFIX not work at all – there is an issue with the node graph order
  3. Matching L4 ports is also triggered for port-less protocols like ICMP, exporting each ICMP packet as new flow (since ports are assigned random numbers), which makes IPFIX export packets too big
  4. Each flow/connection creates a new classify session in order to be able to report it via IPFIX, however the sessions are not “garbage collected” making this a memory leak
  5. Due to creating new sessions for each flow, it is impossible to customize IPFIX matching e.g. match only TCP/UDP protocols, any IP with a port range