Monitoring traffic packet information using the NetFlow protocol

Kaspersky SD-WAN supports NetFlow versions 1, 5, and 9 for monitoring information about traffic packets on a CPE device.

To avoid configuring each CPE device individually, you can specify basic NetFlow settings in the NetFlow template and then apply the template to CPE devices when adding or manually registering them. If you edit a setting in a NetFlow template, the setting is automatically modified on all CPE devices that are using this NetFlow template. When you edit a setting on a CPE device, that setting becomes independent of the NetFlow template. When the same setting is edited in the NetFlow template, the change is not propagated to the CPE device.

When specifying basic NetFlow settings, you can specify up to four NetFlow collectors. If you want a CPE device to send information about traffic packets to NetFlow collectors, you must enable the NetFlow protocol on network interfaces. The NetFlow protocol can be enabled when creating or editing the network interface.

Managing NetFlow templates

To display the table of NetFlow templates, go to the SD-WAN → NetFlow templates section. One of the NetFlow templates is the default template, which means it is pre-selected when adding and manually registering a CPE device. By default, the Default NetFlow template is created on the administrator portal, which forms the basis for all other NetFlow templates you create. For tenants, you must manually create and assign the default NetFlow template on the self-service portal.

Information about NetFlow templates is displayed in the following columns of the table:

• ID is the ID of the NetFlow template.
• Name is the name of the NetFlow template.
• Usage indicates whether the NetFlow template is being used by CPE devices:
  • Yes
  • No
• Updated is the date and time when the CPE template settings were last modified.
• User is the name of the user which created the NetFlow template.
• Owner is the tenant to which the NetFlow template belongs.

The actions you can perform with the table are described in the Managing solution component tables instructions.

Creating a NetFlow template

To create a NetFlow template:

1. In the menu, go to the SD-WAN → NetFlow templates section.

   A table of NetFlow templates is displayed.

2. In the upper part of the page, click + NetFlow template.
3. This opens a window; in that window, enter the name of the NetFlow template.
4. Click Create.

The NetFlow template is created and displayed in the table.

You need to configure the created NetFlow template. For a description of NetFlow template settings, see the instructions on how to configure general NetFlow settings.

Setting a default NetFlow template

You can set a NetFlow template as the default to have it preselected when adding or manually registering a CPE device.

To set a default NetFlow template:

1. In the menu, go to the SD-WAN → NetFlow templates section.

   A table of NetFlow templates is displayed.

2. Click the NetFlow template that you want to make the default NetFlow template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon .

3. In the upper part of the settings area, under Actions, click Set as default template.

The NetFlow template is set as the default NetFlow template.

Exporting a NetFlow template

You can export a NetFlow template to subsequently import it into another NetFlow template.

To export a NetFlow template:

1. In the menu, go to the SD-WAN → NetFlow templates section.

   A table of NetFlow templates is displayed.

2. Click the NetFlow template that you want to export.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon .

3. In the upper part of the settings area, under Actions, click Export.

An archive in the TAR.GZ format is saved on your local device. The archive does not contain information about CPE devices using the NetFlow template.

Importing a NetFlow template

You can export a NetFlow template and subsequently import it into another NetFlow template. NetFlow template settings are specified in accordance with the settings of the imported NetFlow template. During import, you can select the settings that you want to leave unchanged. The NetFlow template into which you are importing another NetFlow template remains applied to CPE devices, but the settings of those CPE devices are not modified.

To import a NetFlow template:

1. In the menu, go to the SD-WAN → NetFlow templates section.

   A table of NetFlow templates is displayed.

2. Click the NetFlow template that you want to export.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon .

3. In the upper part of the settings area, under Actions, click Export.

   An archive in the TAR.GZ format is saved on your local device. The archive does not contain information about CPE devices using the NetFlow template.

4. Click the NetFlow template into which you want to import another NetFlow template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon .

5. In the upper part of the settings area, under Actions, click Import.
6. This opens a window; in that window, clear the check boxes next to the NetFlow template settings that you want to leave unchanged after import.
7. In the File field, specify the path to the TAR.GZ archive.
8. Click Import.

NetFlow template settings are modified in accordance with the settings of the imported NetFlow template.

Cloning a NetFlow template

You can clone a NetFlow template to create an identical NetFlow template with a different name.

To clone a NetFlow template:

1. In the menu, go to the SD-WAN → NetFlow templates section.

   A table of NetFlow templates is displayed.

2. Click the NetFlow template that you want to clone.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon .

3. In the upper part of the settings area, under Actions, click Clone.
4. This opens a window; in that window, enter the name of the new NetFlow template.
5. Click Clone.

A copy of the NetFlow template with the new name is created and displayed in the table.

Viewing the usage of a NetFlow template

You can see which CPE devices are using the NetFlow template. If a NetFlow template is in use, it cannot be deleted.

To view NetFlow template usage:

1. In the menu, go to the SD-WAN → NetFlow templates section.

   A table of NetFlow templates is displayed.

2. Click the NetFlow template for which you want to view usage information.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon .

3. In the upper part of the settings area, under Actions, click Show usage.

This opens a window with a table of CPE devices that are using the NetFlow template.

Deleting a NetFlow template

You cannot delete a NetFlow template if it is being used by at least one CPE device. You need to look up the usage of the NetFlow template and make sure that it is not in use.

Deleted NetFlow templates cannot be restored.

To delete a NetFlow template:

1. In the menu, go to the SD-WAN → NetFlow templates section.

   A table of NetFlow templates is displayed.

2. Click the NetFlow template that you want to delete.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon .

3. In the upper part of the settings area, under Actions, click Delete.
4. In the confirmation window, click Delete.

The NetFlow template is deleted and is no longer displayed in the table.

Basic NetFlow settings

You can specify basic NetFlow settings in a NetFlow template or on a CPE device. Basic NetFlow settings specified in the NetFlow template are automatically propagated to all CPE devices that use this NetFlow template.

To modify the basic NetFlow settings:

1. Specify basic NetFlow settings in one of the following ways:
   • If you want to edit basic NetFlow settings in a NetFlow template, go to the SD-WAN → NetFlow templates menu section and click the NetFlow template.
   • If you want to edit the basic NetFlow settings on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the NetFlow tab, and select the Override check box.

   Basic NetFlow settings are displayed.

2. In the NetFlow drop-down list, select Enabled. The default value is Disabled.
3. Specify the NetFlow collector:
   1. Under Collectors, click + Add.
   2. Under Host, enter the IPv4 address of the NetFlow collector.
   3. Under Port, enter the port number of the NetFlow collector. Range of values: 1 to 65,535.

   The NetFlow collector is specified and displayed in the Collectors section. You can specify up to four NetFlow collectors or delete a NetFlow collector. To delete a NetFlow collector, click the delete icon next to it.

4. In the Export version drop-down list, select the version of the NetFlow protocol:
   • 1
   • 5
   • 9 (default)
5. In the Tracking level drop-down list, select which traffic packet information the CPE device tracks:
   • ETHER to track the following information:
     • Source and destination IP addresses and ports
     • Source and destination MAC addresses
     • Outer VLAN tag
     • Protocol being used
   • FULL to track the source and destination IP addresses and ports, as well as the protocol being used. Default value.
   • VLAN to track the following information:
     • Source and destination IP addresses and ports
     • Outer VLAN tag
     • Protocol being used
   • PROTO to track the source and destination IP addresses and the protocol being used.
   • IP to track the source and destination IP addresses.
6. In the Maximum flows field, enter the maximum number of traffic flows that the CPE device can simultaneously track. Range of values: 1 to 65,535. Default value: 8192.

   The higher the value, the higher the CPU load on the CPE device.

7. In the Sampling rate field, specify how frequently the CPE device tracks the traffic packet information. For example, if you enter 10, the CPE device tracks information about every tenth packet of traffic. Range of values: 1 to 8192. Default value: 1024.

   The lower the value, the more accurate the information and the higher the CPU load on the CPE device.

8. In the Timeout maximum life (sec.) field, enter the maximum time in seconds for which the CPE device can track traffic flow information. To disable this feature, enter 0. Range of values: 1 to 9999. Default value: 60.
9. In the Hop limit field, enter the maximum number of hops to NetFlow collectors. Range of values: 1 to 255. Default value: 64.
10. If you want the CPE device to track IPv6 traffic, in the Track IPv6 drop-down list, select Enabled. The default value is Disabled.
11. In the upper part of the settings area, click Save to save the settings of the NetFlow template or CPE device.

If you want a CPE device to send information about traffic packets to NetFlow collectors, you must enable the NetFlow protocol on network interfaces. The NetFlow protocol can be enabled when creating or editing the network interface.

Changing the NetFlow template of a CPE Device

To change the NetFlow template of a CPE device:

1. In the menu, go to the SD-WAN → CPE section.

   A table of CPE devices is displayed.

2. Click the CPE device for which you want to change the NetFlow template.

   The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand icon . By default, the Configuration tab is selected, which displays general information about the CPE device. This tab also displays the table of Out-of-band management tasks being performed by the orchestrator.

3. In the NetFlow template drop-down list, select a created NetFlow template.
4. In the upper part of the settings area, click Save to save CPE device settings.