Table of Contents

Configuring service

The option is configured or disabled by parameters in configuration file /etc/dpi/fastdpi.conf.

NetFlow parameters are cold, so changes require a service restart.

Statistics export configuration

To switch on the export of statistics: 

netflow=1
3 = 1 + 2 - simultaneous export of statistics by protocols and by directions. Other values are combined similarly.

The network interface name to export netflow with statistics: 

netflow_dev=eth2

Data export period in seconds: 

netflow_timeout=10

Configuration of each type NetFlow

IP address and port number of netflow collector for statistics by protocols: 

netflow_collector=192.168.0.1:9997
It is necessary to specify a separate collector for each type so that the data does not mix!

IP address and port number of netflow collector with statistics by directions: 

netflow_as_collector=192.168.0.1:9998

Directions to collect and aggregate data: 

netflow_as_direction=1

IP address and port number of NetFlow collector with statistics for billing. One has to specify the separate collector to avoid data messing with other statistics: 

netflow_bill_collector=192.168.0.1:9995
The billing statistics is formed only for those subscribers that have service 9 enabled.

Setting up the statistics format: 

netflow_bill_collector_type=2

The whole traffic volume is counted by default. This includes packet headers as well. In order to count the useful traffic only1) please specify: 

netflow_bill_method=1

The traffic class assigned by DPI is specified in TOS field of netflow with billing statistics. This information can be used to create attractive billing plans.

IP address and port number of netflow collector with full statistics. One has to specify the separate collector to avoid data messing with other statistics: 

netflow_full_collector=192.168.0.1:9996
netflow_passive_timeout=30
netflow_active_timeout=300

Here

The complete statistics preserved original port numbers. The information on detected protocols is sent in normally empty bytes 46-47. In case one needs to analyse the protocols in use, the system can be configured to send the protocol information in the port number: 

netflow_full_port_swap=1
NetFlow protocol does not ensure the delivery of packets as it works over UDP. If the collector has not enough capacity to receive the data, some packets are just lost. The collector has to receive data at rates no less than 60 Mb/s to handle full statistics for 10Gb channel. Please check your collector's capabilities before sending the netflow traffic.

At the same time short peaks up to 100 Mb/s may happen when sending netflow from DPI. Few collectors are able to receive such data flow with no losses, for example nfsen/nfdump.

In order to smooth such peaks and load the collector in a uniform way one can set the parameter: 

netflow_rate_limit=60

Here 60 is the maximal netflow rate in Mb/s.

This value has to be set according to 6 Mb/s for each 1Gb of the external channel. Insufficient rate setting leads to data losses already on DPI side. This event is reflected in log file /var/log/dpi/fastdpi_alert.log.

Configuration Example

An example is described in the section QoE Stor: DPI Configuration

1)
The traffic with no packet headers may be 3.5 times smaller than the total one. For example, the minimal torrent UDP packet may be 64 bytes. The UDP header is 28 bytes and Ethernet frame size is 18 bytes. The resulting useful information is 18 bytes only of 64 total.