Our latest release introduces several enhancements and fixes. We’ve added support for IPFIX UDP and TCP port encoding used by AMD Pensando, and extracted Netflow v5, v9, and IPFIX into separate modules. We’ve also fixed a bug with IPFIX sampling rate persistence. New features include support for multiple flows per packet for IPFIX inline monitoring services used by Juniper PTX, and logic to strip up nested vlans. We’ve also reworked Mikrotik integration to allow multiple devices and added complete support for VyOS route management. Additionally, we’ve added options to override prefix to ASN lookup logic and to control how long we wait for a bucket to receive traffic. Full details below.
Changes:
- Added support for IPFIX IPFIX_UDP_SOURCE_PORT and IPFIX_UDP_DESTINATION_PORT encoding used by AMD Pensando
- Added support for IPFIX IPFIX_TCP_SOURCE_PORT and IPFIX_TCP_DESTINATION_PORT encoding used by AMD Pensando
- Extracted Netflow v5, v9 and IPFIX into separate modules
- Fixed bug with IPFIX sampling rate persistence which prevented us from storing it correctly to disk
- Added logic to remove IPFIX and Netflow v9 sampling between upgrades
- Added support for multiple flows per packet for IPFIX inline monitoring services used by Juniper PTX
- Added logic to strip up nested vlans. We can strip 1, 2 or 3 nested vlans
- Added logic to support two byte variable field encoding in inline monitoring services used by Juniper PTX
- Added counter ipfix_inline_encoding_error to track inline encoding errors
- Added logic to export per interface counters to Clickhouse table interface_metrics
- Added logic to export system_counetrs to Clickhouse table system_metrics
- Reworked Mikrotik integration to allow multiple devices and encode username and login in URL
- Complete support for VyOS route management
- Added logic to extract flags ip_more_fragments and ip_fragment_offset for raw packet payload in IPFIX / Netflow traffic telemetry
- Added option to override prefix to ASN lookup logic using prefix_asn_mapping_ipv4_user.json and prefix_asn_mapping_ipv6_user.json
- Added logic to export per protocol total counters
- Added schema to generate per protocol total metrics
- Reduced time to wait for bucket to receive traffic to 60 seconds from 120
- Added configuration option bucket_traffic_collection_timeout to control how long we can wait for bucket to receive traffic
- Added logic to print status of IPv4 and IPv4 attacks to syslog for ban_status_updates capability
- Added configuration option notify_script_attack_status_updates to report all active attacks