VyOS Netflow implementation has very serious issues and we strongly advice against using it for production deployments. Please use new sFlow integration instead.
You can use FastNetMon Advanced with VyOS routing platform. It’s open source platform but you can buy support directly from developers. In this guide we will provide detailed instructions about this process All these instructions were tested with VyOS 1.2.5 LTS.
As first step, please login to VyOS over SSH using default login and password: vyos/vyos and then switch to configuration mode:
conf
Then select interfaces to enable Netflow export, we recommend exporting traffic from upstream ports (please replace ports to your specific values):
set system flow-accounting interface eth0 set system flow-accounting interface eth1
As next step, please configure basic flow tracking configuration:
set system flow-accounting buffer-size 64 set system flow-accounting netflow engine-id 5 set system flow-accounting disable-imt set system flow-accounting netflow max-flows 640000 set system flow-accounting netflow version 5
As next step, you need to specify IP address of machine with FastNetMon installed:
set system flow-accounting netflow server FastNetMon_IP_address
You will need to specify local IP address from VyOS machine which will be used for Netflow export:
set system flow-accounting netflow source-ip IP_Address_of_VyOS_installation
Next step is extremely important to receive precise information about traffic, we need to configure all timeouts:
set system flow-accounting netflow timeout expiry-interval 30 set system flow-accounting netflow timeout flow-generic 30 set system flow-accounting netflow timeout icmp 30 set system flow-accounting netflow timeout max-active-life 30 set system flow-accounting netflow timeout tcp-fin 30 set system flow-accounting netflow timeout tcp-generic 30 set system flow-accounting netflow timeout tcp-rst 30 set system flow-accounting netflow timeout udp 30
Specify sampling rate, for production setups it’s very important to avoid router overload:
set system flow-accounting netflow sampling-rate 100
VyOS supports Netflow v5, Netflow v9 and IPFIX but we recommend using Netflow v5 because it uses much simpler logic to encode sampling rate. If you need IPv6 support then you may switch it to version 9 (do not forget to specify sampling rate directly in FastNetMon’s configuration):
set system flow-accounting netflow version 9
After that, apply changes:
commit save
After that, I recommend checking full flow configuration:
show system flow-accounting
buffer-size 64
disable-imt
interface eth0
interface eth1
netflow {
engine-id 5
max-flows 640000
sampling-rate 100
server 192.168.1.134 {
}
source-ip 192.168.1.213
timeout {
expiry-interval 30
flow-generic 30
max-active-life 30
tcp-fin 30
tcp-generic 30
tcp-rst 30
udp 30
}
version 5
}
As final step, please configure average calculation time which reflects timeouts configured on previous steps:
sudo fcli set average_calculation_time 60 sudo fcli commit