2 years ago
Flow Ingest: Support for VLAN Fields in NetFlow/IPFIX
Kentik now supports collection of the NetFlow and IPFIX fields for source/destination VLAN, which we previously not collected from the received flows.
The related VLAN fields are shown in tables below:
NetFlow v9 VLAN fields
| Field Type | Value | Length (bytes) | Description |
|---|---|---|---|
| SRC_VLAN | 58 | 2 | Virtual LAN identifier associated with ingress interface |
| DST_VLAN | 59 | 2 | Virtual LAN identifier associated with egress interface |
Resource: https://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html
IPFIX VLAN fields
| ElementID | Name | Abstract Data Type | Description | Reference |
|---|---|---|---|---|
| 58 | vlanId | unsigned16 | Virtual LAN identifier associated with ingress interface. | [RFC5102] |
| 59 | postVlanId | unsigned16 | Virtual LAN identifier associated with egress interface. | [RFC5102] |
Resource: https://www.iana.org/assignments/ipfix/ipfix.xhtml
These two fields are collected from NetFlow/IPFIX protocols and stored in the Kentik’s Source VLAN and Destination VLAN dimensions.
The support is available in kproxy starting from version v7.36.0. The example of the Data Explorer query is shown below:
