diff --git a/docs/vpp/configuration/index.rst b/docs/vpp/configuration/index.rst index 26e3b8bc..57e860f9 100644 --- a/docs/vpp/configuration/index.rst +++ b/docs/vpp/configuration/index.rst @@ -26,6 +26,7 @@ Features that can be enabled on VPP Dataplane: :includehidden: acl + ipfix ipsec nat/index sflow diff --git a/docs/vpp/configuration/ipfix.rst b/docs/vpp/configuration/ipfix.rst new file mode 100644 index 00000000..b4462b70 --- /dev/null +++ b/docs/vpp/configuration/ipfix.rst @@ -0,0 +1,50 @@ +VPP IPFIX Configuration +======================= + +VPP IPFIX in VyOS allows monitoring and exporting network traffic flows +for analytics, security, and accounting. IPFIX works with the VPP +(Vector Packet Processing) backend to provide high-performance flow tracking. + +Overview +-------- + +VyOS integrates VPP for high-performance packet processing. IPFIX +configuration controls how flows are monitored, exported, and which +interfaces are included. + +Key IPFIX Concepts +------------------ + +- **Active timeout**: Maximum time a flow is kept active before export. +- **Inactive timeout**: Maximum time an idle flow is kept before export. +- **Collector**: The remote host and port to which flow records are sent. +- **Flow layers**: Determines which layer information is included (`l2`, `l3`, `l4`). +- **Interfaces**: Physical or virtual interfaces to monitor. +- **Direction**: Which traffic to monitor (`rx`, `tx`, `both`). +- **Flow variant**: Optional filter for IPv4 or IPv6 flows. + +Configuration Options +--------------------- + +- **active-timeout**: Duration (in seconds) after which active flows are exported. +- **inactive-timeout**: Duration (in seconds) after which idle flows are exported. +- **collector `` port ``**: IP and UDP port of the IPFIX collector. +- **collector `` source-address ``**: Source address for flow export. +- **flowprobe-record ``**: Layers to include in flow records. +- **interface `` [direction ``] [flow-variant ``]**: Interfaces to monitor, direction of traffic, and optional flow variant filter. + +Example Configuration +--------------------- + +.. code-block:: none + + set vpp ipfix active-timeout '15' + set vpp ipfix inactive-timeout '120' + set vpp ipfix collector 192.0.2.2 port '4739' + set vpp ipfix collector 192.0.2.2 source-address '192.0.2.1' + set vpp ipfix flowprobe-record 'l2' + set vpp ipfix flowprobe-record 'l3' + set vpp ipfix flowprobe-record 'l4' + set vpp ipfix interface eth0 + set vpp ipfix interface eth1 direction 'both' flow-variant 'ipv4' +