UISP - NetFlow


The UISP supports recording IP data flows thanks to the NetFlow protocol. NetFlow versions 5 and 9 are supported. Any router that supports NetFlow data analysis may be used for this, but it is recommended to use the router that is functioning as the gateway from your network to the Internet. It is possible to enable NetFlow on UISP-branded gateway devices (ex. UISP Console, UISP Router) or EdgeRouter devices with one click, in order to provide data for the UISP application. 


In UISP settings there is a section for UISP Gateways. Those are devices on the edge of a network and therefore well suited for the measurement of data throughput. It is preferable to use a UISP-branded gateway device (ex. UISP Console, UISP Router) or Ubiquiti EdgeRouter devices in order to fully utilize UISP capabilities in this regard. To add a Gateway, go to Settings -> Network and press the button "+ Add new gateway". After that, a pop-up will appear where a specific device has to be selected. Once the selection is made a WAN interface needs to be selected from a list of all interfaces found on that device. Make sure the "Allow NetFlow" is turned ON in order to enable it.

Difference between NetFlow values in CRM and Network modules

  • The Network module doesn't count the service traffic between the UISP server and devices in the total amount of transferred data. This can lead to some differences from UCRM measurement depending on, where the UISP server is placed in the network topology.
  • The Network module doesn't count any broadcast communication since it can lead to the discovery of non-existent unknown IP addresses. Also, different discovery protocols can distort transferred data.
  • Before the integration of UCRM with UISP, it was important where are both servers placed in the network topology as the data are measured on the router and periodically sent to the server. If the server is inside the measured range the process of sending the data itself is increasing the data flow in the network. On the other hand, if the server is outside the network then this doesn't happen.
  • NetFlow is using the UDP protocol to send the data and if the UISP server was behind the Internet, then a packet loss could occur. Please note that we are working on a better solution where data will be safely transferred via an already opened WebSocket, making it secure and more reliable even in the cloud.
  • There can be a noticeable difference if the range of monitored IP in UISP doesn't cover the addresses of all devices that are to be measured.
  • When a duplicate NetFlow packet arrives at the UISP application within 30 sec, it is not counted by the Network module, but the CRM module counts those packets. 
  • It is critical to make sure all devices are correctly attached to a Subscriber and that all of their IP addresses are known to UISP.

User Tip: There should be minimum IP addresses in the section Unknown Devices as those are addresses of devices in the network which UISP is not able to pair with any device. If there are some values in this section, it is possible that NetFlow data would not be accurate. 

NetFlow Data

In order to see NetFlow data in the Network module please go to Subscribers view and make sure that the 24H Usage column is enabled. Left-click on a specific subscriber will open its detail view in the side panel. Select the SLA tab to see the Statistics section for 1H/24H/1M. NetFlow data is visible under the label Trafic here. 

In order to see NetFlow data in the CRM module, go to the main dashboard. Sections Total traffic in past 7 days and Top downloaders are generated based on NetFlow info. For individual client NetFlow data, go to Clients view, and select a specific client to open their detailed view. Click on a selected service to see its details including the NetFlow graph. 


  1. On the router where NetFlow data are coming from, check at what IP address and port you pointed the NetFlow service.
  2. Go back to the UISP server and find out what is the IP of your UISP instance. Run 'sudo route' and look for the default interface. Then use the command 'sudo ifconfig INTERFACE' to get the IP address.
  3. Find out what port is the NetFlow service using. The command is 'sudo docker ps'. Compare the value from step 1 to the values you acquired in steps 2 and 3.
  4. Return to the router and run tcpdump to find out if NetFlow data are being sent 'sudo tcpdump -i any -n port NFport' the value of NFport should match the port on which the NetFlow service runs.
  5. Run the same test on the UISP server to make sure NetFlow data are received there.
  6. Check the configuration of your router and make sure that NetFlow is configured for a single (WAN) interface.

If all of those points are OK, then please use the support request form to create a ticket.

NOTE: UISP will read the value of Settings->UISP ->UISP Hostname/IP resolves it to IP address and write it to the gateway. When that IP is changed, UISP can recognize it and rewrite the value on the gateway accordingly. If the gateway sees UISP under a different address than the one mentioned above, the NetFlow configuration will not work.

Related Articles

UCRM - Ubiquiti's Billing and Customer Management System
UISP - Optional Installation Steps

Was this article helpful?
43 out of 66 found this helpful