UISP - NetFlow

2023-09-23 16:11:55 UTC

Overview

The NetFlow platform brings useful features such as IP data flow recording. This article explains how to configure this feature on UISP.

Introduction

The UISP supports recording IP data flows thanks to the NetFlow protocol. NetFlow versions 5 and 9 are supported. Any router that supports NetFlow data analysis may be used for this, but it is recommended to use the router that is functioning as the gateway from your network to the Internet. The plan is to gradually increment the use of data collected from NetFlow in a whole range of UISP features. It is possible to enable NetFlow on UISP-branded gateway devices (ex. UISP Console, UISP Router) or EdgeRouter devices with one click, in order to provide data for the CRM plugin. 

Configuration

In UISP settings there is a section for UISP Gateways. Those are devices on the edge of a network and therefore well suited for the measurement of data throughput. It is preferable to use a UISP-branded gateway device (ex. UISP Console, UISP Router) or Ubiquiti EdgeRouter devices in order to fully utilize UISP capabilities in this regard. To add a Gateway, go to Settings -> Network and press the button "+ Add new gateway". 
network.png

After that, a pop-up will appear where a specific device has to be selected. Once the selection is made a WAN interface needs to be selected from a list of all interfaces found on that device.

gateway.png

Make sure the "Allow NetFlow" is turned ON in order to enable it.

Difference between UISP and CRM NetFlow

  • UISP doesn't count the service traffic between the UISP server and devices in the total amount of transferred data. This can lead to some differences from UCRM measurement depending on, where the UISP server is placed in the network topology.
  • UISP newly doesn't count any broadcast communication since it can lead to the discovery of non-existent unknown IP addresses. Also, different discovery protocols can distort transferred data.
  • Before the integration of UCRM with UISP, it was important where are both servers placed in the network topology as the data are measured on the router and periodically send to the server. If the server is inside the measured range the process of sending the data itself is increasing the data flow in the network. On the other hand, if the server is outside the network then this doesn't happen.
  • NetFlow is using the UDP protocol to send the data and if the UISP server was behind the Internet, then a packet loss could occur. Please note that we are working on a better solution where data will be safely transferred via an already opened WebSocket, making it secure and more reliable even in the cloud.
  • There can be a noticeable difference if the range of monitored IP in UISP doesn't cover the addresses of all devices that are to be measured.
  • When a duplicate NetFlow packet arrives in UISP within 30 sec, it is not counted in. In UCRM those packets do count.
  • It is critical to make sure all devices are correctly attached to a Subscriber and that all of their IP addresses are known to UISP.
User Tip: There should be minimum IP addresses in the section Unknown Devices as those are addresses of devices in the network which UISP is not able to pair with any device. If there are some values in this section, it is possible that NetFlow data would not be accurate. 

Transferred Data

Transferred Data is a feature available in UISP. It is the volume of transferred data for a specific client (remember we are using the term client in a network topology meaning, not as a business term for a customer). You can see it as the 'Usage' item at the upper left corner of the graph. The value is updated every 5 minutes and it shows the amount of data transferred during the last hour. Alternatively, it can show the amount of data transferred during the last day or month, in which case it is updated each hour.

Additionally, the NetFlow data is a very important element in the integration of UISP with UCRM. The information provided is used to calculate the volume of transferred data per customer.netflow.png

Troubleshooting

  1. On the router where NetFlow data are coming from, check at what IP address and port you pointed the NetFlow service.
  2. Go back to the UISP server and find out what is the IP of your UISP instance. Run 'sudo route' and look for the default interface. Then use the command 'sudo ifconfig INTERFACE' to get the IP address.
  3. Find out what port is the NetFlow service using. The command is 'sudo docker ps'. Compare the value from step 1 to the values you acquired in steps 2 and 3.
  4. Return to the router and run tcpdump to find out if NetFlow data are being sent 'sudo tcpdump -i any -n port NFport' the value of NFport should match the port on which the NetFlow service runs.
  5. Run the same test on the UISP server to make sure NetFlow data are received there.
  6. Check the configuration of your router and make sure that NetFlow is configured for a single (WAN) interface.

If all of those points are OK, then please use the support request form to create a ticket.

NOTE: UISP will read the value of Settings->UISP ->UISP Hostname/IP resolves it to IP address and write it to the gateway. When that IP is changed, UISP can recognize it and rewrite the value on the gateway accordingly. If the gateway sees UISP under a different address than the one mentioned above, the NetFlow configuration will not work.

Related Articles

UCRM - Ubiquiti's Billing and Customer Management System
UISP - Optional Installation Steps

Was this article helpful?
39 out of 59 found this helpful