Reply
Emerging Member
Posts: 48
Registered: ‎02-25-2014
Kudos: 3
Solutions: 4
Accepted Solution

UCRM UNMS on same server netflow config

[ Edited ]

Hi 
I'm trying to configure netflow on ucrm. I used the automatic config in ucrm but I'm not getting any data after a day.

Here's the netflow config on my gateway ER-4  with firmware v1.10.7

 

ubnt@ubnt# show system flow-accounting
disable-memory-table
ingress-capture post-dnat
interface eth1
interface eth2
interface eth3
interface eth0
netflow {
enable-egress {
}
server 192.168.11.4 {
}
timeout {
expiry-interval 60
flow-generic 60
icmp 60
max-active-life 60
tcp-fin 10
tcp-generic 60
tcp-rst 10
udp 60
}
version 9
}
:

Note that there was no port set for the server.  I did try some command to manually set it but there is still no traffic showing in the dashboard of ucrm.
( set system flow-accounting netflow server 192.168.11.4 port 2055 )

Router was initially configured with the wizard for dual wan load balancing. I don't know if that's a problem.
I have unms running on the same server IP on a different port where netflow seems to be working fine.
Is it right that in UCRM my client service device is connected to its AP on the interface that has an IP which in my case is always br0. 

Some guidance would be appreciated. 


Accepted Solutions
Emerging Member
Posts: 48
Registered: ‎02-25-2014
Kudos: 3
Solutions: 4

Re: UCRM UNMS on same server netflow config

[ Edited ]

Thank you @andrewiski for pointing me in the right direction. 

This post clarified things for me.  
EdgeRouter/Netflow-data-to-2-ports-on-same-IP

unms and ucrm, it seems, can't use the netflow data on the same ip, on the same port, at the same time. My box already had multiple IP so I just added a server IP in my gateway's netflow config.  I probably didn't search the forum with the right words.

correction : actually had to be 2 different ip and 2 different port


ubnt@ubnt# show system flow-accounting
disable-memory-table
ingress-capture post-dnat
interface eth1
interface eth2
interface eth3
interface eth0
netflow {
enable-egress {
engine-id 1
}
engine-id 0
server 192.168.6.4 {
port 2056
}
server 192.168.11.4 {
port 2055
}
timeout {
expiry-interval 60
flow-generic 60
icmp 60
max-active-life 60
tcp-fin 10
:

View solution in original post


All Replies
Ubiquiti Employee
Posts: 3,812
Registered: ‎12-10-2015
Kudos: 1345
Solutions: 295

Re: UCRM netflow config

There is still no port defined in the config. Did you committed and saved the new settings?
Emerging Member
Posts: 48
Registered: ‎02-25-2014
Kudos: 3
Solutions: 4

Re: UCRM netflow config

yes I did, after a few tries I noticed it didn't work then did commit and save.

Ubiquiti Employee
Posts: 3,812
Registered: ‎12-10-2015
Kudos: 1345
Solutions: 295

Re: UCRM netflow config

what does this command show now?
show system flow-accounting
Emerging Member
Posts: 51
Registered: ‎04-26-2014
Kudos: 16
Solutions: 1

Re: UCRM netflow config

[ Edited ]

@UBNT-Petr I am running UNMS and UCRM on same server so UCRM is using port 2056 but the auto configure of netflows sets the port to 2055.  I don't see the Netflows port defined in the application setting but I set it during the install and its setup correctly in docker.

 

I have been manualy updating the port on the edgoe OS routers but thought you could pass it on to the dev team.

 

Emerging Member
Posts: 48
Registered: ‎02-25-2014
Kudos: 3
Solutions: 4

Re: UCRM netflow config

disable-memory-table
ingress-capture post-dnat
interface eth1
interface eth2
interface eth3
interface eth0
netflow {
enable-egress {
}
server 192.168.11.4 {
port 2055
}
timeout {
expiry-interval 60
flow-generic 60
icmp 60
max-active-life 60
tcp-fin 10
tcp-generic 60
tcp-rst 10
udp 60
}
version 9
:

Ubiquiti Employee
Posts: 3,812
Registered: ‎12-10-2015
Kudos: 1345
Solutions: 295

Re: UCRM netflow config

@SpheX ok, when the netflow packets are sent to UCRM IP and port, UCRM should automatically take them into account. The only thing which could go wrong is the conntrack table. Maybe you have restarted UCRM manually? In that case, the conntrack table must be flushed, run this:

sudo docker run --net=host --privileged --rm ubnt/ucrm-conntrack
Emerging Member
Posts: 48
Registered: ‎02-25-2014
Kudos: 3
Solutions: 4

Re: UCRM netflow config

I don't remember restarting ucrm other than by restarting the whole server but here's the output from the command you gave me.

 

conntrack v1.4.4 (conntrack-tools): 2 flow entries have been deleted.

udp 17 29 src=192.168.11.1 dst=192.168.11.4 sport=35671 dport=2055 [UNREPLIED] src=172.19.0.3 dst=192.168.11.1 sport=2055 dport=35671 mark=0 use=1

udp 17 29 src=192.168.11.1 dst=192.168.11.4 sport=36810 dport=2055 [UNREPLIED] src=172.19.0.3 dst=192.168.11.1 sport=2055 dport=36810 mark=0 use=1


I waited more than an hour and still nothing in ucrm dashboard.
Noticed I had neglected the updates on ubuntu and they included an update of docker.
Did the updates, restarted the server, waited more than an hour and there was still nothing from netflow in ucrm.

I entered this command again :
sudo docker run --net=host --privileged --rm ubnt/ucrm-conntrack

output:
udp 17 29 src=192.168.11.1 dst=192.168.11.4 sport=36810 dport=2055 [UNREPLIED] src=192.168.11.4 dst=192.168.11.1 sport=2055 dport=36810 mark=0 use=1

udp 17 29 src=172.19.0.1 dst=172.19.0.5 sport=47151 dport=2055 [UNREPLIED] src=172.19.0.5 dst=172.19.0.1 sport=2055 dport=47151 mark=0 use=1

udp 17 29 src=192.168.11.1 dst=192.168.11.4 sport=35671 dport=2055 [UNREPLIED] src=192.168.11.4 dst=192.168.11.1 sport=2055 dport=35671 mark=0 use=1

udp 17 29 src=172.19.0.1 dst=172.19.0.5 sport=47049 dport=2055 [UNREPLIED] src=172.19.0.5 dst=172.19.0.1 sport=2055 dport=47049 mark=0 use=1

conntrack v1.4.4 (conntrack-tools): 4 flow entries have been deleted.

Then waited more than hour and the problem persists.

Emerging Member
Posts: 48
Registered: ‎02-25-2014
Kudos: 3
Solutions: 4

Re: UCRM UNMS on same server netflow config

[ Edited ]

Thank you @andrewiski for pointing me in the right direction. 

This post clarified things for me.  
EdgeRouter/Netflow-data-to-2-ports-on-same-IP

unms and ucrm, it seems, can't use the netflow data on the same ip, on the same port, at the same time. My box already had multiple IP so I just added a server IP in my gateway's netflow config.  I probably didn't search the forum with the right words.

correction : actually had to be 2 different ip and 2 different port


ubnt@ubnt# show system flow-accounting
disable-memory-table
ingress-capture post-dnat
interface eth1
interface eth2
interface eth3
interface eth0
netflow {
enable-egress {
engine-id 1
}
engine-id 0
server 192.168.6.4 {
port 2056
}
server 192.168.11.4 {
port 2055
}
timeout {
expiry-interval 60
flow-generic 60
icmp 60
max-active-life 60
tcp-fin 10
:

Emerging Member
Posts: 48
Registered: ‎02-25-2014
Kudos: 3
Solutions: 4

Re: UCRM netflow config

One sentence in my original post must have been misleading.


I have unms running on the same server IP on a different port where netflow seems to be working fine


 

New Member
Posts: 3
Registered: ‎07-06-2018
Kudos: 1

Re: UCRM UNMS on same server netflow config

Hi, 

So I have been wrecking my mind with this issue for a week now. Thought I would solve it but then....

 

I'm running UNMS v 0.13.1 and UCRM v.2.14.7  on the same box. I have set up two IP addresses on the ubuntu vm and with different ports for UCRM and UNMS. Sending Netflow data from an ER-X 4. However UCRM is not receiving netflow data, UNMS is receiving netflow.

 

Below is the output from my configs:

 

ubnt@Edge-X# show system  flow-accounting
 disable-memory-table
 ingress-capture post-dnat
 interface eth0
 interface eth1
 interface eth2
 interface eth3
 interface eth4
 interface switch0
 netflow {
     enable-egress {
         engine-id 1
     }
     engine-id 0
     server 192.168.69.14 {
         port 2055
     }
     server 192.169.69.16 {
         port 9055
     }
     timeout {
         expiry-interval 60
         flow-generic 60
         icmp 60
         max-active-life 60
         tcp-fin 10
         tcp-generic 60
         tcp-rst 10
         udp 60
     }
     version 9
 }
 syslog-facility daemon

 

 

Docker container ports

 

$ sudo docker ps
CONTAINER ID        IMAGE                         COMMAND                  CREATED             STATUS              PORTS                                                                                                                 NAMES
5a6c63fd7f9b        ubnt/ucrm-billing:2.14.7      "make server"            16 minutes ago      Up 16 minutes       2055/udp, 9000/tcp, 192.168.69.16:9055->9055/udp, 0.0.0.0:9080->80/tcp, 0.0.0.0:9081->81/tcp, 0.0.0.0:9443->443/tcp   ucrm_web_app_1
0a653f1e5249        elastic/elasticsearch:6.2.4   "/usr/local/bin/dock…"   16 minutes ago      Up 16 minutes       9200/tcp, 9300/tcp                                                                                                    ucrm_elastic_1
0fc0198bc825        postgres:9.5                  "docker-entrypoint.s…"   16 minutes ago      Up 16 minutes       5432/tcp                                                                                                              ucrm_postgresql_1
1a43aa391c58        rabbitmq:3                    "docker-entrypoint.s…"   16 minutes ago      Up 16 minutes       4369/tcp, 5671-5672/tcp, 25672/tcp                                                                                    ucrm_rabbitmq_1
30569cff8439        ubnt/unms-nginx:0.13.1        "/entrypoint.sh ngin…"   3 days ago          Up 3 days           0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp                                                                              unms-nginx
719f0b873d62        ubnt/unms-netflow:0.13.1      "yarn start"             3 days ago          Up 3 days           0.0.0.0:2055->2055/udp                                                                                                unms-netflow
90998da7b78c        ubnt/unms:0.13.1              "/usr/bin/dumb-init …"   3 days ago          Up 3 days                                                                                                                                 unms
ba2339c72702        postgres:9.6.1-alpine         "/docker-entrypoint.…"   3 days ago          Up 3 days                                                                                                                                 unms-postgres
f676ecf3b6cb        redis:3.2.8-alpine            "docker-entrypoint.s…"   3 days ago          Up 3 days                                                                                                                                 unms-redis
bfc9a5eee26e        rabbitmq:3.7.4-alpine         "docker-entrypoint.s…"   3 days ago          Up 3 days                                                                                                                                 unms-rabbitmq
66a87805a60c        ubnt/unms-fluentd:0.13.1      "/entrypoint.sh /bin…"   3 days ago          Up 3 days           5140/tcp, 127.0.0.1:24224->24224/tcp                                                                                  unms-fluentd

I amsure netflow is being sent out of the ER-X for both IP/port bindings based on below output

 

 

ubnt@Edge-X# sudo tcpdump -i any -n port 2055
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
20:00:37.370950 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 496
20:00:37.371071 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 496
20:00:37.371242 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 496
20:00:37.371411 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 496
20:00:37.371580 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 440
20:00:37.371709 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 144
20:00:37.371848 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:38.563154 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 496
20:00:38.563198 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 496
20:00:38.563292 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 496
20:00:38.563440 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 380
20:00:38.606771 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:38.606977 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:38.607110 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 440
20:00:38.607231 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:38.935156 IP 192.168.70.246.52241 > 192.168.69.14.2055: UDP, length 144
20:00:39.035165 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.035695 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.036101 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.036447 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.036803 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.037127 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.037511 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.037948 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.038758 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.039176 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
20:00:39.039554 IP 192.168.70.246.51219 > 192.168.69.14.2055: UDP, length 496
^C
27 packets captured
59 packets received by filter
16 packets dropped by kernel

[edit]
ubnt@Edge-X# sudo tcpdump -i any -n port 9055
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
20:00:50.779489 IP 192.168.70.246.54837 > 192.169.69.16.9055: UDP, length 144
20:00:50.793848 IP 192.168.70.246.37114 > 192.169.69.16.9055: UDP, length 440
20:00:50.793965 IP 192.168.70.246.37114 > 192.169.69.16.9055: UDP, length 496
20:00:50.794144 IP 192.168.70.246.37114 > 192.169.69.16.9055: UDP, length 440
20:00:50.794361 IP 192.168.70.246.37114 > 192.169.69.16.9055: UDP, length 496
20:00:50.794446 IP 192.168.70.246.37114 > 192.169.69.16.9055: UDP, length 260
20:00:51.074056 IP 192.168.70.246.54837 > 192.169.69.16.9055: UDP, length 496
20:00:51.074261 IP 192.168.70.246.54837 > 192.169.69.16.9055: UDP, length 320
20:00:51.148692 IP 192.168.70.246.54837 > 192.169.69.16.9055: UDP, length 84
20:00:51.266131 IP 192.168.70.246.37114 > 192.169.69.16.9055: UDP, length 496
20:00:51.266412 IP 192.168.70.246.37114 > 192.169.69.16.9055: UDP, length 260
^C
11 packets captured
29 packets received by filter
3 packets dropped by kernel

 

 

There is connectivity to between the ER-X and Ubuntu box (UCRM/UNMS). The only problem is I cant get UCRM to display netlow data. Any assistance will be highly appreciated!!Ubnt Banana

Reply