├── .gitignore ├── Arista ├── README.md ├── bgp.conf ├── compatible-platforms.md ├── ipfix-interfaces.conf ├── ipfix.conf ├── logo.png ├── sflow-agent.conf ├── sflow-interfaces.conf ├── sflow.conf ├── snmp-agent.conf ├── snmp.conf └── telemetry_dialin.conf ├── Cisco ├── 6500-7600 │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── flowspec.conf │ ├── netflow-9-agent.conf │ ├── netflow-9-interfaces.conf │ ├── netflow-9.conf │ ├── snmp-agent.conf │ └── snmp.conf ├── ASA │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── netflow-9-agent.conf │ ├── netflow-9.conf │ ├── snmp-agent.conf │ └── snmp.conf ├── IOS-XE │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── netflow-9-agent.conf │ ├── netflow-9-interfaces.conf │ ├── netflow-9.conf │ ├── snmp-agent.conf │ └── snmp.conf ├── IOS-XR │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── flowspec.conf │ ├── netflow-9-agent.conf │ ├── netflow-9-interfaces.conf │ ├── netflow-9.conf │ ├── snmp-agent.conf │ ├── snmp.conf │ ├── telemetry_dialin.conf │ ├── telemetry_dialout-agent.conf │ └── telemetry_dialout.conf ├── Nexus-3000 │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── sflow-agent.conf │ ├── sflow.conf │ └── snmp.conf ├── Nexus-5000 │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── netflow-9-agent.conf │ ├── netflow-9-interfaces.conf │ ├── netflow-9.conf │ └── snmp.conf ├── Nexus-6000-7000 │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── netflow-9-agent.conf │ ├── netflow-9-interfaces.conf │ ├── netflow-9.conf │ └── snmp.conf ├── Nexus-9000 │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── netflow-9-agent.conf │ ├── netflow-9-interfaces.conf │ ├── netflow-9.conf │ └── snmp.conf └── logo.png ├── Extreme ├── README.md ├── bgp.conf ├── compatible-platforms.md ├── logo.png ├── sflow-agent.conf ├── sflow-interfaces.conf ├── sflow.conf └── snmp.conf ├── Huawei ├── README.md ├── bgp.conf ├── compatible-platforms.md ├── logo.png ├── netflow-9-agent.conf ├── netflow-9-interfaces.conf ├── netflow-9-linecards.conf ├── netflow-9.conf ├── snmp-agent.conf └── snmp.conf ├── Juniper ├── MX-series │ ├── README.md │ ├── bgp-flowspec.conf │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── flowspec.conf │ ├── ipfix-agent.conf │ ├── ipfix-interfaces-ptx1000.conf │ ├── ipfix-interfaces.conf │ ├── ipfix-linecards.conf │ ├── ipfix-mpls.conf │ ├── ipfix.conf │ ├── snmp-agent.conf │ ├── snmp.conf │ ├── telemetry_dialin.conf │ ├── telemetry_dialout-agent.conf │ └── telemetry_dialout.conf ├── QFX_EX-series │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── sflow-agent.conf │ ├── sflow.conf │ ├── snmp-agent.conf │ └── snmp.conf ├── SRX-series │ ├── README.md │ ├── compatible-platforms.md │ ├── netflow-agent.conf │ ├── netflow-interfaces.conf │ ├── netflow.conf │ ├── snmp-agent.conf │ └── snmp.conf └── logo.png ├── Mikrotik ├── README.md ├── bgp.conf ├── compatible-platforms.md ├── logo.png ├── mikrotik_kentik_config.conf ├── netflow-9-agent.conf ├── netflow-9.conf └── snmp.conf ├── Nokia ├── README.md ├── bgp.conf ├── compatible-platforms.md ├── ipfix-agent.conf ├── ipfix-interfaces.conf ├── ipfix.conf ├── logo.png ├── snmp-agent.conf └── snmp.conf ├── Palo-Alto ├── bgp.conf ├── compatible-platforms.md ├── logo.png ├── netflow-9-agent.conf ├── netflow-9.conf └── readme.md ├── README.md ├── Silver-Peak ├── bgp.conf ├── compatible-platforms.md ├── logo.png ├── netflow-9-agent.conf ├── netflow-9.conf └── readme.md ├── Ubiquiti ├── EdgeRouter │ ├── README.md │ ├── bgp.conf │ ├── compatible-platforms.md │ ├── ipfix-agent.conf │ ├── ipfix.conf │ ├── snmp-agent.conf │ └── snmp.conf └── logo.png ├── Vyatta ├── README.md ├── bgp.conf ├── compatible-platforms.md ├── logo.png ├── sflow-agent.conf ├── sflow.conf ├── snmp-agent.conf └── snmp.conf └── kprobe ├── README.md ├── kprobe-params.md ├── kprobe-running.conf └── kprobe-running.md /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | *.swp 3 | *.swo 4 | *~ 5 | *Icon* 6 | 7 | -------------------------------------------------------------------------------- /Arista/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure an Arista equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Streaming Telemetry notes 5 | Currently, Streaming Telemetry is only supported for dial-out using Kentik's kproxy. Dial-in is supported using kagent with Kentik's NMS product. -------------------------------------------------------------------------------- /Arista/bgp.conf: -------------------------------------------------------------------------------- 1 | ip prefix-list default-route 2 | seq 10 permit 0.0.0.0/0 3 | ! 4 | ipv6 prefix-list default-route-v6 5 | seq 10 permit ::/0 6 | ! 7 | route-map deny-all deny 10 8 | ! 9 | route-map allow-all-no-default deny 10 10 | match ip address prefix-list default-route 11 | ! 12 | route-map allow-all-no-default deny 20 13 | match ipv6 address prefix-list default-route-v6 14 | ! 15 | route-map allow-all-no-default permit 30 16 | ! 17 | router bgp {{local_ASN}} 18 | router-id {{ router_id }} 19 | neighbor route-consumers_v4 peer group 20 | neighbor route-consumers_v4 maximum-routes 1 21 | neighbor route-consumers_v4 maximum-accepted-routes 1 22 | neighbor route-consumers_v6 peer group 23 | neighbor route-consumers_v6 maximum-routes 1 24 | neighbor route-consumers_v6 maximum-accepted-routes 1 25 | neighbor {{kentik_UI_bgp_peering_ipv4}} peer group route-consumers_v4 26 | neighbor {{kentik_UI_bgp_peering_ipv4}} remote-as {{local_ASN}} 27 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-reflector-client 28 | neighbor {{kentik_UI_bgp_peering_ipv4}} update-source Loopback0 29 | neighbor {{kentik_UI_bgp_peering_ipv4}} description Kentik-Route-Consumer-v4 30 | neighbor {{kentik_UI_bgp_peering_ipv6}} peer group route-consumers_v6 31 | neighbor {{kentik_UI_bgp_peering_ipv6}} remote-as {{local_ASN}} 32 | neighbor {{kentik_UI_bgp_peering_ipv6}} route-reflector-client 33 | neighbor {{kentik_UI_bgp_peering_ipv6}} update-source Loopback0 34 | neighbor {{kentik_UI_bgp_peering_ipv6}} description Kentik-Route-Consumer-v6 35 | ! 36 | address-family ipv4 37 | neighbor route-consumers_v4 activate 38 | neighbor route-consumers_v4 route-map deny-all in 39 | neighbor route-consumers_v4 route-map allow-all-no-default out 40 | ! 41 | address-family ipv6 42 | neighbor route-consumers_v6 activate 43 | neighbor route-consumers_v6 route-map deny-all in 44 | neighbor route-consumers_v6 route-map allow-all-no-default out 45 | -------------------------------------------------------------------------------- /Arista/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * DCS-750x 4 | * DCS-7280 5 | * DCS-7260 6 | * DCS-7050 7 | * DCS-7060 8 | * DCS-7020 9 | * DCS-7160 10 | # A platform you succesfully tested Kentik with is not in this list ? 11 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 12 | -------------------------------------------------------------------------------- /Arista/ipfix-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! Add sampling configuration to every interface on ingress where you want to collect flow 2 | interface {{ interface_to_enable_flow_collection_on }} 3 | flow tracker {{ sampled || hardware }} kentik 4 | no shutdown -------------------------------------------------------------------------------- /Arista/ipfix.conf: -------------------------------------------------------------------------------- 1 | ! Define a loopback interface to act as the local source interface for 2 | ! IPFIX export 3 | int Loopback0 4 | ip address {{ loopback_address }} 5 | 6 | ! Enable IP routing for IPFIX packet to be routed to the collector 7 | ip routing 8 | 9 | ! Use hardware if your platform supports it 10 | flow tracking {{ sampled || hardware }} 11 | sample {{ device_sample_rate }} 12 | ! 13 | tracker kentik 14 | ! export active records every 60 sec and inactive every 15sec 15 | record export on interval 60000 16 | record export on inactive timeout 15000 17 | ! 18 | exporter kentik-flow-collector 19 | format ipfix version 10 20 | collector {{ kentik_ingest_ip_from_UI }} port {{ kentik_ingest_UDP_port_from_UI }} 21 | ! typical export interface might be Loopback0 22 | local interface {{ device_sending_iface }} 23 | ! how often we want to send ipfix templates to the collector 24 | template interval 60000 25 | no shutdown 26 | 27 | ! Ensure you also enable flow collection on all ingress interfaces of interest 28 | -------------------------------------------------------------------------------- /Arista/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Arista/logo.png -------------------------------------------------------------------------------- /Arista/sflow-agent.conf: -------------------------------------------------------------------------------- 1 | ! This setting is for use when devices are pushing flow to a Kentik Flow Proxy (agent) 2 | ! default KProxy flow record ingest port is 9995 3 | ! if your KProxy is configured to listen on another port, change the value below 4 | sflow destination {{kentik_flow_proxy_IP}} 9995 5 | 6 | ! Name of interface whose IP will be source of flow records. 7 | sflow source-interface 8 | ! other option is to direclty point to a source IP configured on the device 9 | sflow source {{device_sending_ip}} 10 | 11 | sflow polling-interval 10 12 | 13 | ! Set sample rate based on flow volume. 14 | sflow sample {{device_sample_rate}} 15 | 16 | sflow run 17 | -------------------------------------------------------------------------------- /Arista/sflow-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! add this line for every interface that you want to enable SFlow to Kentik on 2 | interface 3 | sflow enable -------------------------------------------------------------------------------- /Arista/sflow.conf: -------------------------------------------------------------------------------- 1 | ! This setting is only for direct ingest by Kentik (not agent based) 2 | sflow destination {{kentik_ingest_ip_from_UI}} {{kentik_ingest_UDP_port_from_UI}} 3 | 4 | ! Name of interface whose IP will be source of flow records. 5 | sflow source-interface 6 | ! other option is to direclty point to a source IP configured on the device 7 | sflow source {{device_sending_ip}} 8 | 9 | sflow polling-interval 10 10 | 11 | ! Set sample rate based on flow volume. 12 | sflow sample {{device_sample_rate}} 13 | 14 | sflow run 15 | -------------------------------------------------------------------------------- /Arista/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Arista devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Arista/snmp.conf 4 | -------------------------------------------------------------------------------- /Arista/snmp.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Arista devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Arista/snmp.conf 4 | -------------------------------------------------------------------------------- /Arista/telemetry_dialin.conf: -------------------------------------------------------------------------------- 1 | username gnmi-user privilege 1 role network-operator secret 2 | ! 3 | management api gnmi 4 | transport grpc default 5 | port {{kentik_telemetry_port_from_UI}} 6 | no shutdown 7 | ssl profile NoTLS1 8 | authorization requests 9 | provider eos-native -------------------------------------------------------------------------------- /Cisco/6500-7600/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure Cisco 65xx/76xx equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Notes on Cisco 65xx / 76xx: 5 | * SNMP configuration requires ifIndex persistence upon reboot to be enabled, as it isn't by default. 6 | * when configuring a Cisco 6500/7600 l3 switch, layer-2 traffic between ports on the same VLAN is not exported as NetFlow until it becomes layer-3 switched/routed 7 | * further details available in [Cisco Documentation on NetFlow](https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/nde.html#wpxref81329) 8 | * the following statements need to be inserted for each interface and subinterface where flow export is desired (see netflow-9-interfaces.conf file) 9 | ``` 10 | mls netflow sampling 11 | flow-sampler 12 | ``` 13 | -------------------------------------------------------------------------------- /Cisco/6500-7600/bgp.conf: -------------------------------------------------------------------------------- 1 | ! 2 | route-map deny-all deny 10 3 | ! 4 | ! Do not send default route 5 | route-map deny 15 6 | ! 7 | match ip address 0.0.0.0/0 8 | continue 9 | end 10 | ! 11 | router bgp {{local_ASN}} 12 | neighbor {{kentik_UI_bgp_peering_ipv4}} remote-as {{local_ASN}} 13 | neighbor {{kentik_UI_bgp_peering_ipv4}} description 14 | neighbor {{kentik_UI_bgp_peering_ipv4}} update-source 15 | neighbor {{kentik_UI_bgp_peering_ipv4}} timers 30 720 16 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-map out 17 | ! 18 | address-family ipv4 19 | neighbor {{kentik_UI_bgp_peering_ipv4}} activate 20 | neighbor {{kentik_UI_bgp_peering_ipv4}} send-community 21 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-reflector-client 22 | neighbor {{kentik_UI_bgp_peering_ipv4}} soft-reconfiguration inbound 23 | ! 24 | ! Enable VPNv4 address family to send VRF routes to Kentik 25 | address-family vpnv4 26 | neighbor {{kentik_UI_bgp_peering_ipv4}} activate 27 | neighbor {{kentik_UI_bgp_peering_ipv4}} send-community 28 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-reflector-client 29 | neighbor {{kentik_UI_bgp_peering_ipv4}} soft-reconfiguration inbound 30 | ! Rinse and repeat for IPv6 address family 31 | -------------------------------------------------------------------------------- /Cisco/6500-7600/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | _Not available yet_ 3 | # A platform you succesfully tested Kentik with is not in this list ? 4 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 5 | -------------------------------------------------------------------------------- /Cisco/6500-7600/flowspec.conf: -------------------------------------------------------------------------------- 1 | ! Your ASN 2 | router bgp {{kentik_portal_ASN}} 3 | address-family ipv4 flowspec 4 | ! Kentik-provided peering IP. 5 | neighbor {{kentik_UI_bgp_peering_ipv4}} activate 6 | ! 7 | 8 | -------------------------------------------------------------------------------- /Cisco/6500-7600/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | ! Name of interface whose IP will be source of flow records. 2 | ip flow-export source 3 | 4 | ip flow-export version 9 5 | ! send flows to Kentik Flow Proxy (not directly to Kentik Flow Ingest) 6 | ! default KProxy listen port is 9995 7 | ! if KProxy is configured to listen on another port, change the value below 8 | ip flow-export {{kentik_flow_proxy_IP}} 9995 9 | 10 | ip flow-cache timeout active 1 11 | 12 | mls nde sender version 9 13 | ! Set sample rate based on flow volume. 14 | mls sampling packet-based {{device_sample_rate}} 8000 15 | 16 | mls flow ip interface-full 17 | mls flow ipv6 interface-full 18 | mls nde interface 19 | mls aging long 64 20 | mls aging normal 64 21 | 22 | ! Define your custom flow sampler 23 | flow-sampler-map 24 | ! Match sample rate set above. 25 | mode random one-out-of {{device_sample_rate}} 26 | -------------------------------------------------------------------------------- /Cisco/6500-7600/netflow-9-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! add these lines to all interfaces to sample with an IP 2 | mls netflow sampling 3 | flow-sampler -------------------------------------------------------------------------------- /Cisco/6500-7600/netflow-9.conf: -------------------------------------------------------------------------------- 1 | ! Name of interface whose IP will be source of flow records. 2 | ip flow-export source interface_name 3 | ip flow-export version 9 4 | ! Direct send to Kentik Flow Ingest 5 | ip flow-export {{kentik_ingest_ip_from_UI}} {{kentik_ingest_UDP_port_from_UI}} 6 | 7 | ip flow-cache timeout active 1 8 | 9 | mls nde sender version 9 10 | ! Set sample rate based on flow volume. 11 | mls sampling packet-based {{device_sample_rate}} 8000 12 | 13 | mls flow ip interface-full 14 | mls flow ipv6 interface-full 15 | mls nde interface 16 | mls aging long 64 17 | mls aging normal 64 18 | 19 | ! Define your custom flow sampler 20 | flow-sampler-map 21 | ! Match sample rate set above. 22 | mode random one-out-of {{device_sample_rate}} -------------------------------------------------------------------------------- /Cisco/6500-7600/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | ! both the below are required because 6K5 and 7K6 don't persist ifindex after reboot 2 | snmp-server ifindex persist 3 | snmp ifmib ifindex persist 4 | 5 | ! no Cisco 6k5 / 7k6 detailed snmp configuration snippet available at this time 6 | ! feel free to contribute yours to the below URL: 7 | ! https://github.com/kentik/config-snippets/blob/master/Cisco/6500-7600/snmp.conf 8 | -------------------------------------------------------------------------------- /Cisco/6500-7600/snmp.conf: -------------------------------------------------------------------------------- 1 | ! both the below are required because 6K5 and 7K6 don't persist ifindex after reboot 2 | snmp-server ifindex persist 3 | snmp ifmib ifindex persist 4 | 5 | ! no Cisco 6k5 / 7k6 detailed snmp configuration snippet available at this time 6 | ! feel free to contribute yours to the below URL: 7 | ! https://github.com/kentik/config-snippets/blob/master/Cisco/6500-7600/snmp.conf 8 | -------------------------------------------------------------------------------- /Cisco/ASA/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure an ASA equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | -------------------------------------------------------------------------------- /Cisco/ASA/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Cisco ASA firewalls at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/ASA/bgp.conf 4 | -------------------------------------------------------------------------------- /Cisco/ASA/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | _Not available yet_ 3 | # A platform you succesfully tested Kentik with is not in this list ? 4 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 5 | -------------------------------------------------------------------------------- /Cisco/ASA/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | access-list netflow-export extended permit ip any any 4 | 5 | ! Export Flows to your KProxy instance 6 | ! default KProxy listen port is 9995 7 | ! if KProxy is configured to listen on another port, change the value below 8 | flow-export destination outside {{kentik_flow_proxy_agent_IP}} 9995 9 | flow-export template timeout-rate 1 10 | flow-export active refresh-interval 60 11 | flow-export delay flow-create 15 12 | 13 | class-map netflow-export-class 14 | match access-list netflow-export 15 | class-map inspection_default 16 | match default-inspection-traffic 17 | ! 18 | ! 19 | policy-map global_policy 20 | class netflow-export-class 21 | flow-export event-type flow-denied destination 22 | flow-export event-type flow-update destination 23 | flow-export event-type flow-create destination 24 | 25 | service-policy global_policy global 26 | 27 | -------------------------------------------------------------------------------- /Cisco/ASA/netflow-9.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | access-list netflow-export extended permit ip any any 4 | 5 | flow-export destination outside {{kentik_ingest_ip_from_UI}} {{kentik_ingest_UDP_port_from_UI}} 6 | flow-export template timeout-rate 1 7 | flow-export active refresh-interval 60 8 | flow-export delay flow-create 15 9 | 10 | class-map netflow-export-class 11 | match access-list netflow-export 12 | class-map inspection_default 13 | match default-inspection-traffic 14 | ! 15 | ! 16 | policy-map global_policy 17 | class netflow-export-class 18 | flow-export event-type flow-denied destination {{kentik_ingest_ip_from_UI}} 19 | flow-export event-type flow-update destination {{kentik_ingest_ip_from_UI}} 20 | flow-export event-type flow-create destination {{kentik_ingest_ip_from_UI}} 21 | 22 | service-policy global_policy global 23 | 24 | -------------------------------------------------------------------------------- /Cisco/ASA/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | ! ifindex persis not supported 2 | 3 | ! v2 configs 4 | snmp-server enable 5 | snmp-server host {{kentik_flow_proxy_IP}} community 6 | -------------------------------------------------------------------------------- /Cisco/ASA/snmp.conf: -------------------------------------------------------------------------------- 1 | ! ifindex persis not supported 2 | 3 | ! v2 configs 4 | snmp-server enable 5 | snmp-server host {{kentik_ingest_ip_from_UI}} community 6 | -------------------------------------------------------------------------------- /Cisco/IOS-XE/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure an IOS-XE running equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | Troubleshooting commands: 5 | * `show flow monitor cache format table` 6 | * `show flow exporter` 7 | * `show flow exporter statistics` 8 | -------------------------------------------------------------------------------- /Cisco/IOS-XE/bgp.conf: -------------------------------------------------------------------------------- 1 | ! Kentik Detect iBGP Session Config 2 | ! IOS-XE 3 | ! 4 | ! The outbound policy objects will exclude a default 5 | ! route while allowing the rest of your active forwarding 6 | ! table to be advertised. Explicit definitions can help 7 | ! to clearly show prefixes being exchanged with peers. 8 | ! 9 | ! ***You can choose not to define an inbound policy 10 | ! on Cisco IOS-XE, due to the default deny behavior.*** 11 | ! 12 | ! 13 | ! List for matching any prefix. 14 | ip prefix-list any seq 5 permit 0.0.0.0/0 le 32 15 | ! 16 | ! List for easily sharing any/all but a default prefix. 17 | ip prefix-list any_but_default seq 5 deny 0.0.0.0/0 18 | ip prefix-list any_but_default seq 15 permit 0.0.0.0/0 le 32 19 | ! 20 | ! 21 | ! Inbound BGP policy utilizing the 'any' list to 22 | ! deny all inbound prefixes. 23 | route-map deny 15 24 | match ip address prefix-list any 25 | ! 26 | ! Outbound BGP policy utilizing the 'any_but_default' list 27 | ! in order to allow any prefix but your default route to advertise 28 | ! to Kentik. 29 | route-map permit 15 30 | match ip address prefix-list any_but_default 31 | ! 32 | router bgp {{local_ASN}} 33 | neighbor {{kentik_UI_bgp_peering_ipv4}} remote-as {{local_ASN}} 34 | neighbor {{kentik_UI_bgp_peering_ipv4}} description 35 | ! IP Address of this source interface needs to match what is in the admin portal 36 | ! for this device.(***For multi-homed devices, best to use a public loopback interface***) 37 | neighbor {{kentik_UI_bgp_peering_ipv4}} update-source 38 | ! 39 | address-family ipv4 40 | neighbor {{kentik_UI_bgp_peering_ipv4}} activate 41 | ! Enables iBGP session to reflect routes to Kentik as a 42 | ! RR server. Otherwise, since this is an iBGP session, received 43 | ! routes would not be re-advertised. 44 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-reflector-client 45 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-map in 46 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-map out 47 | ! Enable VPNv4 address family to send VRF routes to Kentik 48 | address-family vpnv4 49 | neighbor {{kentik_UI_bgp_peering_ipv4}} activate 50 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-reflector-client 51 | ! Rinse and repeat for IPv6 address family 52 | -------------------------------------------------------------------------------- /Cisco/IOS-XE/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * Catalyst 4500 4 | * Catalyst 3K 5 | * ASR 1K 6 | # A platform you succesfully tested Kentik with is not in this list ? 7 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 8 | -------------------------------------------------------------------------------- /Cisco/IOS-XE/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | ! if using a specific netflow records 2 | ! else use netflow-original which comes by default 3 | flow record 4 | match ipv4 tos 5 | match ipv4 protocol 6 | match ipv4 source address 7 | match ipv4 destination address 8 | match transport source-port 9 | match transport destination-port 10 | collect routing source as 11 | collect routing destination as 12 | collect routing next-hop address ipv4 13 | collect transport tcp flags 14 | collect interface input 15 | collect interface output 16 | collect counter bytes 17 | collect counter packets 18 | collect timestamp sys-uptime first 19 | collect timestamp sys-uptime last 20 | ! 21 | sampler 22 | mode 1 out-of {{device_sample_rate}} 23 | ! 24 | flow exporter 25 | ! Export to Kentik Flow Proxy KProxy 26 | description 27 | destination {{kentik_flow_proxy_IP}} vrf 28 | source 29 | ! Export Flows to your KProxy instance, default KProxy listen port is 9995 30 | ! if KProxy is configured to listen on another port, change the value below 31 | transport udp 9995 32 | version 9 33 | ! 34 | ! 35 | flow monitor 36 | exporter 37 | cache timeout inactive 10 38 | cache timeout active 60 39 | ! if using custom Netflow records 40 | record 41 | ! if using standard default Netflow records 42 | record netflow-original 43 | 44 | ! Add a route to Kentik Ingest IP if in the in case it has no route to it 45 | ip route vrf {{kentik_flow_proxy_IP}} 255.255.255.255 46 | 47 | ip flow-export destination {{kentik_flow_proxy_IP}} 9995 vrf 48 | -------------------------------------------------------------------------------- /Cisco/IOS-XE/netflow-9-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! needs to be added on each Layer3 interfaces for sampling 2 | interface 3 | ip flow monitor sampler input 4 | exit 5 | -------------------------------------------------------------------------------- /Cisco/IOS-XE/netflow-9.conf: -------------------------------------------------------------------------------- 1 | ! if using a specific netflow records 2 | ! else use netflow-original which comes by default 3 | flow record 4 | match ipv4 tos 5 | match ipv4 protocol 6 | match ipv4 source address 7 | match ipv4 destination address 8 | match transport source-port 9 | match transport destination-port 10 | match interface input 11 | collect routing source as 12 | collect routing destination as 13 | collect routing next-hop address ipv4 14 | collect transport tcp flags 15 | collect interface output 16 | collect counter bytes 17 | collect counter packets 18 | collect timestamp sys-uptime first 19 | collect timestamp sys-uptime last 20 | ! 21 | sampler 22 | mode random 1 out-of {{device_sample_rate}} 23 | ! 24 | flow exporter 25 | ! Direct erxport to Kentik Flow Ingest (without Flow Proxy) 26 | description 27 | destination {{kentik_ingest_ip_from_UI}} vrf 28 | source 29 | transport udp {{kentik_ingest_UDP_port_from_UI}} 30 | version 9 31 | ! 32 | ! 33 | flow monitor 34 | exporter 35 | cache timeout inactive 10 36 | cache timeout active 60 37 | ! if using custom Netflow records 38 | record 39 | ! if using standard default Netflow records 40 | record netflow-original 41 | 42 | ! Add a route to Kentik Ingest IP if in the in case it has no route to it 43 | ip route vrf {{kentik_ingest_ip_from_UI}} 255.255.255.255 44 | 45 | ip flow-export destination {{kentik_ingest_ip_from_UI}} {{kentik_ingest_UDP_port_from_UI}} vrf 46 | -------------------------------------------------------------------------------- /Cisco/IOS-XE/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | ! SNMP IOS-XE 2 | ! 3 | ! Set Kentik SNMP Polling ACL US and EU 4 | access-list 33 remark Kentik SNMP Polling ACL to be used with KProxy 5 | access-list 33 permit {{kentik_flow_proxy_IP}} 0.0.0.0 6 | ! 7 | ! Sets Access and the community 8 | snmp-server community {{snmp_community}} RO 33 9 | ! 10 | -------------------------------------------------------------------------------- /Cisco/IOS-XE/snmp.conf: -------------------------------------------------------------------------------- 1 | ! SNMP IOS-XE 2 | ! 3 | ! Set Kentik SNMP Polling ACL US and EU 4 | access-list 33 remark Kentik SNMP Polling ACL US and EU 5 | access-list 33 permit 209.50.158.0 0.0.1.255 6 | access-list 33 permit 193.177.128.0 0.0.3.255 7 | ! 8 | ! Sets Access and the community 9 | snmp-server community {{snmp_community}} RO 33 10 | ! -------------------------------------------------------------------------------- /Cisco/IOS-XR/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure an IOS-XR running equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # IOS XR configuration notes 5 | * by default on the IOS XR platform, interfaces' ifIndex isn't persisted across reboots - you will need the following global config statement to resolve this issue (it is included in the snmp.conf file in this directory): 6 | ``` 7 | snmp-server ifindex persist 8 | ``` 9 | 10 | # Streaming Telemetry notes 11 | Currently, Streaming Telemetry is only supported for dial-out configurations on the IOS XR platform using Kentik's kproxy. Dial-in is supported using kagent with Kentik's NMS product. -------------------------------------------------------------------------------- /Cisco/IOS-XR/bgp.conf: -------------------------------------------------------------------------------- 1 | ! Kentik Detect iBGP Session Config 2 | ! IOS-XR 3 | ! 4 | ! Add a static route per Internet upstream for this Kentik (multi-hop BGP) peer. 5 | router static address-family ipv4 unicast {{kentik_UI_bgp_peering_ipv4}}/32 50 description Kentik-Static-BGP-multihop 6 | !! If you have multiple internet upstreams, do one for as many as you have. !! 7 | router static address-family ipv4 unicast {{kentik_UI_bgp_peering_ipv4}}/32 50 description Kentik-Static-BGP-multihop 8 | router static address-family ipv4 unicast {{kentik_UI_bgp_peering_ipv4}}/32 50 description Kentik-Static-BGP-multihop 9 | ! 10 | neighbor {{kentik_UI_bgp_peering_ipv4}} 11 | remote-as {{local_ASN}} 12 | timers 30 720 13 | description 14 | update-source 15 | address-family ipv4 unicast 16 | route-reflector-client 17 | ! Make sure excludes sending default routes to Kentik 18 | route-policy out 19 | soft-reconfiguration inbound 20 | ! Enable VPNv4 address family to send VRF routes to Kentik 21 | address-family vpnv4 unicast 22 | route-reflector-client 23 | soft-reconfiguration inbound 24 | -------------------------------------------------------------------------------- /Cisco/IOS-XR/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * ASR 9K 4 | * NCS-550X 5 | * 12404 6 | # A platform you succesfully tested Kentik with is not in this list ? 7 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 8 | -------------------------------------------------------------------------------- /Cisco/IOS-XR/flowspec.conf: -------------------------------------------------------------------------------- 1 | ! 2 | ! Your ASN 3 | router bgp {{kentik_portal_ASN}} 4 | ! Initializes the global address family 5 | address-family ipv4 flowspec 6 | ! 7 | ! Kentik-provided peering IP. 8 | neighbor {{kentik_UI_bgp_peering_ipv4}} 9 | ! Ties it to a neighbor configuration 10 | address-family ipv4 flowspec 11 | ! 12 | 13 | -------------------------------------------------------------------------------- /Cisco/IOS-XR/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | flow exporter-map 2 | version v9 3 | options interface-table timeout 60 4 | options sampler-table timeout 60 5 | template timeout 30 6 | ! 7 | ! Export Flows to your KProxy instance, default KProxy listen port is 9995 8 | ! if KProxy is configured to listen on another port, change the value below 9 | transport udp 9995 10 | ! Name of interface whose IP will be source of flow records. 11 | source 12 | ! IP Address of the KProxy instance to export flows to 13 | destination {{kentik_flow_proxy_IP}} 14 | ! 15 | flow monitor-map 16 | record ipv4 17 | exporter 18 | cache entries 500000 19 | cache timeout active 60 20 | cache timeout inactive 15 21 | ! 22 | flow monitor-map 23 | record ipv6 24 | exporter 25 | cache timeout active 60 26 | cache timeout inactive 15 27 | ! 28 | flow monitor-map 29 | record mpls ipv4-ipv6-fields 30 | exporter 31 | cache timeout active 60 32 | cache timeout inactive 15 33 | ! 34 | sampler-map 35 | ! Set sample rate based on flow volume. 36 | random 1 out-of {{device_sample_rate}} 37 | ! 38 | -------------------------------------------------------------------------------- /Cisco/IOS-XR/netflow-9-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! for each interface, add the following commands 2 | interface 3 | ipv4 address 4 | ipv6 address 5 | load-interval 30 6 | flow ipv4 monitor sampler ingress 7 | flow ipv6 monitor sampler ingress 8 | ! -------------------------------------------------------------------------------- /Cisco/IOS-XR/netflow-9.conf: -------------------------------------------------------------------------------- 1 | flow exporter-map 2 | version v9 3 | options interface-table timeout 60 4 | options sampler-table timeout 60 5 | template timeout 30 6 | ! 7 | ! Direct erxport to Kentik Flow Ingest (without Flow Proxy) 8 | transport udp {{kentik_ingest_UDP_port_from_UI}} 9 | ! Name of interface whose IP will be source of flow records. 10 | source 11 | ! IP provided by portal UI to export flow to 12 | destination {{kentik_ingest_ip_from_UI}} 13 | ! 14 | flow monitor-map 15 | record ipv4 16 | exporter 17 | cache entries 500000 18 | cache timeout active 60 19 | cache timeout inactive 15 20 | ! 21 | flow monitor-map 22 | record ipv6 23 | exporter 24 | cache timeout active 60 25 | cache timeout inactive 15 26 | ! 27 | flow monitor-map 28 | record mpls ipv4-ipv6-fields 29 | exporter 30 | cache timeout active 60 31 | cache timeout inactive 15 32 | ! 33 | sampler-map 34 | ! Set sample rate based on flow volume. 35 | random 1 out-of {{device_sample_rate}} 36 | ! -------------------------------------------------------------------------------- /Cisco/IOS-XR/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | ! SNMP IOS-XR 2 | ! 3 | ! Set Kentik SNMP Polling ACL US and EU 4 | ipv4 access-list 33 5 | 33 remark Kentik SNMP Polling ACL to let KProxy poll this device 6 | 33 permit ipv4 {{kentik_flow_proxy_IP}} 0.0.0.0 any 7 | ! Set SNMP Acess and Community 8 | snmp-server community {{snmp_community}} RO IPv4 33 9 | ! making sure ifIndex gets persisted with SNMP after router reboot 10 | snmp-server ifindex persist 11 | ! 12 | ! 13 | ! SNMP management plane ACL 14 | control-plane 15 | management-plane 16 | inband 17 | interface 18 | allow SNMP peer 19 | address ipv4 {{kentik_flow_proxy_IP}}/32 20 | ! 21 | ! 22 | -------------------------------------------------------------------------------- /Cisco/IOS-XR/snmp.conf: -------------------------------------------------------------------------------- 1 | ! SNMP IOS-XR 2 | ! 3 | ! Set Kentik SNMP Polling ACL US and EU 4 | ipv4 access-list 33 5 | 33 remark Kentik SNMP Polling ACL US and EU 6 | 33 permit ipv4 209.50.156.0 0.0.3.255 any 7 | 33 permit ipv4 193.177.128.0 0.0.3.255 any 8 | ! Set SNMP Acess and Community 9 | snmp-server community {{snmp_community}} RO IPv4 33 10 | ! making sure ifIndex gets persisted with SNMP after router reboot 11 | snmp-server ifindex persist 12 | ! 13 | ! 14 | ! SNMP management plane ACL 15 | control-plane 16 | management-plane 17 | inband 18 | interface 19 | allow SNMP peer 20 | address ipv4 209.50.156.0/22 21 | address ipv4 193.177.128.0/22 22 | ! 23 | ! 24 | -------------------------------------------------------------------------------- /Cisco/IOS-XR/telemetry_dialin.conf: -------------------------------------------------------------------------------- 1 | usergroup gnmi 2 | taskgroup retrieve 3 | taskgroup read-only-tg 4 | ! 5 | username gnmic 6 | group gnmi 7 | password 7 8 | ! 9 | grpc 10 | port {{kentik_telemetry_port_from_UI}} 11 | -------------------------------------------------------------------------------- /Cisco/IOS-XR/telemetry_dialout-agent.conf: -------------------------------------------------------------------------------- 1 | telemetry model-driven 2 | destination-group 3 | address-family ipv4 port 4 | encoding self-describing-gpb 5 | protocol tcp 6 | ! 7 | ! 8 | sensor-group 9 | sensor-path Cisco-IOS-XR-infra-statsd-oper:infra-statistics/interfaces/interface/latest/generic-counters 10 | ! 11 | subscription 12 | sensor-group-id sample-interval 30000 13 | destination-id 14 | ! Name of interface whose IP will be source of telemetry stream (same as used for flows) 15 | source-interface 16 | ! 17 | ! -------------------------------------------------------------------------------- /Cisco/IOS-XR/telemetry_dialout.conf: -------------------------------------------------------------------------------- 1 | telemetry model-driven 2 | destination-group 3 | address-family ipv4 {{kentik_ingest_ip_from_UI}} port 20023 4 | encoding self-describing-gpb 5 | protocol tcp 6 | ! 7 | ! 8 | sensor-group 9 | sensor-path Cisco-IOS-XR-infra-statsd-oper:infra-statistics/interfaces/interface/latest/generic-counters 10 | ! 11 | subscription 12 | sensor-group-id sample-interval 30000 13 | destination-id 14 | ! Name of interface whose IP will be source of telemetry stream (same as used for flows) 15 | source-interface 16 | ! 17 | ! -------------------------------------------------------------------------------- /Cisco/Nexus-3000/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure a Nexus 3000 equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Cisco Nexus 3k configuration notes 5 | While other platforms in the Nexus range (6k, 7k, 9k) are compatible with Netflow v9, Cisco Nexus 3K only run SFlow 6 | -------------------------------------------------------------------------------- /Cisco/Nexus-3000/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Cisco Nexus 3000 devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/Nexus-3000/bgp.conf 4 | -------------------------------------------------------------------------------- /Cisco/Nexus-3000/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * n3000 4 | # A platform you succesfully tested Kentik with is not in this list ? 5 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 6 | -------------------------------------------------------------------------------- /Cisco/Nexus-3000/sflow-agent.conf: -------------------------------------------------------------------------------- 1 | feature sflow 2 | 3 | ! Set sample rate based on flow volume. 4 | sflow sampling-rate {{device_sample_rate}} 5 | sflow max-sampled-size 200 6 | sflow counter-poll-interval 100 7 | sflow max-datagram-size 2000 8 | 9 | ! Export Flows to your KProxy instance, default KProxy listen port is 9995 10 | ! if KProxy is configured to listen on another port, change the value below 11 | sflow collector-ip {{kentik_flow_proxy_agent_IP}} vrf default source {{device_sending_ip}} 12 | sflow collector-port 9995 13 | 14 | ! Set to IP of interface on next line. 15 | sflow agent-ip {{device_sending_ip}} 16 | 17 | ! Name of interface whose IP will be source of flow records. 18 | sflow data-source interface 19 | -------------------------------------------------------------------------------- /Cisco/Nexus-3000/sflow.conf: -------------------------------------------------------------------------------- 1 | ! Nexus 3000 only export sflow for now 2 | feature sflow 3 | 4 | ! Set sample rate based on flow volume. 5 | sflow sampling-rate {{device_sample_rate}} 6 | sflow max-sampled-size 200 7 | sflow counter-poll-interval 100 8 | sflow max-datagram-size 2000 9 | 10 | ! Destination is Kentik public Flow Ingest (not Flow Proxy Agent) 11 | sflow collector-ip {{kentik_ingest_ip_from_UI}} vrf management 12 | sflow collector-port {{kentik_ingest_UDP_port_from_UI}} 13 | 14 | ! Set to IP of interface on next line. 15 | sflow agent-ip {{device_sending_ip}} 16 | 17 | ! Name of interface whose IP will be source of flow records. 18 | sflow data-source interface 19 | -------------------------------------------------------------------------------- /Cisco/Nexus-3000/snmp.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Cisco Nexus 3000 devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/Nexus-3000/snmp.conf 4 | -------------------------------------------------------------------------------- /Cisco/Nexus-5000/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure Cisco Nexus 5k equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | -------------------------------------------------------------------------------- /Cisco/Nexus-5000/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Cisco Nexus 5000 devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/Nexus-5000/bgp.conf 4 | -------------------------------------------------------------------------------- /Cisco/Nexus-5000/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # 2 | # Tested compatible platforms 3 | Feel free to update this section if a platform you are using has been successfully tested with it 4 | * n5000 Nexus 5672UP running 7.1(4)N1(1) 5 | # A platform you succesfully tested Kentik with is not in this list ? 6 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 7 | -------------------------------------------------------------------------------- /Cisco/Nexus-5000/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | ! Cisco Nexus 5k Netflow Config 2 | 3 | feature netflow 4 | ! 5 | flow exporter 6 | description export netflow to kentik flow proxy 7 | 8 | ! Export Flows to your KProxy instance, default KProxy listen port is 9995 9 | destination {{kentik_flow_proxy_agent_IP}} 10 | 11 | version 9 12 | template data timeout 60 13 | option exporter-stats timeout 60 14 | option sampler-table timeout 60 15 | option interface-table timeout 60 16 | 17 | ! if KProxy is configured to listen on another port than 9995, change the value below 18 | transport udp 9995 19 | 20 | ! Name of interface whose IP will be source of flow records. 21 | source 22 | ! 23 | flow record 24 | match ipv4 source address 25 | match ipv4 destination address 26 | match ip protocol 27 | match transport source-port 28 | match transport destination-port 29 | collect counter bytes 30 | collect counter packets long 31 | collect timestamp sys-uptime first 32 | collect timestamp sys-uptime last 33 | ! 34 | flow monitor 35 | exporter 36 | record 37 | ! 38 | sampler KENTIK_FLOW_SAMPLER 39 | mode 1 out-of {{device_sample_rate}} 40 | -------------------------------------------------------------------------------- /Cisco/Nexus-5000/netflow-9-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! on each interface with an IP that needs be sampled 2 | ip flow monitor input sampler 3 | -------------------------------------------------------------------------------- /Cisco/Nexus-5000/netflow-9.conf: -------------------------------------------------------------------------------- 1 | ! Cisco Nexus 5k Netflow Config 2 | 3 | feature netflow 4 | ! 5 | flow exporter 6 | description export netflow to kentik direct 7 | 8 | ! Using Kentik Direct Flow Log Ingest (not using kproxy) 9 | destination {{kentik_ingest_ip_from_UI}} 10 | 11 | version 9 12 | template data timeout 60 13 | option exporter-stats timeout 60 14 | option sampler-table timeout 60 15 | option interface-table timeout 60 16 | 17 | transport udp {{kentik_ingest_UDP_port_from_UI}} 18 | 19 | ! Name of interface whose IP will be source of flow records. 20 | source 21 | ! 22 | flow record 23 | match ipv4 source address 24 | match ipv4 destination address 25 | match ip protocol 26 | match transport source-port 27 | match transport destination-port 28 | collect counter bytes 29 | collect counter packets long 30 | collect timestamp sys-uptime first 31 | collect timestamp sys-uptime last 32 | ! 33 | flow monitor 34 | exporter 35 | record 36 | ! 37 | sampler KENTIK_FLOW_SAMPLER 38 | mode 1 out-of {{device_sample_rate}} 39 | -------------------------------------------------------------------------------- /Cisco/Nexus-5000/snmp.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Cisco Nexus 5000 devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/Nexus-5000/snmp.conf 4 | -------------------------------------------------------------------------------- /Cisco/Nexus-6000-7000/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure Cisco 6k/7k/9k equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | -------------------------------------------------------------------------------- /Cisco/Nexus-6000-7000/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Cisco Nexus 6K and 7K devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/Nexus-6000-7000/ 4 | -------------------------------------------------------------------------------- /Cisco/Nexus-6000-7000/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * n6000 4 | * n7000 5 | -------------------------------------------------------------------------------- /Cisco/Nexus-6000-7000/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | ! Nexus 6000/7000 can do netflow 2 | feature netflow 3 | 4 | flow exporter 5 | description export netflow to kentik 6 | 7 | ! Export Flows to your KProxy instance 8 | destination {{kentik_flow_proxy_agent_IP}} 9 | export Version 9 10 | ! if KProxy is configured to listen on another port than 9995, change the value below 11 | transport udp 9995 12 | 13 | ! Name of interface whose IP will be source of flow records. 14 | source 15 | 16 | flow monitor 17 | exporter 18 | record netflow-original 19 | 20 | sampler 21 | ! Set sample rate based on flow volume. 22 | mode 1 out-of {{device_sample_rate}} 23 | -------------------------------------------------------------------------------- /Cisco/Nexus-6000-7000/netflow-9-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! needs to be added on each Layer3 interfaces for sampling 2 | interface 3 | ip flow monitor sampler input 4 | exit 5 | -------------------------------------------------------------------------------- /Cisco/Nexus-6000-7000/netflow-9.conf: -------------------------------------------------------------------------------- 1 | ! Nexus 6000/7000 can do netflow 2 | feature netflow 3 | 4 | flow exporter 5 | description export netflow to kentik 6 | 7 | ! Using Kentik Direct Flow Ingest without agent 8 | destination {{kentik_ingest_ip_from_UI}} 9 | export Version 9 10 | transport udp {{kentik_ingest_UDP_port_from_UI}} 11 | 12 | ! Name of interface whose IP will be source of flow records. 13 | source 14 | 15 | flow monitor 16 | exporter 17 | record netflow-original 18 | 19 | sampler 20 | ! Set sample rate based on flow volume. 21 | mode 1 out-of {{device_sample_rate}} 22 | 23 | -------------------------------------------------------------------------------- /Cisco/Nexus-6000-7000/snmp.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Cisco Nexus 6000/7000 devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/Nexus-6000/7000/snmp.conf 4 | -------------------------------------------------------------------------------- /Cisco/Nexus-9000/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure Cisco 6k/7k/9k equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | -------------------------------------------------------------------------------- /Cisco/Nexus-9000/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Cisco Nexus-9000 devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/Nexus-9000/ 4 | -------------------------------------------------------------------------------- /Cisco/Nexus-9000/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * n9000 4 | -------------------------------------------------------------------------------- /Cisco/Nexus-9000/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | ! if using a specific netflow records 2 | ! else use netflow-original which comes by default 3 | flow record 4 | match ip tos 5 | match ip protocol 6 | match ipv4 source address 7 | match ipv4 destination address 8 | match transport source-port 9 | match transport destination-port 10 | collect transport tcp flags 11 | collect counter bytes 12 | collect counter packets 13 | collect timestamp sys-uptime first 14 | collect timestamp sys-uptime last 15 | ! 16 | sampler 17 | mode random 1 out-of {{device_sample_rate}} 18 | ! 19 | flow exporter 20 | ! Direct export to youru KProxy instance 21 | description 22 | destination {{kentik_flow_proxy_agent_IP}} vrf 23 | source 24 | ! default KProxy port for flow record ingest is 9995 25 | ! update the next line accordingly if your KProxy instance doens't use the default 9995 26 | transport udp 9995 27 | version 9 28 | ! 29 | ! 30 | flow monitor 31 | exporter 32 | ! if using custom Netflow records 33 | record 34 | ! if using standard default Netflow records 35 | record netflow-original 36 | 37 | ! Add a route to Kentik Ingest IP if in the in case it has no route to it 38 | ip route vrf {{kentik_ingest_ip_from_UI}} 255.255.255.255 39 | -------------------------------------------------------------------------------- /Cisco/Nexus-9000/netflow-9-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! needs to be added on each Layer3 interfaces for sampling 2 | interface 3 | ip flow monitor sampler input 4 | exit 5 | -------------------------------------------------------------------------------- /Cisco/Nexus-9000/netflow-9.conf: -------------------------------------------------------------------------------- 1 | ! if using a specific netflow records 2 | ! else use netflow-original which comes by default 3 | flow record 4 | match ip tos 5 | match ip protocol 6 | match ipv4 source address 7 | match ipv4 destination address 8 | match transport source-port 9 | match transport destination-port 10 | collect transport tcp flags 11 | collect counter bytes 12 | collect counter packets 13 | collect timestamp sys-uptime first 14 | collect timestamp sys-uptime last 15 | ! 16 | sampler 17 | mode random 1 out-of {{device_sample_rate}} 18 | ! 19 | flow exporter 20 | ! Direct export to Kentik Flow Ingest (without Flow Proxy) 21 | description 22 | destination {{kentik_ingest_ip_from_UI}} vrf 23 | source 24 | transport udp {{kentik_ingest_UDP_port_from_UI}} 25 | version 9 26 | ! 27 | ! 28 | flow monitor 29 | exporter 30 | ! if using custom Netflow records 31 | record 32 | ! if using standard default Netflow records 33 | record netflow-original 34 | 35 | ! Add a route to Kentik Ingest IP if in the in case it has no route to it 36 | ip route vrf {{kentik_ingest_ip_from_UI}} 255.255.255.255 37 | -------------------------------------------------------------------------------- /Cisco/Nexus-9000/snmp.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Cisco Nexus 6000/7000 devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Cisco/Nexus-6000/7000/snmp.conf 4 | -------------------------------------------------------------------------------- /Cisco/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Cisco/logo.png -------------------------------------------------------------------------------- /Extreme/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure a Foundry/Brocade/Extreme equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Extreme(Foundry/Brocade) config notes 5 | * on Foundry gear, there is no Ingress vs Egress options 6 | * traffic on sflow fowarding interfaces are exclusively examined on Ingress 7 | * each sflow fowarding interface needs the following config statement: 8 | ```sflow-forwarding``` 9 | -------------------------------------------------------------------------------- /Extreme/bgp.conf: -------------------------------------------------------------------------------- 1 | ip prefix-list deny 0.0.0.0/0 2 | 3 | router bgp {{kentik_portal_ASN}} 4 | neighbor {{kentik_UI_bgp_peering_ipv4}} remote-as {{kentik_portal_ASN}} 5 | neighbor {{kentik_UI_bgp_peering_ipv4}} description 6 | neighbor {{kentik_UI_bgp_peering_ipv4}} route-reflector-client 7 | neighbor {{kentik_UI_bgp_peering_ipv4}} capability as4 enable 8 | ! Prevent short-lived reachability issues from triggering neighbor down events. 9 | neighbor {{kentik_UI_bgp_peering_ipv4}} timers keep-alive 30 hold-time 720 10 | neighbor {{kentik_UI_bgp_peering_ipv4}} prefix-list out -------------------------------------------------------------------------------- /Extreme/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * MLXe 4 | * NetIron XMR 5 | * BR-SLX9850 6 | * NetIron CER 7 | * NetIron CES 8 | # A platform you succesfully tested Kentik with is not in this list ? 9 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 10 | -------------------------------------------------------------------------------- /Extreme/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Extreme/logo.png -------------------------------------------------------------------------------- /Extreme/sflow-agent.conf: -------------------------------------------------------------------------------- 1 | ! enable sflow globally 2 | sflow enable 3 | 4 | ! Set sample rate based on flow volume. 5 | sflow sample {{device_sample_rate}} 6 | 7 | ! Ship flow records to your KProxy instance 8 | ! default KProxy port for Flow Record ingest is 9995 9 | ! change port number in the line below if your Kproxy instance uses a custom set one 10 | sflow destination {{kentik_flow_proxy_IP}} 9995 11 | -------------------------------------------------------------------------------- /Extreme/sflow-interfaces.conf: -------------------------------------------------------------------------------- 1 | ! this line needs to be added to all interfaces 2 | sflow-forwarding -------------------------------------------------------------------------------- /Extreme/sflow.conf: -------------------------------------------------------------------------------- 1 | ! enable sflow globally 2 | sflow enable 3 | 4 | ! Set sample rate based on flow volume. 5 | sflow sample {{device_sample_rate}} 6 | 7 | ! Send either direct to Kentik Detect (not via Flow Proxy) 8 | sflow destination {{kentik_ingest_ip_from_UI}} {{kentik_ingest_UDP_port_from_UI}} 9 | -------------------------------------------------------------------------------- /Extreme/snmp.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Foundry/Brocade/Extreme devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Extreme/snmp.conf 4 | -------------------------------------------------------------------------------- /Huawei/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure a Huawei equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Huawei configuration notes 5 | ## Interface index in flows 6 | Prior to version 5 of VRP (version <= 5), Huawei routers will store an Interface index in flows that doesn't match the ifIndex from the SNMP polls. 7 | There are two distinct cases, described below. 8 | ### VRP versions <= 5 9 | For these versions, the Interface Index stored in the flows for SOURCE interface and DESTINATION interfaces uses a 16bit counter. 10 | SNMP interface IDs use a 32bit index. 11 | *Kentik Detect* will automatically compensate for that and convert the 16bit indices into 32bit. 12 | ### VRP versions >=5 13 | In these versions, users can actually configure what format the flow engine is going to use to store Interface Indices. 14 | Please make sure you use the following command: 15 | ```ip netstream export index-switch 32``` 16 | This way the flows will properly store Interface Indices as a 32bit index. 17 | -------------------------------------------------------------------------------- /Huawei/bgp.conf: -------------------------------------------------------------------------------- 1 | bgp {{local_ASN}} 2 | peer {{kentik_UI_bgp_peering_ipv4}} as-number {{local_ASN}} 3 | peer {{kentik_UI_bgp_peering_ipv4}} description 4 | peer {{kentik_UI_bgp_peering_ipv4}} connect-interface 5 | ipv4-family unicast 6 | peer {{kentik_UI_bgp_peering_ipv4}} enable 7 | peer {{kentik_UI_bgp_peering_ipv4}} import 8 | # Make sure to not announce a 0.0.0.0/0 to KENTIK 9 | peer {{kentik_UI_bgp_peering_ipv4}} export 10 | # set the session to iBGP Route Reflector Client 11 | peer {{kentik_UI_bgp_peering_ipv4}} reflect-client 12 | # Enable VPNv4 address family to send VRF routes to Kentik 13 | ipv4-family vpnv4 14 | peer {{kentik_UI_bgp_peering_ipv4}} enable 15 | peer {{kentik_UI_bgp_peering_ipv4}} reflect-client 16 | -------------------------------------------------------------------------------- /Huawei/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * NE40E 4 | * NE20E 5 | * NE80E 6 | * CE12800 7 | # A platform you succesfully tested Kentik with is not in this list ? 8 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 9 | -------------------------------------------------------------------------------- /Huawei/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Huawei/logo.png -------------------------------------------------------------------------------- /Huawei/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | ip netstream timeout active 1 2 | ip netstream timeout inactive 15 3 | ip netstream export version 9 4 | 5 | # this command is only necessary if you run VRP >= 5.0 6 | # it will store interface indices in 32bit counters (as SNMP does) instead of 16bit. 7 | ip netstream export index-switch 32 8 | 9 | ip netstream export template timeout-rate 1 10 | ip netstream sampler fix-packets {{device_sample_rate}} inbound 11 | ip netstream export source {{device_sending_ip}} 12 | # Ship flow records to KProxy 13 | # default KProxy port for flow records ingest is 9995 14 | # update the next line with another port if your KProxy instance uses a custom-set port 15 | ip netstream export host {{kentik_flow_proxy_IP}} 9995 16 | -------------------------------------------------------------------------------- /Huawei/netflow-9-interfaces.conf: -------------------------------------------------------------------------------- 1 | # Add these lines to each interface where netflow needs to be active 2 | interface 3 | ip netstream inbound -------------------------------------------------------------------------------- /Huawei/netflow-9-linecards.conf: -------------------------------------------------------------------------------- 1 | slot 2 | ip netstream sampler to slot self 3 | 4 | -------------------------------------------------------------------------------- /Huawei/netflow-9.conf: -------------------------------------------------------------------------------- 1 | ip netstream timeout active 1 2 | ip netstream timeout inactive 15 3 | ip netstream export version 9 4 | 5 | # this command is only necessary if you run VRP >= 5.0 6 | # it will store interface indices in 32bit counters (as SNMP does) instead of 16bit. 7 | ip netstream export index-switch 32 8 | 9 | ip netstream export template timeout-rate 1 10 | ip netstream sampler fix-packets {{device_sample_rate}} inbound 11 | ip netstream export source {{device_sending_ip}} 12 | ip netstream export host {{kentik_ingest_ip_from_UI}} {{kentik_ingest_UDP_port_from_UI}} 13 | -------------------------------------------------------------------------------- /Huawei/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | snmp-agent 2 | # Restrict SNMP from the IP ranges mentioned in Kentik Detect Portal 3 | # Permit polls from KProxy in the ACL mentioned below 4 | # the IP for the selected KProx instance is: {{kentik_flow_proxy_IP}} 5 | snmmp-agent acl 6 | # use cipher to encrypt name when displaying current config 7 | snmp-agent community read cipher 8 | snmp-agent sys-info version v2c 9 | # persist all interface indexes 10 | snmp-agent ifindex constant 11 | -------------------------------------------------------------------------------- /Huawei/snmp.conf: -------------------------------------------------------------------------------- 1 | snmp-agent 2 | # Restrict SNMP from the IP ranges mentioned in Kentik Detect Portal 3 | # Polling ranges from Kentik SaaS clusters to permit from in the ACL: 4 | # US SaaS platform: 209.50.158.0/22 5 | # EU SaaS platform: 193.177.128.0/22 6 | snmp-agent acl 7 | # use cipher to encrypt name when displaying current config 8 | snmp-agent community read cipher 9 | snmp-agent sys-info version v2c 10 | 11 | -------------------------------------------------------------------------------- /Juniper/MX-series/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure an Juniper MX equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Juniper MX configuration notes 5 | ## Miscellaneous useful notes 6 | * Juniper MX devices support both RE-based sampling and inline Jflow sampling. 7 | * RE-based flow sampling is done on the CPU of the RE so it has the potential to affect convergence performance. This method supports Netflow v5, v8, and v9 and can do multiple collector destinations. 8 | * Inline Jflow is done on the FPC ASIC so the performance is much better. It supports Netflow v9 and IPFIX. More details on Inline jflow are located in Juniper's docs here: https://www.juniper.net/documentation/en_US/junos/topics/concept/inline-sampling-overview.html 9 | * routers must persist SNMP interface IDs across reboots, this is usually done by default on MX devices 10 | * Juniper MX default flow table size may not be large enough for some networks/environments, which will result in under-reporting in the flow data 11 | 12 | ## Adjusting Flow-table size: 13 | The Juniper MX default flow table size may not be large enough for some networks/environments, which will result in under-reporting in the flow data. The flow table size can be adjusted in increments of 256K flows with the following configuration: 14 | ``` 15 | chassis { 16 | # for MX-104, use "afeb slot 0" 17 | fpc 0 { 18 | inline-services { 19 | flow-table-size { 20 | # 15 × 256K = ˜4M 21 | ipv4-flow-table-size 15; 22 | } 23 | } 24 | } 25 | } 26 | ``` 27 | ## additional config required on linecards and interfaces 28 | The ```ipfix-interfaces.conf``` and ```ipfix-linecards.conf``` display these additionally required stanzas. 29 | * Add this one to every active lincard: 30 | ``` 31 | chassis { 32 | fpc 0 { 33 | sampling-instance KENTIK; 34 | } 35 | fpc 1 { 36 | sampling-instance KENTIK; 37 | } 38 | } 39 | ``` 40 | * And add this to active interfaces: 41 | ``` 42 | family inet { 43 | sampling { 44 | input; 45 | } 46 | } 47 | ``` 48 | 49 | 50 | # Streaming Telemetry notes 51 | Currently, Streaming Telemetry is only supported for dial-in and dial-out modes for MX devices. See ```telemetry_gnmi.conf``` for the dial-in device configuration and ```telemetry_native.conf``` for the dial-out configuration. -------------------------------------------------------------------------------- /Juniper/MX-series/bgp-flowspec.conf: -------------------------------------------------------------------------------- 1 | # This configuration on JunOS assumes you already have a BGP session configured per bgp.conf 2 | 3 | # This routing policy provides some suggestions for best-practice limiting the prefix-lengths, 4 | # route-types, and address-families accepted from the mitigation endpoint. 5 | 6 | # This does not provide explicit examples for inet6 but policies and configuration could be leveraged 7 | # to construct appropriate ipv6 policy 8 | 9 | policy-options { 10 | policy-statement KENTIK-IN { 11 | /* 12 | allow flowspec but limit Kentik to only send slash32 host routes within the larger defined aggregate 13 | also add a community (if desired) to make these accepted routes to make them easier to identify 14 | */ 15 | term FLOWSPEC { 16 | from { 17 | rib inetflow.0; 18 | # add additional route-filters as needed 19 | route-filter {{customer_prefix}}/{{prefix_length}} prefix-length-range /32-/32; 20 | } 21 | then { 22 | # adding a community is optional but helps identify these routes in the RIB 23 | community add KENTIK-MITIGATION-COMM; 24 | accept; 25 | } 26 | } 27 | /* 28 | allow standard RTBH but limit Kentik to only send slash32 host routes within the larger defined aggregate 29 | also add a community (if desired) to make these accepted routes to make them easier to identify 30 | */ 31 | term RTBH { 32 | from { 33 | # add additional route-filters as needed 34 | route-filter {{customer_prefix}}/{{prefix_length}} prefix-length-range /32-/32; 35 | } 36 | then { 37 | # adding a community is optional but helps identify these routes in the RIB 38 | community add KENTIK-MITIGATION-COMM; 39 | accept; 40 | } 41 | } 42 | term REJECT-ALL { 43 | then reject; 44 | } 45 | } 46 | # optional 47 | community KENTIK-MITIGATION-COMM members {{customer_asn}}:{{customer_defined_value}}; 48 | } 49 | 50 | 51 | protocols { 52 | bgp { 53 | group route-consumers_v4 { 54 | import KENTIK-IN; 55 | family inet { 56 | flow { 57 | # upper limit of expected flowspec routes 58 | prefix-limit { 59 | maximum 100; 60 | # syslog warning at 80% of maximum. keep session down for 60min 61 | # after exceeding maximum routes 62 | teardown 80 idle-timeout 60; 63 | } 64 | } 65 | unicast { 66 | # upper limit of expected RTBH routes 67 | prefix-limit { 68 | maximum 25; 69 | # syslog warning at 80% of maximum. keep session down for 60min 70 | # after exceeding maximum routes 71 | teardown 80 idle-timeout 60; 72 | } 73 | } 74 | } 75 | } 76 | } 77 | } 78 | 79 | routing-options { 80 | flow { 81 | # Use the RFC 5575 defined ordering of the terms instead of the earlier draft version. 82 | term-order standard; 83 | } 84 | rib inetflow.0 { 85 | /* 86 | The final thing to do is to set a maximum amount of BGP FlowSpec 87 | prefixes that can be installed in the routing table. This example sets a 88 | maximum of 10,000 routes but also configure the router to notify 89 | the administrator via a syslog message when a 90% threshold is 90 | reached. 91 | */ 92 | maximum-prefixes 10000 threshold 90; 93 | } 94 | } -------------------------------------------------------------------------------- /Juniper/MX-series/bgp.conf: -------------------------------------------------------------------------------- 1 | policy-options { 2 | # Prefix List of Routes not to send to Kentik 3 | prefix-list KENTIK-NOSEND { 4 | 0.0.0.0/0; 5 | } 6 | # Outbound policy for Kentik BGP session 7 | policy-statement KENTIK-OUT { 8 | term 5 { 9 | from { 10 | prefix-list KENTIK-NOSEND; 11 | } 12 | then reject; 13 | } 14 | then accept; 15 | } 16 | # Inbound policy for Kentik BGP session (no mitigation) 17 | policy-statement KENTIK-DENY-ALL { 18 | term REJECT { 19 | then reject; 20 | } 21 | } 22 | } 23 | 24 | protocols { 25 | bgp { 26 | # Group for the BGP session to Kentik 27 | group route-consumers_v4 { 28 | type internal; 29 | # Prevent short-lived reachability issues from triggering neighbor down events. 30 | hold-time 720; 31 | family inet { 32 | unicast; 33 | } 34 | family inet-vpn { 35 | unicast; 36 | } 37 | import KENTIK-DENY-ALL; 38 | export KENTIK-OUT; 39 | # IP this RR should identify itself as in the cluster ID field 40 | cluster {{cluster_id}}; 41 | # Kentik-provided peering IP. 42 | neighbor {{kentik_UI_bgp_peering_ipv4}} { 43 | description Kentik-Detect; 44 | # IP of local router interface or loopback. 45 | local-address {{local_interface_ip}}; 46 | mtu-discovery; 47 | } 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /Juniper/MX-series/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * M120 4 | * MX5 5 | * MX10 6 | * MX80 7 | * MX104 8 | * MX204 9 | * MX1000X/JNP1000X 10 | * MX240 11 | * MX480 12 | * MX960 13 | * *vMX 14 | * PTX1000 15 | * Special case: for QFX100X, IPFix is supported decently in JunOS versions between 17.3 and 18.3 16 | # A platform you succesfully tested Kentik with is not in this list ? 17 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 18 | -------------------------------------------------------------------------------- /Juniper/MX-series/flowspec.conf: -------------------------------------------------------------------------------- 1 | # this configuration on JunOS assumes you already have a BGP session configured 2 | 3 | protocols { 4 | bgp { 5 | group route-consumers_v4 { 6 | # Kentik-provided peering IP. 7 | neighbor {{kentik_UI_bgp_peering_ipv4}} { 8 | family inet { 9 | flow; 10 | } 11 | } 12 | } 13 | } 14 | } 15 | 16 | # Use the RFC 5575 defined ordering of the terms instead of the earlier draft version. 17 | routing-options { 18 | flow { 19 | term-order standard; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /Juniper/MX-series/ipfix-agent.conf: -------------------------------------------------------------------------------- 1 | services { 2 | flow-monitoring { 3 | version-ipfix { 4 | template mpls-ipv4 { 5 | flow-active-timeout 60; 6 | flow-inactive-timeout 15; 7 | template-refresh-rate { 8 | packets 30; 9 | seconds 60; 10 | } 11 | option-refresh-rate { 12 | packets 30; 13 | seconds 30; 14 | } 15 | mpls-template; 16 | } 17 | template ipv4 { 18 | flow-active-timeout 60; 19 | flow-inactive-timeout 15; 20 | template-refresh-rate { 21 | packets 30; 22 | seconds 60; 23 | } 24 | option-refresh-rate { 25 | packets 30; 26 | seconds 30; 27 | } 28 | ipv4-template; 29 | } 30 | template ipv6 { 31 | flow-active-timeout 60; 32 | flow-inactive-timeout 15; 33 | template-refresh-rate { 34 | packets 30; 35 | seconds 60; 36 | } 37 | option-refresh-rate { 38 | packets 30; 39 | seconds 30; 40 | } 41 | ipv6-template; 42 | } 43 | } 44 | } 45 | } 46 | forwarding-options { 47 | sampling { 48 | instance { 49 | sample-ins { 50 | input { 51 | # Set sample rate based on flow volume. 52 | rate {{device_sample_rate}}; 53 | max-packets-per-second 65535; 54 | } 55 | family inet { 56 | output { 57 | # Destination is a Kentik Flow Proxy Agent. 58 | # update port number in the next stanza if your KProxy setup uses a custom-set, non-default one 59 | flow-server {{kentik_flow_proxy_IP}} { 60 | port 9995; 61 | autonomous-system-type origin; 62 | # IP of interface that will be source of flow records. 63 | source-address {{device_sending_ip}}; 64 | version-ipfix { 65 | template { 66 | ipv4; 67 | } 68 | } 69 | } 70 | inline-jflow { 71 | # IP of interface that will be source of flow records. 72 | source-address {{device_sending_ip}}; 73 | } 74 | } 75 | } 76 | family inet6 { 77 | output { 78 | # Destination is the previously configured KProxy Agent 79 | flow-server {{kentik_flow_proxy_IP}} { 80 | # Destination is a Kentik Flow Proxy Agent. 81 | # update port number in the next stanza if your KProxy setup uses a custom-set, non-default one 82 | port 9995; 83 | autonomous-system-type origin; 84 | # IP of interface that will be source of flow records. 85 | source-address {{device_sending_ip}}; 86 | version-ipfix { 87 | template { 88 | ipv6; 89 | } 90 | } 91 | } 92 | inline-jflow { 93 | # IP of interface that will be source of flow records. 94 | source-address {{device_sending_ip}}; 95 | } 96 | } 97 | } 98 | } 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /Juniper/MX-series/ipfix-interfaces-ptx1000.conf: -------------------------------------------------------------------------------- 1 | # sampling must be applied using a firewall filter vs applying sampling directly on the interface 2 | # Care must be taken if there may be expected interaction with existing firewall filters on interfaces 3 | # This is for example purposes only 4 | # https://www.juniper.net/documentation/us/en/software/junos/flow-monitoring/topics/task/inline-flow-ptx-configuring.html 5 | 6 | firewall { 7 | family inet { 8 | filter SAMPLE-IPV4 { 9 | term ipv4-accept { 10 | then { 11 | accept; 12 | sample; 13 | } 14 | } 15 | } 16 | family inet6 { 17 | filter SAMPLE-IPV6 { 18 | term ipv6-accept { 19 | then { 20 | accept; 21 | sample; 22 | } 23 | } 24 | } 25 | } 26 | } 27 | } 28 | 29 | # apply the filter on ingress to interfaces of interest 30 | interfaces { 31 | {{interface_name}} { 32 | unit 0 { 33 | family inet { 34 | filter { 35 | input SAMPLE-IPV4; 36 | } 37 | } 38 | family inet6 { 39 | filter { 40 | input SAMPLE-IPV6; 41 | } 42 | } 43 | } 44 | } 45 | } -------------------------------------------------------------------------------- /Juniper/MX-series/ipfix-interfaces.conf: -------------------------------------------------------------------------------- 1 | # Add a sampling input to every interface 2 | # that has a family INET (including IRB interfaces) 3 | family inet { 4 | sampling { 5 | input; 6 | } 7 | } 8 | family inet6 { 9 | sampling { 10 | input; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Juniper/MX-series/ipfix-linecards.conf: -------------------------------------------------------------------------------- 1 | # For each linecard with interfaces, add a sampling-instance to 2 | # the chassis config stanza 3 | 4 | # Starting with Junos OS Release 15.1F2 Junos reverted to allocating only one 1K IPv4 flow table 5 | # This table size is unsufficient to accurately report netflow 6 | # Flow Tables must be recarved depending on the type of linecard activated for sampling 7 | # https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/flow-table-size-edit-services.html 8 | 9 | chassis { 10 | fpc 0 { 11 | sampling-instance ; 12 | # required on any MX running a release later than Junos 15.1F2 13 | # NOT supported on PTX1000 however! 14 | inline-services { 15 | flow-table-size { 16 | # This example would be appropriate for MPC2E, MPC3E, and MPC4E 17 | # See link above for other supported combinations by linecard. 18 | ipv4-flow-table-size 10; 19 | ipv6-flow-table-size 5; 20 | } 21 | } 22 | } 23 | fpc 1 { 24 | sampling-instance ; 25 | } 26 | } -------------------------------------------------------------------------------- /Juniper/MX-series/ipfix-mpls.conf: -------------------------------------------------------------------------------- 1 | # Add a firewall filter input to every MPLS interface to sample the traffic. 2 | family mpls { 3 | filter { 4 | input mpls_sample; 5 | } 6 | } 7 | 8 | # Create the firewall filter. 9 | firewall { 10 | family mpls { 11 | filter mpls_sample { 12 | term accept { 13 | then { 14 | sample; 15 | accept; 16 | } 17 | } 18 | } 19 | } 20 | } 21 | 22 | # Add label-position and tunnel-observation to the original mpls-ipv4 template. 23 | services { 24 | flow-monitoring { 25 | version-ipfix { 26 | template mpls-ipv4 { 27 | flow-active-timeout 60; 28 | flow-inactive-timeout 10; 29 | nexthop-learning { 30 | enable; 31 | } 32 | template-refresh-rate { 33 | packets 30; 34 | seconds 60; 35 | } 36 | option-refresh-rate { 37 | packets 30; 38 | seconds 30; 39 | } 40 | # Add label-position. 41 | mpls-template { 42 | label-position [ 1 2 ]; 43 | } 44 | # Add tunnel-observation. 45 | tunnel-observation { 46 | ipv4; 47 | } 48 | } 49 | } 50 | } 51 | } 52 | 53 | # Add "family mpls" to the sampling instance, same as inet or inet6. 54 | forwarding-options { 55 | sampling { 56 | instance { 57 | sample-ins { 58 | input { 59 | rate {{device_sample_rate}}; 60 | max-packets-per-second 65535; 61 | } 62 | family mpls { 63 | output { 64 | # Destination is Kentik Flow Ingest, not using Kentik Flow Proxy Agent. 65 | flow-server {{kentik_ingest_ip_from_UI}} { 66 | # Using Kentik public Flow Ingest 67 | port {{kentik_ingest_UDP_port_from_UI}}; 68 | autonomous-system-type origin; 69 | # IP of interface that will be source of flow records. 70 | source-address {{device_sending_ip}}; 71 | version-ipfix { 72 | template { 73 | mpls-ipv4; 74 | } 75 | } 76 | } 77 | inline-jflow { 78 | # IP of interface that will be source of flow records. 79 | source-address {{device_sending_ip}}; 80 | } 81 | } 82 | } 83 | } 84 | } 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /Juniper/MX-series/ipfix.conf: -------------------------------------------------------------------------------- 1 | services { 2 | flow-monitoring { 3 | version-ipfix { 4 | template mpls-ipv4 { 5 | flow-active-timeout 60; 6 | flow-inactive-timeout 15; 7 | template-refresh-rate { 8 | packets 30; 9 | seconds 60; 10 | } 11 | option-refresh-rate { 12 | packets 30; 13 | seconds 30; 14 | } 15 | mpls-template; 16 | } 17 | template ipv4 { 18 | flow-active-timeout 60; 19 | flow-inactive-timeout 15; 20 | template-refresh-rate { 21 | packets 30; 22 | seconds 60; 23 | } 24 | option-refresh-rate { 25 | packets 30; 26 | seconds 30; 27 | } 28 | ipv4-template; 29 | } 30 | template ipv6 { 31 | flow-active-timeout 60; 32 | flow-inactive-timeout 15; 33 | template-refresh-rate { 34 | packets 30; 35 | seconds 60; 36 | } 37 | option-refresh-rate { 38 | packets 30; 39 | seconds 30; 40 | } 41 | ipv6-template; 42 | } 43 | } 44 | } 45 | } 46 | forwarding-options { 47 | sampling { 48 | instance { 49 | sample-ins { 50 | input { 51 | # Set sample rate based on flow volume. 52 | rate {{device_sample_rate}}; 53 | max-packets-per-second 65535; 54 | } 55 | family inet { 56 | output { 57 | # Destination is Kentik Flow Ingest, not using Kentik Flow Proxy Agent. 58 | flow-server {{kentik_ingest_ip_from_UI}} { 59 | # Using Kentik public Flow Ingest 60 | port {{kentik_ingest_UDP_port_from_UI}}; 61 | autonomous-system-type origin; 62 | # IP of interface that will be source of flow records. 63 | source-address {{device_sending_ip}}; 64 | version-ipfix { 65 | template { 66 | ipv4; 67 | } 68 | } 69 | } 70 | inline-jflow { 71 | # IP of interface that will be source of flow records. 72 | source-address {{device_sending_ip}}; 73 | } 74 | } 75 | } 76 | family inet6 { 77 | output { 78 | # Destination is Kentik Flow Ingest, not using Kentik Flow Proxy Agent. 79 | flow-server {{kentik_ingest_ip_from_UI}} { 80 | # Using Kentik public Flow Ingest 81 | port {{kentik_ingest_UDP_port_from_UI}}; 82 | autonomous-system-type origin; 83 | # IP of interface that will be source of flow records. 84 | source-address {{device_sending_ip}}; 85 | version-ipfix { 86 | template { 87 | ipv6; 88 | } 89 | } 90 | } 91 | inline-jflow { 92 | # IP of interface that will be source of flow records. 93 | source-address {{device_sending_ip}}; 94 | } 95 | } 96 | } 97 | } 98 | } 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /Juniper/MX-series/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | # SNMP polls will be issued by the previously configured KProxy instance 2 | # make sure your ACLs let these through from the KProxy agent ( {{kentik_flow_proxy_IP}} ) to this router 3 | snmp { 4 | # Community used for Kentik to poll the device 5 | community {{snmp_community}} { 6 | authorization read-only; 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /Juniper/MX-series/snmp.conf: -------------------------------------------------------------------------------- 1 | snmp { 2 | # Community used for Kentik to poll the device 3 | community {{snmp_community}} { 4 | authorization read-only; 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /Juniper/MX-series/telemetry_dialin.conf: -------------------------------------------------------------------------------- 1 | /* Create a local user for gnmi-user per Juniper docs 2 | (https://www.juniper.net/documentation/us/en/software/junos/grpc-network-services/topics/topic-map/grpc-services-configuring.html#task-configure-gnoi-user-account) 3 | */ 4 | 5 | /* The allow-commands-regexps and deny-commands-regexps statements were introduced in Junos OS Release 18.1 6 | ssl statement introduced in Junos OS Release 16.1 7 | mutual-authentication, client-certificate-request, and certificate-authority options added in Junos OS Release 17.4R1 8 | hot-reloading option added in Junos OS Release 20.4R1 9 | use-pki option added in Junos OS Evolved Release 22.2R1 10 | */ 11 | 12 | system { 13 | login { 14 | class { 15 | grpc-operator { 16 | permissions view; 17 | allow-grpc-rpc-regexps "/gnmi.gNMI/Get"; 18 | deny-grpc-rpc-regexps “.*”; 19 | } 20 | } 21 | user gnmi-user { 22 | class grpc-operator; 23 | } 24 | } 25 | } 26 | 27 | /* This method is insecure and should only be used in a lab. */ 28 | system { 29 | services { 30 | extension-service { 31 | request-response { 32 | grpc { 33 | clear-text { 34 | address {{local_address}}; 35 | port 443; 36 | } 37 | } 38 | } 39 | notification { 40 | allow-clients { 41 | address {{kentik_agent_IP}}; 42 | } 43 | } 44 | } 45 | } 46 | schema { 47 | openconfig { 48 | unhide; 49 | } 50 | } 51 | } 52 | 53 | /* This method uses SSL with a self-signed cerficate for production environments. 54 | Upload an x509 certificate to the router or create a self-signed certificate. For example, on any Linux machine: 55 | $ openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout grpc-cert.key -out grpc-cert.pem 56 | 57 | You can also generate a self-signed certificate directly from the JUNOS CLI: 58 | Generate keypair: > request security pki generate-key-pair size 2048 type rsa certificate-id grpc-cert 59 | Generate certificate: > request security pki local-certificate generate-self-signed certificate-id grpc-cert domain-name email subject CN=,OU=,O=,L=,ST=,C= 60 | */ 61 | set security certificates local grpc-cert load-key-file grpc-cert.pem 62 | 63 | system { 64 | services { 65 | extension-service { 66 | request-response { 67 | grpc { 68 | ssl { 69 | address {{local_address}}; 70 | port 443; 71 | use-pki; 72 | hot-reloading; 73 | local-certificate grpc-cert 74 | } 75 | } 76 | } 77 | notification { 78 | allow-clients { 79 | address {{kentik_agent_IP}}; 80 | } 81 | } 82 | } 83 | } 84 | schema { 85 | openconfig { 86 | unhide; 87 | } 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /Juniper/MX-series/telemetry_dialout-agent.conf: -------------------------------------------------------------------------------- 1 | 2 | services { 3 | analytics { 4 | streaming-server KENTIK-REMOTE { 5 | # remote-address - IP of the Kentik Flow Proxy Agent 6 | remote-address {{kentik_flow_proxy_agent_IP}}; 7 | # remote-port - port of the Kentik Flow Proxy Agent 8 | remote-port {{ipfix_port_default_9555_with_agent}}; 9 | } 10 | export-profile KENTIK-PROF { 11 | # IP of interface that will be source of telemety records. 12 | local-address {{local-address}}; 13 | # local port will be source of telemery records. 14 | local-port {{local-port}}; 15 | reporting-rate 30; 16 | format gpb; 17 | transport udp; 18 | } 19 | sensor KENTIK-SENSOR { 20 | server-name KENTIK-REMOTE; 21 | export-name KENTIK-PROF; 22 | resource /junos/system/linecard/interface/; 23 | } 24 | sensor KENTIK-SENSOR_LOGICAL { 25 | server-name KENTIK-REMOTE; 26 | export-name KENTIK-PROF; 27 | resource /junos/system/linecard/interface/logical/usage/; 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Juniper/MX-series/telemetry_dialout.conf: -------------------------------------------------------------------------------- 1 | 2 | services { 3 | analytics { 4 | streaming-server KENTIK-REMOTE { 5 | # remote-address - Using Kentik public Flow Ingest 6 | remote-address {{kentik_ingest_ip_from_UI}}; 7 | # remote-port - Using Kentik public Flow Ingest 8 | remote-port 20023; 9 | } 10 | export-profile KENTIK-PROF { 11 | # IP of interface that will be source of telemety records. 12 | local-address {{local_address}}; 13 | # local port will be source of telemery records. 14 | local-port {{local_port}}; 15 | reporting-rate 30; 16 | format gpb; 17 | transport udp; 18 | } 19 | sensor KENTIK-SENSOR { 20 | server-name KENTIK-REMOTE; 21 | export-name KENTIK-PROF; 22 | resource /junos/system/linecard/interface/; 23 | } 24 | sensor KENTIK-SENSOR_LOGICAL { 25 | server-name KENTIK-REMOTE; 26 | export-name KENTIK-PROF; 27 | resource /junos/system/linecard/interface/logical/usage/; 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Juniper/QFX_EX-series/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure a Juniper QFX and EX equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Juniper QFX/EX configuration notes 5 | The default chosen flow protocol for QFX and EX series is initially sFlow 6 | * Kentik does not use interface counters polled over sFlow, so the suggeston is to configure polling interval to 0, which means polling will not happen. 7 | ## sFlow on QFX platforms 8 | * On some older code, sFlow is the only export protocol available. This works, but on particularly busy devices, the adaptive sampling backoff algorithm is not implemented, so flow sampling rates will increase until the device is reset. Contact support@kentik.com to discuss workarounds. 9 | * QFX 1000X platforms support IPFIX in code 17.3 and newer. It is recommended that customers upgrade to this version of code to avoid the adaptive sampling bug discussed previously 10 | * sFlow support for adaptive sampling is greatly improved on the QFX platforms starting in 18.3 11 | 12 | Based on the above is, based on your JunOS version on QFX: 13 | * On the QFX platform, for any version prior to 17.3, use sFlow as it is the only available method 14 | * On QFX 1000X switches, for any version between 17.3 and 18.3, please use IPFIX, as described in the MX configuration section: 15 | [MX configuration guide here](https://github.com/kentik/config-snippets/tree/master/Juniper/MX-series) 16 | * on JunOS version post 18.1, sFlow has been greatly improved and can be used again (up to your preference), in which case please use this section 17 | * Kentik discourages the use of Adaptive Sample Rate before version 18.3 of JunOS - for versions greater or equal, the following configuration can be implemented in order to make the sample-rate reset to the configured values: 18 | 19 | ``` 20 | adaptive-sample-rate rate { 21 | fallback; 22 | } 23 | ``` 24 | ## SFlow on EX platforms 25 | * Sflow presented a few crippling issues on the EX platform prior to version 12, please make sure you are running a more recent software version 26 | * The proper Adaptive Sample Rate command set stills need to be entered (comes with version >= 12 on EX) for sflow to work in an acceptable manner: 27 | 28 | ``` 29 | adaptive-sample-rate rate { 30 | fallback; 31 | } 32 | ``` 33 | -------------------------------------------------------------------------------- /Juniper/QFX_EX-series/bgp.conf: -------------------------------------------------------------------------------- 1 | policy-options { 2 | # Prefix List of Routes not to send to Kentik 3 | prefix-list KENTIK-NOSEND { 4 | 0.0.0.0/0; 5 | } 6 | # Outbound policy for Kentik BGP session 7 | policy-statement KENTIK-OUT { 8 | term 5 { 9 | from { 10 | prefix-list KENTIK-NOSEND; 11 | } 12 | then reject; 13 | } 14 | then accept; 15 | } 16 | } 17 | 18 | protocols { 19 | bgp { 20 | # Group for the BGP session to Kentik 21 | group route-consumers_v4 { 22 | type internal; 23 | # Prevent short-lived reachability issues from triggering neighbor down events. 24 | hold-time 720; 25 | family inet { 26 | unicast; 27 | } 28 | family inet-vpn { 29 | unicast; 30 | } 31 | export KENTIK-OUT; 32 | # IP this RR should identify itself as in the cluster ID field 33 | cluster {{cluster_id}}; 34 | # Kentik-provided peering IP. 35 | neighbor {{kentik_UI_bgp_peering_ipv4}} { 36 | description Kentik-Detect; 37 | # IP of local router interface or loopback. 38 | local-address {{local_interface_ip}}; 39 | mtu-discovery; 40 | } 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /Juniper/QFX_EX-series/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * vEX 4 | * EX3300 5 | * EX4550 6 | * EX4200 7 | * EX9208 8 | * QFX5200 9 | * QFX5100 10 | * QFX1000x 11 | * ACX 12 | # A platform you succesfully tested Kentik with is not in this list ? 13 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 14 | -------------------------------------------------------------------------------- /Juniper/QFX_EX-series/sflow-agent.conf: -------------------------------------------------------------------------------- 1 | protocols { 2 | sflow { 3 | agent-id {{device_sending_ip}}; 4 | polling-interval 0; 5 | sample-rate ingress {{device_sample_rate}}; 6 | source-ip {{device_sending_ip}}; 7 | # collector sends to your Kentik Flow Proxy aka KPROXY 8 | # Kentik public flow ingest is not used in that case 9 | collector {{kentik_flow_proxy_IP}} { 10 | # Destination is a Kentik Flow Proxy Agent. 11 | # update port number in the next line if your KProxy setup uses a custom-set, non-default one 12 | udp-port 9995; 13 | } 14 | # declare all interfaces that Sflow needs to be enabled for 15 | interfaces ; 16 | # .../... 17 | interfaces ; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /Juniper/QFX_EX-series/sflow.conf: -------------------------------------------------------------------------------- 1 | protocols { 2 | sflow { 3 | agent-id {{device_sending_ip}}; 4 | polling-interval 0; 5 | sample-rate ingress {{device_sample_rate}}; 6 | source-ip {{device_sending_ip}}; 7 | collector {{kentik_ingest_ip_from_UI}} { 8 | udp-port {{kentik_ingest_UDP_port_from_UI}}; 9 | } 10 | # declare all interfaces that Sflow needs to be enabled for 11 | interfaces ; 12 | # .../... 13 | interfaces ; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /Juniper/QFX_EX-series/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | # SNMP polls will be issued by the previously configured KProxy instance 2 | # make sure your ACLs let these through from the KProxy agent ( {{kentik_flow_proxy_IP}} ) to this router 3 | snmp { 4 | # Community used for Kentik to poll the device 5 | community {{snmp_community}} { 6 | authorization read-only; 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /Juniper/QFX_EX-series/snmp.conf: -------------------------------------------------------------------------------- 1 | snmp { 2 | # Community used for Kentik to poll the device 3 | community {{snmp_community}} { 4 | authorization read-only; 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /Juniper/SRX-series/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure an Juniper SRX equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Juniper SRX configuration notes 5 | ## Miscellaneous useful notes 6 | * Juniper SRX devices support only inline Jflow sampling. 7 | * Firewalls must persist SNMP interface IDs across reboots, this is usually done by default on SRX devices 8 | * Branch SRXs (non-chassis based) do not support MPLS so no configuration examples are provided for such 9 | * Juniper provides some good information in their [docs] (https://supportportal.juniper.net/s/article/SRX-Getting-Started-Configure-J-Flow?language=en_US) 10 | 11 | ## Additional config required on interfaces 12 | The ```ipfix-interfaces.conf``` display these additionally required stanzas. 13 | * Add this to active interfaces: 14 | ``` 15 | family inet { 16 | sampling { 17 | input; 18 | } 19 | } 20 | ``` -------------------------------------------------------------------------------- /Juniper/SRX-series/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * SRX240h2 4 | * SRX300 5 | * SRX340 6 | * SRX4200 7 | * vSRX 8 | Note: Juniper provides good details about the versions of Netflow (aka J-Flow) in their [docs](https://supportportal.juniper.net/s/article/SRX-Getting-Started-Configure-J-Flow?language=en_US) 9 | 10 | # A platform you succesfully tested Kentik with is not in this list ? 11 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 12 | -------------------------------------------------------------------------------- /Juniper/SRX-series/netflow-agent.conf: -------------------------------------------------------------------------------- 1 | services { 2 | flow-monitoring { 3 | version9 { 4 | template ipv4 { 5 | flow-active-timeout 60; 6 | flow-inactive-timeout 15; 7 | template-refresh-rate { 8 | seconds 60; 9 | } 10 | option-refresh-rate { 11 | seconds 30; 12 | } 13 | ipv4-template; 14 | } 15 | template ipv6 { 16 | flow-active-timeout 60; 17 | flow-inactive-timeout 15; 18 | template-refresh-rate { 19 | seconds 60; 20 | } 21 | option-refresh-rate { 22 | seconds 30; 23 | } 24 | ipv6-template; 25 | } 26 | } 27 | } 28 | } 29 | forwarding-options { 30 | sampling { 31 | instance { 32 | sample-ins { 33 | input { 34 | # Set sample rate based on flow volume. 35 | rate {{device_sample_rate}}; 36 | max-packets-per-second 65535; 37 | } 38 | family inet { 39 | output { 40 | # Destination is a Kentik Flow Proxy Agent. 41 | # update port number in the next stanza if your KProxy setup uses a custom-set, non-default one 42 | flow-server {{kentik_flow_proxy_IP}} { 43 | port 9995; 44 | autonomous-system-type origin; 45 | # IP of interface that will be source of flow records. 46 | source-address {{device_sending_ip}}; 47 | version9 { 48 | template { 49 | ipv4; 50 | } 51 | } 52 | } 53 | inline-jflow { 54 | # IP of interface that will be source of flow records. 55 | source-address {{device_sending_ip}}; 56 | } 57 | } 58 | } 59 | family inet6 { 60 | output { 61 | # Destination is the previously configured KProxy Agent 62 | flow-server {{kentik_flow_proxy_IP}} { 63 | # Destination is a Kentik Flow Proxy Agent. 64 | # update port number in the next stanza if your KProxy setup uses a custom-set, non-default one 65 | port 9995; 66 | autonomous-system-type origin; 67 | # IP of interface that will be source of flow records. 68 | source-address {{device_sending_ip}}; 69 | version9 { 70 | template { 71 | ipv6; 72 | } 73 | } 74 | } 75 | inline-jflow { 76 | # IP of interface that will be source of flow records. 77 | source-address {{device_sending_ip}}; 78 | } 79 | } 80 | } 81 | } 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /Juniper/SRX-series/netflow-interfaces.conf: -------------------------------------------------------------------------------- 1 | # Add a sampling input to every interface 2 | # that has a family INET (including IRB interfaces) 3 | family inet { 4 | sampling { 5 | input; 6 | } 7 | } 8 | family inet6 { 9 | sampling { 10 | input; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Juniper/SRX-series/netflow.conf: -------------------------------------------------------------------------------- 1 | services { 2 | flow-monitoring { 3 | version9 { 4 | template ipv4 { 5 | flow-active-timeout 60; 6 | flow-inactive-timeout 15; 7 | template-refresh-rate { 8 | seconds 60; 9 | } 10 | option-refresh-rate { 11 | seconds 30; 12 | } 13 | ipv4-template; 14 | } 15 | template ipv6 { 16 | flow-active-timeout 60; 17 | flow-inactive-timeout 15; 18 | template-refresh-rate { 19 | seconds 60; 20 | } 21 | option-refresh-rate { 22 | seconds 30; 23 | } 24 | ipv6-template; 25 | } 26 | } 27 | } 28 | } 29 | forwarding-options { 30 | sampling { 31 | instance { 32 | sample-ins { 33 | input { 34 | # Set sample rate based on flow volume. 35 | rate {{device_sample_rate}}; 36 | max-packets-per-second 65535; 37 | } 38 | family inet { 39 | output { 40 | # Destination is Kentik Flow Ingest, not using Kentik Flow Proxy Agent. 41 | flow-server {{kentik_ingest_ip_from_UI}} { 42 | # Using Kentik public Flow Ingest 43 | port {{kentik_ingest_UDP_port_from_UI}}; 44 | autonomous-system-type origin; 45 | # IP of interface that will be source of flow records. 46 | source-address {{device_sending_ip}}; 47 | version9 { 48 | template { 49 | ipv4; 50 | } 51 | } 52 | } 53 | inline-jflow { 54 | # IP of interface that will be source of flow records. 55 | source-address {{device_sending_ip}}; 56 | } 57 | } 58 | } 59 | family inet6 { 60 | output { 61 | # Destination is Kentik Flow Ingest, not using Kentik Flow Proxy Agent. 62 | flow-server {{kentik_ingest_ip_from_UI}} { 63 | # Using Kentik public Flow Ingest 64 | port {{kentik_ingest_UDP_port_from_UI}}; 65 | autonomous-system-type origin; 66 | # IP of interface that will be source of flow records. 67 | source-address {{device_sending_ip}}; 68 | version9 { 69 | template { 70 | ipv6; 71 | } 72 | } 73 | } 74 | inline-jflow { 75 | # IP of interface that will be source of flow records. 76 | source-address {{device_sending_ip}}; 77 | } 78 | } 79 | } 80 | } 81 | } 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /Juniper/SRX-series/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | # SNMP polls will be issued by the previously configured KProxy instance 2 | # make sure your ACLs let these through from the KProxy agent ( {{kentik_flow_proxy_IP}} ) to this device 3 | snmp { 4 | # Community used for Kentik to poll the device 5 | community {{snmp_community}} { 6 | authorization read-only; 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /Juniper/SRX-series/snmp.conf: -------------------------------------------------------------------------------- 1 | snmp { 2 | # Community used for Kentik to poll the device 3 | community {{snmp_community}} { 4 | authorization read-only; 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /Juniper/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Juniper/logo.png -------------------------------------------------------------------------------- /Mikrotik/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure Mikrotik equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | -------------------------------------------------------------------------------- /Mikrotik/bgp.conf: -------------------------------------------------------------------------------- 1 | ### This includes the basic config for BGP and RTBH. 2 | 3 | # jul/06/2023 15:33:39 by RouterOS 6.48.6 4 | # model = CCR1072-1G-8S+ 5 | 6 | ### "Loopback" bridge is used for loopback IP, and other IPs that should stay reachable 7 | ### "null interface" bridge is used for RTBH 8 | /interface bridge 9 | add name=Loopback 10 | add name="null interface" 11 | 12 | ### 192.0.2.1 is commonly used for RTBH next-hop, so it is assigned to the "null interface" 13 | /ip address 14 | add address={{device_sending_ip}} interface=Loopback network={{network_of_device_sending_ip}} comment="Kentik Source IP" 15 | add address=192.0.2.1 interface="null interface" network=192.0.2.1 comment=RTBH 16 | 17 | /routing bgp instance 18 | set default as={{kentik_portal_ASN}} 19 | /routing bgp peer 20 | add in-filter=kentik-in multihop=yes name=Kentik out-filter=kentik-out remote-address={{kentik_UI_bgp_peering_ipv4}} remote-as={{kentik_portal_ASN}} update-source={{device_sending_ip}} 21 | 22 | ### Routing filters will depend on use case, so I excluded output filters. Input filters should discard all but /32s with 65535:666 community if using Kentik for RTBH 23 | /routing filter 24 | add action=accept bgp-communities=65535:666 chain=kentik-in prefix-length=32 25 | add action=discard chain=kentik-in 26 | -------------------------------------------------------------------------------- /Mikrotik/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | # A platform you succesfully tested Kentik with is not in this list ? 4 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 5 | -------------------------------------------------------------------------------- /Mikrotik/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Mikrotik/logo.png -------------------------------------------------------------------------------- /Mikrotik/mikrotik_kentik_config.conf: -------------------------------------------------------------------------------- 1 | ### This includes the basic config for netflow, BGP, SNMP, and RTBH. 2 | 3 | # jul/06/2023 15:33:39 by RouterOS 6.48.6 4 | # model = CCR1072-1G-8S+ 5 | 6 | ### "null interface" bridge is used for RTBH 7 | ### "Loopback" bridge is used for loopback IP, and other IPs that should stay reachable 8 | 9 | /interface bridge 10 | add name=Loopback 11 | add name="null interface" 12 | 13 | ### 192.0.2.1 is commonly used for RTBH next-hop, so it is assigned to the "null interface" 14 | 15 | /ip address 16 | add address=#### interface=Loopback network=#### comment="Kentik Source IP" 17 | add address=192.0.2.1 interface="null interface" network=192.0.2.1 comment=RTBH 18 | 19 | ### It may be worth tweaking the flow timeouts depending on use case 20 | 21 | /ip traffic-flow 22 | set active-flow-timeout=45s cache-entries=2M enabled=yes inactive-flow-timeout=30s 23 | /ip traffic-flow target 24 | add dst-address=208.76.14.244 port=20013 src-address=(### Insert desired source IP ###) 25 | 26 | /routing bgp instance 27 | set default as=(### Insert ASN ###) 28 | /routing bgp peer 29 | add in-filter=kentik-in multihop=yes name=Kentik out-filter=kentik-out remote-address=208.76.14.223 remote-as=(### Insert ASN ###) update-source=(### Insert desired source IP ###) 30 | 31 | ### Routing filters will depend on use case, so I excluded output filters. Input filters should discard all but /32s with 65535:666 community if using Kentik for RTBH 32 | 33 | /routing filter 34 | add action=accept bgp-communities=65535:666 chain=kentik-in prefix-length=32 35 | add action=discard chain=kentik-in 36 | 37 | /snmp community 38 | add addresses=209.50.158.0/23 name=(### Insert Kentik specific SNMP community ###) 39 | /snmp 40 | set enabled=yes trap-version=2 -------------------------------------------------------------------------------- /Mikrotik/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | ### This includes the basic config for Mikrotik FLOW 2 | 3 | # jul/06/2023 15:33:39 by RouterOS 6.48.6 4 | # model = CCR1072-1G-8S+ 5 | 6 | ### It may be worth tweaking the flow timeouts depending on use case 7 | /ip traffic-flow 8 | set active-flow-timeout=60s cache-entries=2M enabled=yes inactive-flow-timeout=15s 9 | /ip traffic-flow target 10 | add dst-address={{kentik_flow_proxy_IP}} port=9995 src-address={{device_sending_ip}} -------------------------------------------------------------------------------- /Mikrotik/netflow-9.conf: -------------------------------------------------------------------------------- 1 | ### This includes the basic config for Mikrotik FLOW 2 | 3 | # jul/06/2023 15:33:39 by RouterOS 6.48.6 4 | # model = CCR1072-1G-8S+ 5 | 6 | ### It may be worth tweaking the flow timeouts depending on use case 7 | /ip traffic-flow 8 | set active-flow-timeout=60s cache-entries=2M enabled=yes inactive-flow-timeout=15s 9 | /ip traffic-flow target 10 | add dst-address={{kentik_ingest_ip_from_UI}} port={{kentik_ingest_UDP_port_from_UI}} src-address={{device_sending_ip}} -------------------------------------------------------------------------------- /Mikrotik/snmp.conf: -------------------------------------------------------------------------------- 1 | ### This includes the basic config for Mikrotik SNMP 2 | 3 | # jul/06/2023 15:33:39 by RouterOS 6.48.6 4 | # model = CCR1072-1G-8S+ 5 | 6 | /snmp community 7 | # US cluster 8 | add addresses=209.50.158.0/22 name={{snmp_community}} 9 | # EU cluster 10 | add addresses=193.177.128.0/22 name={{snmp_community}} 11 | /snmp 12 | set enabled=yes trap-version=2 -------------------------------------------------------------------------------- /Nokia/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure a Timetra/Alcatel/Lucent/Nokia routing equipment are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Nokia configuration notes 5 | * Nokia/Alcaltel/Lucent routers will re-shuffle SNMP interface IDs upon rebook, to circumvent this issue, make sure to implement the config in [snmp.conf](https://github.com/kentik/config-snippets/blob/master/Nokia/snmp.conf) 6 | -------------------------------------------------------------------------------- /Nokia/bgp.conf: -------------------------------------------------------------------------------- 1 | # It is assumed the device is already configured with the following attributes 2 | #-------------------------------------------------- 3 | # echo "IP Configuration" 4 | #-------------------------------------------------- 5 | autonomous-system 6 | router-id 7 | 8 | #-------------------------------------------------- 9 | # "BGP and Policy Configuration" 10 | #-------------------------------------------------- 11 | config 12 | policy-statement "REJECT-ALL" 13 | description "Reject All IPs" 14 | entry 1 15 | action drop 16 | exit 17 | exit 18 | 19 | prefix-list "KENTIK-NOSEND" 20 | # ensure we don't send any default routes 21 | prefix 0.0.0.0/0 22 | prefix 0::/0 23 | exit 24 | 25 | policy-statement "KENTIK-OUT" 26 | description "Announce all IPV4/6 BGP routes except in KENTIK-NOSEND" 27 | entry 10 28 | from 29 | protocol bgp 30 | prefix-list "KENTIK-NOSEND" 31 | family ipv4 ipv6 32 | exit 33 | action drop 34 | exit 35 | exit 36 | default-action accept 37 | exit 38 | exit 39 | 40 | config router bgp 41 | group "RR_PEERS" 42 | description "Route Refelector BGP Peering sessions" 43 | family ipv4 ipv6 44 | # family vpn-ipv4 vpn-ipv6 45 | remove-private 46 | cluster {{cluster_id}} 47 | import "REJECT-ALL" 48 | export "REJECT-ALL" 49 | graceful-restart 50 | exit 51 | neighbor {{kentik_UI_bgp_peering_ipv4}} 52 | description "Kentik-Detect IPv4 BGP Peer" 53 | family ipv4 54 | # prevent short-lived reachability issues from triggering neighbor down events 55 | hold-time 720 56 | peer-as {{kentik_portal_ASN}} 57 | # multihop 64 : default for iBGP but can be overridden 58 | # local-address {{device_sending_ip}} needed only if different from system IP address 59 | authentication-key "{{md5_password}}" hash2 60 | import "REJECT-ALL" 61 | export "KENTIK-OUT" 62 | exit 63 | neighbor {{kentik_UI_bgp_peering_ipv6}} 64 | description "Kentik-Detect IPv6 BGP Peer" 65 | family ipv6 66 | # prevent short-lived reachability issues from triggering neighbor down events 67 | hold-time 720 68 | peer-as {{kentik_portal_ASN}} 69 | # multihop 64 : default for iBGP but can be overridden 70 | # local-address {{device_sending_ip}} : needed only if different from system IP address 71 | authentication-key "{{md5_password}}" hash2 72 | import "REJECT-ALL" 73 | export "KENTIK-OUT" 74 | exit 75 | exit 76 | exit 77 | exit -------------------------------------------------------------------------------- /Nokia/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * SR 7750 4 | * XRS 7950 5 | 6 | # A platform you succesfully tested Kentik with is not in this list ? 7 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 8 | -------------------------------------------------------------------------------- /Nokia/ipfix-agent.conf: -------------------------------------------------------------------------------- 1 | config>cflowd# 2 | active-timeout 1 # minutes 3 | inactive-timeout 60 # seconds 4 | template-retransmit 60 # seconds 5 | rate {{device_sample_rate}} 6 | collector {{kentik_flow_proxy_agent_IP}}:9995 version 10 7 | template-set mpls-ip 8 | autonomous-system-type origin 9 | description "Kentik KProxy flow export" 10 | no shutdown 11 | exit 12 | no shutdown 13 | exit 14 | -------------------------------------------------------------------------------- /Nokia/ipfix-interfaces.conf: -------------------------------------------------------------------------------- 1 | config>router>interface 2 | cflowd interface 3 | -------------------------------------------------------------------------------- /Nokia/ipfix.conf: -------------------------------------------------------------------------------- 1 | config>cflowd# 2 | active-timeout 1 # minutes 3 | inactive-timeout 60 # seconds 4 | template-retransmit 60 # seconds 5 | rate {{device_sample_rate}} 6 | collector {{kentik_ingest_ip_from_UI}}:{{kentik_ingest_UDP_port_from_UI}} version 10 7 | template-set mpls-ip 8 | autonomous-system-type origin 9 | description "Kentik SaaS" 10 | no shutdown 11 | exit 12 | no shutdown 13 | exit 14 | -------------------------------------------------------------------------------- /Nokia/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Nokia/logo.png -------------------------------------------------------------------------------- /Nokia/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | bof persist on 2 | bof save -------------------------------------------------------------------------------- /Nokia/snmp.conf: -------------------------------------------------------------------------------- 1 | bof persist on 2 | bof save -------------------------------------------------------------------------------- /Palo-Alto/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Palo Alto Networks devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Palo-Alto/bgp.conf 4 | -------------------------------------------------------------------------------- /Palo-Alto/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * PA-3000 4 | * PA-5200 5 | # A platform you succesfully tested Kentik with is not in this list ? 6 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 7 | -------------------------------------------------------------------------------- /Palo-Alto/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Palo-Alto/logo.png -------------------------------------------------------------------------------- /Palo-Alto/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | In the UI: 2 | Device-> Server Profiles-> NetFlow. 3 | Add Profile 4 | 5 | Name: 6 | Template Refresh Rate: 30 minutes, 600 packets 7 | Active Timeout: 1 minute 8 | PAN-OS Field Types: export App-ID and User-ID fields 9 | Collector Name: 10 | Collector Netflow Server: {{kentik_flow_proxy_IP}} 11 | Port: {{flow_port_default_9995_with_agent}} 12 | 13 | In the UI: 14 | Network -> Interfaces -> Ethernet: 15 | 16 | 17 | -------------------------------------------------------------------------------- /Palo-Alto/netflow-9.conf: -------------------------------------------------------------------------------- 1 | In the UI: 2 | Device-> Server Profiles-> NetFlow. Add Profile 3 | 4 | Name: 5 | Template Refresh Rate: 30 minutes, 600 packets 6 | Active Timeout: 1 minute 7 | PAN-OS Field Types: export App-ID and User-ID fields 8 | Collector Name: 9 | Collector Netflow Server: {{kentik_ingest_ip_from_UI}} 10 | Port: {{kentik_ingest_UDP_port_from_UI}} 11 | 12 | In the UI 13 | Network -> Interfaces -> Ethernet: 14 | -------------------------------------------------------------------------------- /Palo-Alto/readme.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure a Palo Alto device are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Palo Alto configuration guidelines 5 | Flow configuration on PanOS is displayed in greater detail on their online documentation portal [HERE](https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/monitoring/netflow-monitoring/configure-netflow-exports) 6 | 7 | ## Configuration via the PanOS UI 8 | ### If using direct, public ingest 9 | #### Create a new KENTIK profile 10 | Go to *Device* → *Server Profiles* → *Netflow* → *Add Profile* 11 | In this profile use these settings: 12 | * *Name*: 13 | * *Template Refresh Rate*: 30 minutes, 600 packets 14 | * *Active Timeout*: 1 Minute 15 | * *PanOS Field Types*: 16 | * App-ID 17 | * User-ID 18 | * *Collector Name*: 19 | * *Collector Netflow Server*: {{kentik_ingest_ip_from_UI}} 20 | * *Port*: {{kentik_ingest_UDP_port_from_UI}} 21 | 22 | #### Enable Flow Collection on interfaces 23 | Got to *Network* → *Interfaces* → *Ethernet*: 24 | 25 | ### If using the Kentik Flow Proxy 26 | Go to *Device* → *Server Profiles* → *Netflow* → *Add Profile* 27 | In this profile use these settings: 28 | * *Name*: 29 | * *Template Refresh Rate*: 30 minutes, 600 packets 30 | * *Active Timeout*: 1 Minute 31 | * *PanOS Field Types*: 32 | * App-ID 33 | * User-ID 34 | * *Collector Name*: 35 | * *Collector Netflow Server*: 36 | * *Port*: 9995 (update with your own if your KProxy setup uses a non-default, custom-set port to ingest flow records) 37 | 38 | #### Enable Flow Collection on interfaces 39 | Got to *Network* → *Interfaces* → *Ethernet*: 40 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kentik device configuration snippets repository 2 | Public repository that contains all available config snippets Kentik users can leverage to configure their networking equipments to export data to Kentik. 3 | ## What is this repository used for: 4 | This collaborative repository is intended to support Kentik customers needs to configure their devices to export flow/snmp/bgp to Kentik's ingest platform. 5 | It can be used in two ways: 6 | * these config snippets are leveraged in the Kentik Portal UI at device creation time to suggest configuration snippets based on the user's choice of device vendor and model 7 | * these are also made available to Kentik Users to: 8 | * lookup configuration items for their networking devices outside of the onboarding process. These can be fetched using the github Raw endpoints, for example: https://raw.githubusercontent.com/kentik/config-snippets/master/Juniper/MX-series/ipfix.conf 9 | * users can contribute gotchas or new devices that aren't yet in the repository 10 | * Only Kentik Admins should be allowed to push config snippet changes to Master, users should submit pull requests to be reviewed by Kentik staff. 11 | ## Using templates outside of the device onboarding UI 12 | In order to use these templates outside of the onboarding UI, users should copy paste their content in the device's configuration CLI. Users should ensure to read any gotchas listed in the README.md file of any configuration directory. 13 | These configuration snippets are provided as-is, meaning some entries may sometimes (as rarely as possible though) cause an error, lookout for these and please use github issues to report them to Kentik Admins. 14 | To understand what each template describes, please refer to the next section of this README. 15 | 16 | # Guidelines 17 | * Files are organized in this directory structure 18 | * [Vendor] > ([Product Line]) > [Model] 19 | * For each device model, multiple config files need to be present 20 | * *Network flow configuration:* ```.conf```: netflow-9.conf, netflow-5.conf, ipfix.conf, sflow.conf ... 21 | * *Network flow configuration in case the Kentik Flow Proxy Agent is used:* ```-agent.conf```: netflow-9-agent.conf, ipfix-agent.conf ... 22 | * *Streaming Telemetry configuration based on the type of telemtry support and whether there the Kentik Flow Proxy Agent is used: telemetry:* telemetry_gnmi.conf, telemetry_native.conf, telemetry_native-agent.conf, telemetry_dialout.conf, telemetry_dialout-agent.conf ... 23 | * *Additional per interface config for Network Flow:* ```-interfaces.conf```: Corresponds to commands that need to be added to each IP interface exporting netflow 24 | * *SNMP flow configuration:* ```snmp.conf``` 25 | * *BGP configuration:* ```bgp.conf``` 26 | * *Flowspec configuration:* ```flowspec.conf``` 27 | * Each device directory can contain a markdown file called gotchas.md that contains gotchas for this specific device 28 | * Config snippets contains rudimentary templated variables: 29 | * ```{{variable}}``` get replaced by values entered by the user in Kentik Portal when configuring the device 30 | * `````` will display "variable" in a highlighted manner, for instance for instances of config items users usually provide naming for 31 | * Each vendor root directory contains a 200px width transparent png logo for the associated vendor 32 | 33 | # Templating guidelines 34 | Since the UI doesn't currently include any Kentik Flow Proxy registration process, the UI doesn't know about which IPs the user will be sent to. 35 | Therefore, there need to be two separate config templates for cases with and without agent. In the ```*-agent.conf``` config snippet, we can't reference ```{{variable}}``` types of variables because they're not present in the UI for rendering. 36 | For this reason, the agent related templates shall include `````` types of markers instead of ```{{variable}}``` ones. 37 | 38 | ## List of used template markups 39 | * ```{{kentik_ingest_ip_from_UI}}```: refers to the IP given by Kentik Portal for the device to export their flows to 40 | * ```{{kentik_ingest_UDP_port_from_UI}}```: refers to the port displayed in Kentik Portal device creation that is used to send network flows to in relation to the previously stated IP address 41 | * ```{{device_sample_rate}}```: sample rate the user is configuring on their device and has also entered in the Kentik Portal UI during device creation 42 | * ```{{device_sending_ip}}```: refers to the 1st IP entered in portal device configuration form in the sending ip section of the flow configuration 43 | * ```{{kentik_portal_ASN}}```: Kentik's user ASN, routers configured to export to Kentik will be peered with the Kentik Platform with *iBGP*, and the platform's BGP ingest needs to be a *route reflector client* 44 | * ```{{kentik_UI_bgp_peering_ipv4}}```: refers to the peering IP on the Kentik BGP ingest platform that the device needs to establish an IPv4 session with 45 | * ```{{kentik_UI_bgp_peering_ipv6}}```: refers to the peering IP on the Kentik BGP ingest platform that the device needs to establish an IPv6 session with 46 | -------------------------------------------------------------------------------- /Silver-Peak/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Silver Peak Edge Connect devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Silver-Peak/bgp.conf 4 | -------------------------------------------------------------------------------- /Silver-Peak/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | Feel free to update this section if a platform you are using has been successfully tested with it 3 | * Silver Peak Edge Connect 4 | # A platform you succesfully tested Kentik with is not in this list ? 5 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 6 | -------------------------------------------------------------------------------- /Silver-Peak/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Silver-Peak/logo.png -------------------------------------------------------------------------------- /Silver-Peak/netflow-9-agent.conf: -------------------------------------------------------------------------------- 1 | In the SP Orchestrator UI: 2 | Administration->Flow Export. Click on "Manage Flow Export with Templates" 3 | 4 | 5 | Enable Flow Exporting: On 6 | Active Timeout: 1 minute 7 | IPFIX Template Timeout: 10 minute 8 | Traffic Type: check all (WAN TX, WAN RX, LAN RX, LAN TX) 9 | Information Elements: check all (Firewall Zones, Application Performance) 10 | 11 | Collectors: 12 | IP Address: {{kentik_flow_proxy_IP}} 13 | # the default port for KProxy flow ingest is 9995 14 | Port: 9995 (update with your own if your KProxy setup uses a non-default, custom-set port to ingest flow records) 15 | Collector Type: IPFIX UDP 16 | -------------------------------------------------------------------------------- /Silver-Peak/netflow-9.conf: -------------------------------------------------------------------------------- 1 | In the SP Orchestrator UI: 2 | Administration->Flow Export. Click on "Manage Flow Export with Templates" 3 | 4 | Enable Flow Exporting: On 5 | Active Timeout: 1 minute 6 | IPFIX Template Timeout: 10 minute 7 | Traffic Type: check all (WAN TX, WAN RX, LAN RX, LAN TX) 8 | Information Elements: check all (Firewall Zones, Application Performance) 9 | 10 | Collectors: 11 | IP Address: {{kentik_ingest_ip_from_UI}} 12 | Port: {{kentik_ingest_UDP_port_from_UI}} 13 | Collector Type: IPFIX UDP -------------------------------------------------------------------------------- /Silver-Peak/readme.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure a Silver Peak device are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | 4 | # Silver Peak configuration guidelines 5 | Flow configuration via Silver Peak Orechstrator is displayed in greater detail on Silver Peaks's online documentation portal. -------------------------------------------------------------------------------- /Ubiquiti/EdgeRouter/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure Ubiquiti EdgeRouters are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | -------------------------------------------------------------------------------- /Ubiquiti/EdgeRouter/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Ubiquiti EdgeRouter devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Ubiquiti/EdgeRouter/bgp.conf 4 | -------------------------------------------------------------------------------- /Ubiquiti/EdgeRouter/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # 2 | # Tested compatible platforms 3 | Feel free to update this section if a platform you are using has been successfully tested with it 4 | * ER-4 Running v1.10.10 5 | * ER-Pro-8 Running v1.10.9 6 | # A platform you succesfully tested Kentik with is not in this list ? 7 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 8 | -------------------------------------------------------------------------------- /Ubiquiti/EdgeRouter/ipfix-agent.conf: -------------------------------------------------------------------------------- 1 | ! 2 | ! 3 | set system flow-accounting ingress-capture post-dnat 4 | ! 5 | ! List all interface you wish to colelct flow on 6 | set system flow-accounting interface 7 | set system flow-accounting interface 8 | ! 9 | set system flow-accounting netflow engine-id 1 10 | set system flow-accounting netflow sampling-rate {{device_sample_rate}} 11 | ! Export flows to your KProxy instance 12 | ! default KProxy listen port is 9995, if your KProxy instance is configured to listen on another port, change the value below 13 | set system flow-accounting netflow server {{kentik_flow_proxy_IP}} port 9995 14 | set system flow-accounting netflow timeout expiry-interval 60 15 | set system flow-accounting netflow timeout flow-generic 60 16 | set system flow-accounting netflow timeout icmp 60 17 | set system flow-accounting netflow timeout max-active-life 60 18 | set system flow-accounting netflow timeout tcp-fin 60 19 | set system flow-accounting netflow timeout tcp-generic 60 20 | set system flow-accounting netflow timeout tcp-rst 60 21 | set system flow-accounting netflow timeout udp 60 22 | set system flow-accounting netflow version 10 23 | set system flow-accounting syslog-facility daemon 24 | ! 25 | -------------------------------------------------------------------------------- /Ubiquiti/EdgeRouter/ipfix.conf: -------------------------------------------------------------------------------- 1 | ! 2 | ! 3 | set system flow-accounting ingress-capture post-dnat 4 | ! 5 | ! List all interface you wish to colelct flow on 6 | set system flow-accounting interface 7 | set system flow-accounting interface 8 | set system flow-accounting interface <.../...> 9 | ! 10 | set system flow-accounting netflow engine-id 1 11 | set system flow-accounting netflow sampling-rate {{device_sample_rate}} 12 | set system flow-accounting netflow server {{kentik_ingest_ip_from_UI}} port {{kentik_ingest_UDP_port_from_UI}} 13 | set system flow-accounting netflow timeout expiry-interval 60 14 | set system flow-accounting netflow timeout flow-generic 60 15 | set system flow-accounting netflow timeout icmp 60 16 | set system flow-accounting netflow timeout max-active-life 60 17 | set system flow-accounting netflow timeout tcp-fin 60 18 | set system flow-accounting netflow timeout tcp-generic 60 19 | set system flow-accounting netflow timeout tcp-rst 60 20 | set system flow-accounting netflow timeout udp 60 21 | set system flow-accounting netflow version 10 22 | set system flow-accounting syslog-facility daemon 23 | ! 24 | -------------------------------------------------------------------------------- /Ubiquiti/EdgeRouter/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | ! no SNMP config snippet available for Ubiquiti devices at this time 2 | ! you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | ! https://github.com/kentik/config-snippets/blob/master/Ubiquiti/EdgeRouter/snmp.conf 4 | -------------------------------------------------------------------------------- /Ubiquiti/EdgeRouter/snmp.conf: -------------------------------------------------------------------------------- 1 | ! no SNMP config snippet available for Ubiquiti devices at this time 2 | ! you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | ! https://github.com/kentik/config-snippets/blob/master/Ubiquiti/EdgeRouter/snmp.conf 4 | -------------------------------------------------------------------------------- /Ubiquiti/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Ubiquiti/logo.png -------------------------------------------------------------------------------- /Vyatta/README.md: -------------------------------------------------------------------------------- 1 | # General guidelines 2 | Details on how to use the below templates to configure Vyatta device are displayed in the [README.md](https://github.com/kentik/config-snippets/blob/master/README.md) file at the root of this repository 3 | -------------------------------------------------------------------------------- /Vyatta/bgp.conf: -------------------------------------------------------------------------------- 1 | # no BGP config snippet available for Vyatta router devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Vyatta/bgp.conf -------------------------------------------------------------------------------- /Vyatta/compatible-platforms.md: -------------------------------------------------------------------------------- 1 | # Tested compatible platforms 2 | _Not available yet_ 3 | 4 | # A platform you succesfully tested Kentik with is not in this list ? 5 | Create your own branch and add it to the list of compatible platforms, submit a pull request, and we'll merge upon verification that flows, SNMP or BGP is correctly seen by the Kentik SaaS platform. 6 | -------------------------------------------------------------------------------- /Vyatta/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kentik/config-snippets/a855e7fae72130e933d4b6626a7f52e6c552fa40/Vyatta/logo.png -------------------------------------------------------------------------------- /Vyatta/sflow-agent.conf: -------------------------------------------------------------------------------- 1 | set system flow-accounting ingress-capture pre-dnat 2 | # Name of interface on which to monitor flow (repeat this line for each interface to monitor). 3 | set system flow-accounting interface 4 | set system flow-accounting sflow agent-address auto 5 | # Set sample rate based on flow volume. 6 | set system flow-accounting sflow sampling-rate {{device_sample_rate}} 7 | # Sending sflow to Kentik Flow Proxy Agent KProxy 8 | # default port for KProxy sflow records ingest is 9995, if your KProxy setup uses another, non-default port, update the next line accordingly 9 | set system flow-accounting sflow server {{kentik_flow_proxy_IP}} port 9995 10 | -------------------------------------------------------------------------------- /Vyatta/sflow.conf: -------------------------------------------------------------------------------- 1 | set system flow-accounting ingress-capture pre-dnat 2 | # Name of interface on which to monitor flow (repeat this line for each interface to monitor). 3 | set system flow-accounting interface 4 | set system flow-accounting sflow agent-address auto 5 | # Set sample rate based on flow volume. 6 | set system flow-accounting sflow sampling-rate {{device_sample_rate}} 7 | # Sending direclty to Kentik Flow Ingest (no Flow Proxy Agent used) 8 | set system flow-accounting sflow server {{kentik_ingest_ip_from_UI}} port {{kentik_ingest_UDP_port_from_UI}} -------------------------------------------------------------------------------- /Vyatta/snmp-agent.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Vyatta devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Vyatta/snmp.conf 4 | -------------------------------------------------------------------------------- /Vyatta/snmp.conf: -------------------------------------------------------------------------------- 1 | # no SNMP config snippet available for Vyatta devices at this time 2 | # you are welcome to contribute yours on Kentik's config snippet public git repository: 3 | # https://github.com/kentik/config-snippets/blob/master/Vyatta/snmp.conf 4 | -------------------------------------------------------------------------------- /kprobe/README.md: -------------------------------------------------------------------------------- 1 | ## Installing kprobe 2 | 3 | 1. Go to https://packagecloud.io/kentik/kprobe and find the Distro/Version for your server 4 | 2. Install the Package repository, this will allow you to upgrade to future versions leveraging your OS’ package manager. The package repository install instructions are located on the top right corner of the page. 5 | 3. Install the package locally using your Operating Systems package manager. Example: **`sudo yum install kprobe-1.4.0-1.x86_64`** 6 | 7 | ### Notes on kprobe setup 8 | 9 | - Once installed, the package repository will allow you to perform native updates of Kprobe leveraging the chosen package managers’ update commands 10 | - For a one-off install of KProbe without registering the package repositories, please go to this URL: https://packagecloud.io/kentik/kprobe/install#manual 11 | - Other options are available to install KProbe and will help match your deployment habits: Chef, Puppet… instructions on how to install the repositories are also available here: 12 | https://packagecloud.io/kentik/kprobe/install these methods can be selected in the upper right corner on that page: 13 | -------------------------------------------------------------------------------- /kprobe/kprobe-params.md: -------------------------------------------------------------------------------- 1 | ### Optional parameters 2 | 3 | These should be appended to the command line displayed above. Remember to add a `\` at the end of each line for a multi-line command. 4 | 5 | - **`--proxy-url http://:`**: If "Sends Flow through kProxy" is enabled. 6 | - **`--no-decodes`**: If additional decodes are _disabled_. 7 | - **`--http-port `**: If additional decodes are _enabled_. 8 | -------------------------------------------------------------------------------- /kprobe/kprobe-running.conf: -------------------------------------------------------------------------------- 1 | /usr/local/bin/kprobe --email {{current_user_email}} \ 2 | --token {{current_user_api_token}} \ 3 | --interface \ 4 | --device-name {{curr_device_name}} \ 5 | --device-plan {{selected_plan}} \ 6 | --sample {{configured_sample_rate}} 7 | -------------------------------------------------------------------------------- /kprobe/kprobe-running.md: -------------------------------------------------------------------------------- 1 | ## Running kprobe 2 | 3 | **Note**: kprobe requires Root privileges to run. 4 | 5 | - The following assumes that the kprobe agent is installed and available on the server. 6 | - Run one instance of kprobe per interface on the server. 7 | - Setting the `KENTIK_API_TOKEN` environment variable will replace the need for the `--token` option. 8 | 9 | Run the following command to start kprobe on the server: 10 | --------------------------------------------------------------------------------