CLI Procedures - IPv6 Static Routes

This section includes some basic procedures for managing static routes using the CLI.

To show IPv6 static routes, run

show ipv6 route static

Codes: C - Connected, S - Static, B - BGP, Rg - RIPng, A - Aggregate,

       O - OSPFv3 IntraArea (IA - InterArea, E - External),

       K - Kernel Remnant, H - Hidden, P - Suppressed

S     3100:55::1/64       is directly connected

S     3200::/64           is a blackhole route

S     3300:123::/64       is a blackhole route

S     3600:20:20:11::/64  is directly connected, eth3

To add an IPv6 static route, run:

set ipv6 static-route <Destination> nexthop gateway <GW IP> on
set ipv6 static-route <Destination> nexthop gateway <GW IP> interface 
<GW IF> on

Destination - Destination IPv6 address.
GW IP - Next hop gateway IPv6 address.
GW IP - Next hop gateway interface name.

Example:

set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 on
set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 interface eth3 on

To add an IPv6 static route with paths and priorities, run:

set static-route <Destination> nexthop gateway <GW ID> priority <P Value>

Destination - Destination IP address.
GW IP - Next hop gateway IP address.
P Value - Integer between 1 and 8 (default =1)

Run this command for each path, assigning a priority value to each. You can define two or more paths using the same priority to specify a backup path with equal priority.

Example:

set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 priority 3 on

To add an IPv6 static route where packets are dropped, run:

set ipv6 static-route <Destination> nexthop reject

set ipv6 static-route <Destination> nexthop blackhole

Destination - Destination IP address.
Reject - Drops packets and sends an error message to the traffic source.
Blackhole - Drops packets, but does not send an error message.

Examples:

set ipv6 static-route 3100:192::0/64 nexthop reject

or

set ipv6 static-route 3100:192::0/64 nexthop blackhole

To delete an IPv6 route and all related paths, run:

set ipv6 static-route <Destination> off

Destination - Destination IP address.

Example:

set ipv6 static-route 3100:192::0/64 off

To delete a path only, run:

set static-route <Destination> nexthop gateway <GW IP> off

Destination - Destination IP address.
GW IP - Next hop gateway IP address or interface name.

Example:

set ipv6 static-route 3100:192::0/64 nexthop gateway 3900:172::1 off

Netflow Export

NetFlow is an industry standard for traffic monitoring. It is a network protocol developed by Cisco for collecting network traffic patterns and volume. It lets one host (the Exporter) send information about network flows to another host (the Collector). A network flow is a unidirectional stream of packets that share a set of characteristics.

You can configure Gaia as an Exporter of NetFlow records for all the traffic that is inspected by SecureXL. This includes Accelerated and Medium Path traffic, F2F traffic, and traffic dropped by Drop Templates.

The Collector is supplied by a different vendor, and is configured separately.

NetFlow Export configuration is a list of collectors, to which the service sends records.

To enable NetFlow, configure at least one collector.
To disable NetFlow, make sure no collectors are configured.

You can configure up to three collectors. NetFlow records go to all configured collectors. If you configure three collectors, each record is sent three times.

Notes:

The IP addresses and TCP/UDP ports reported by NetFlow are the ones on which it expects to receive traffic. Therefore, for NATted connections, one of the two directions of flow is reported with the NATted address.
If SecureXL is not enabled or not working, NetFlow packets are not sent.
NetFlow sends the connection records after the connections have terminated. If the system is idle or the connections are long-lasting, you may have to wait to see NetFlow packets.

Flow Records

You can configure Gaia to export flow records using NetFlow Versions 5 or 9. (Version 9 is specified in RFC 3954.) Regardless of which export format you choose, Gaia exports values for the following fields:

Source IP address
Destination IP address
Source port
Destination port
Ingress physical interface index (defined by SNMP)
Egress physical interface index (defined by SNMP)
Packet count for this flow
Byte count for this flow
Start of flow timestamp (FIRST_SWITCHED)
End of flow timestamp (LAST_SWITCHED)
IP protocol number
TCP flags from the flow (TCP only).

Configuring Netflows Export - WebUI

To configure NetFlows using the WebUI:

Open the Network Management > NetFlow Export page of the WebUI.
Click Add.
Enter the required data.

Netflows Data to Prepare for each collector:

Parameter	Description
IP address	The IPv4 address to which NetFlow packets are sent. This is mandatory.
UDP port Number	The UDP port number on which the collector is listening. This is mandatory. There is no default or standard port number for NetFlow.
Export format	The NetFlow protocol version to send: 5 or 9. Each has a different packet format. The default is 9.
Source IP address	Optional: The IPv4 address of the NetFlow packets source. This must be an IP address of the local host. The default (which is recommended) is an IP address from the network interface on which the NetFlow traffic is going out.