As of firmware version 7.2.53 (and Long Term Support (LTS) version 18.104.22.168), the LoadMaster can monitor the network traffic traversing its interfaces and generate rich network telemetry in IP Flow Information Export (IPFIX) format.
IPFIX is a flow export standard used to identify and collect application and transaction data in a network infrastructure. Flow data provides visibility into application traffic utilization and structure at any time, enabling you to report on key network performance metrics related to application workload. This is often leveraged as an alternative to full packet capture and analysis for ongoing monitoring of a network infrastructure. Various network devices including switches, firewalls, load balancers, and routers typically provide flow-based feeds to collectors which are then analyzed by a performance monitoring and analytics toolset.
For further details on IPFIX, refer to the following Flowmon page: NetFlow/IPFIX Monitoring.
The LoadMaster is able to participate in providing flow data visibility in conjunction with a compatible IPFIX data analysis system. Kemp recommends using the Flowmon Collector for this data analysis.
The network telemetry feature is available on all LoadMaster products with any license or subscription type. The purpose of network telemetry is to understand traffic volume and structure at any time, report on key network performance metrics related to application workload and troubleshoot on operation and performance issues with the ability to drill down to individual session level.
The purpose of this document is to describe how to enable this functionality on the LoadMaster and to gain access to the Kemp Flowmon Collector.
Anyone who would like to export application flow data from the LoadMaster.
Exported network telemetry provides information across all network layers including performance metrics and rich application layer telemetry.
Link layer (L2)
- MAC addresses
- VLAN tag
- Interface index
|Network and transport layer (L3/L4)
- IP addresses, ports, protocols
- Volumetric statistics (bytes, packets, flows)
- Timestamp and signaling (TCP flags)
- Network performance metrics (Round Trip Time (RTT), Server Response Time (SRT), TCP retransmissions, jitter)
- Extended TCP telemetry (Time To Live (TTL), SYN packet size, default TCP window size)
- VxLAN ID
|Application layer (L7)
- Application ID (Network Based Application Recognition (NBAR2))
For further details on NBAR2, refer to the following RFC: Cisco Systems Export of Application Information in IP Flow Information Export (IPFIX).
- Extended VoIP
The network traffic is monitored on the interface level. When SSL offloading with re-encryption is used, network telemetry does not contain any application layer telemetry related to the HTTP protocol. However, TLS/SSL information such as Server Name Indication (SNI), TLS version, or certificate information is available (depending on the TLS version in use).
The reduction ratio of original traffic volume to network telemetry volume is 250:1 which means that monitoring of 1Gbps of traffic generates approximately 4Mbps of traffic statistics. The real value may vary according to traffic structure and mixture of application protocols.
For further details on IPFIX, refer to the following RFC: Information Model for IP Flow Information Export
Network telemetry requires an external collector to collect the IPFIX application flow data. The Kemp Flowmon Collector is the ideal network monitoring appliance that captures, stores, and processes flow data, including normalization, visualization, and analysis.
To download the Kemp Flowmon Collector, follow these steps:
1. In the main menu of the LoadMaster UI, click Network Telemetry.
2. Click Download Flowmon Collector.
You will be taken to the Kemp Flowmon Collector download page to continue the process.
3. Enter your Kemp ID and Password.
If you do not have a Kemp ID, you can create one here: Create a Kemp ID.
4. Click Sign In.
Only one Flowmon trial download is available per Kemp ID.
5. Select your hypervisor from the first drop-down list.
6. Select your country from the second drop-down list.
7. Select the check box to agree to the End User License Agreement (EULA).
8. Click Download now.
After downloading the file, you must then deploy and run the machine on your chosen hypervisor. For instructions on how to do this, refer to the documentation provided as part of the Flowmon Collector downloadable zip package.
Network telemetry is generated per a network interface and is available disabled by default on all new LoadMaster deployments for firmware version 7.2.53 and above. To enable network telemetry navigate to the"Network Telemetry" menu item
On Long Term Support (LTS) LoadMaster versions, or older versions of the LoadMaster that have been patched to a newer version, you may need to enable the network telemetry feature. To enable the network telemetry feature, click Network Telemetryin the main menu of the LoadMaster User Interface (UI) and click Install.
After you successfully install network telemetry on the LoadMaster, you should see a number of fields to configure on the Network Telemetry screen.
Enabling Network Telemetry may impact performance throughput
Details on each of these options are below:
IP address of Collector: Define the destination IP address or Fully Qualified Domain Name (FQDN) and port number of your IPFIX collector (for example, 22.214.171.124:2055 or collector.local:3000). The IPFIX export runs over the UDP protocol and you must ensure that the collector is reachable over the network from the LoadMaster. Once you configure the collector IP address or FQDN you can validate the network connectivity by clicking Validate and clicking OK. Validation is based on a plain ICMP ping message and it validates the IP or FQDN (not the port).
IPFIX is a plain text UDP packet stream. Kemp recommends that it should only be exported over a secure network.
Active Timeout: Set the global active timeout value. The default value is 300.
This setting ensures that very long flows will be exported in the specified time. The Timeout is checked for each incoming packet. If the corresponding flow is lasting longer than the specified timeout interval, it is deleted from the flow cache and exported to the collector.
Inactive Timeout: Set the global inactive timeout value. The default value is 30.
This setting avoids keeping old, inactive flow records in the flow cache forever. When no packets belonging to the flow are observed for the specified timeout interval, the flow record is exported to collector
Export Protocol: The export protocol (IPFIX is currently the only selectable protocol).
Advanced settings: Enable/disable the check boxes here depending on what values you would like to collect.
There are some check boxes in the Advanced settings section that are not possible to change at present. These will be configurable in a future release.
Activate export of Application Flow Data: Select the relevant interface (or interfaces) to collect IPFIX data for.
The network interface screens (for example, System Configuration > Network Setup > Interfaces > eth0) indicate if network telemetry monitoring is enabled or disabled for that interface (depending on what interfaces are selected on the Network Telemetry screen)
To enable Network Telemetry on an interface, the interface must have an IP Address. Interfaces configured with Virtual LANs cannot have Network Telemetry enabled unless an IP Address is assigned.
When two LoadMasters are operating as a HA pair, the Network Telemetry traffic will present from the physical address of the LoadMaster and not the shared address. It is necessary to create a profile for both the LoadMasters in the HA pair on the Kemp Flowmon Collector.
If you have any issues with the network telemetry export you can use the built-in TCP dump tool as part of the debugging option on the LoadMaster to validate data is exported towards the collector. To perform a TCP dump using the LoadMaster, follow the steps below:
1. In the main menu, go to System Configuration > Logging Options > System Log Files > Debug Options.
2. In the TCP dump section, enter the Collector IP address in the Address text box.
3. Click Start.
4. Click Stop to stop the TCP dump.
5. Click Download to download the .pcap file.
Ensure that there is no specific network configuration such as a firewall or access control list that is preventing the data from reaching the export target.
You can also troubleshoot from the Collector side. Log into the Kemp Flowmon Collector using SSH and run tcpdump to check if flow data is reaching the Collector interface.
This document was last updated on 11 March 2022.